urlscan.io logo urlscan.io
SecurityTrails logo

car-surance.onewelcome.com Open in urlscan Pro
195.143.27.137  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://car-surance.onewelcome.com/
Effective URL: https://car-surance.onewelcome.com/account/login/
Submission: On November 23 via manual from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 21 HTTP transactions. The main IP is 195.143.27.137, located in United States and belongs to GTT-BACKBONE GTT, US. The main domain is car-surance.onewelcome.com.
TLS certificate: Issued by R3 on October 9th 2022. Valid for: 3 months.
This is the only time car-surance.onewelcome.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 19 195.143.27.137 3257 (GTT-BACKB...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
21 4
Apex Domain
Subdomains		 Transfer
19 onewelcome.com
car-surance.onewelcome.com
3 MB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 52
2 KB
1 gstatic.com
fonts.gstatic.com
29 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 67
74 KB
21 4
Domain Requested by
19 car-surance.onewelcome.com 2 redirects car-surance.onewelcome.com
2 fonts.googleapis.com car-surance.onewelcome.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.googletagmanager.com car-surance.onewelcome.com
21 4

This site contains links to these domains. Also see Links.

Domain
www.onewelcome.com
Subject Issuer Validity Valid
car-surance.onewelcome.com
R3		 2022-10-09 -
2023-01-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-11-02 -
2023-01-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://car-surance.onewelcome.com/account/login/
Frame ID: EA8F337180EC953D4F6C02BBCF56F359
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log in | OneWelcome

Page URL History Show full URLs

  1. http://car-surance.onewelcome.com/ HTTP 301
    https://car-surance.onewelcome.com/ HTTP 302
    https://car-surance.onewelcome.com/account/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

21
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

3617 kB
Transfer

5020 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://car-surance.onewelcome.com/ HTTP 301
    https://car-surance.onewelcome.com/ HTTP 302
    https://car-surance.onewelcome.com/account/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
car-surance.onewelcome.com/account/login/
Redirect Chain
  • http://car-surance.onewelcome.com/
  • https://car-surance.onewelcome.com/
  • https://car-surance.onewelcome.com/account/login/
6 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
f7d50ac580295fe2f3094e6b382933f90b1f47cba11f3743424cad803801ade4
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
content-type
text/html
date
Wed, 23 Nov 2022 17:09:19 GMT
expect-ct
enforce, max-age=300
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-MPzeyhPeDYh1taxEEAB2bAVONZyOQS5g' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
content-type
text/html
date
Wed, 23 Nov 2022 17:09:19 GMT
expect-ct
enforce, max-age=300
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
location
https://car-surance.onewelcome.com/account/login/
referrer-policy
same-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-MPzeyhPeDYh1taxEEAB2bAVONZyOQS5g' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 23 Nov 2022 17:09:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Nov 2022 16:51:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Nov 2022 17:09:19 GMT
2.3d17192e.chunk.css
car-surance.onewelcome.com/account/login/static/css/ 		248 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/static/css/2.3d17192e.chunk.css
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
b1978f9b5086280374069fd9c149d6b8e634cb58c3a8ce6285c7dff81245dae3
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Gt21o0pDS3fTPNvhRAtfIUbC04bdZEcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Gt21o0pDS3fTPNvhRAtfIUbC04bdZEcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Gt21o0pDS3fTPNvhRAtfIUbC04bdZEcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Gt21o0pDS3fTPNvhRAtfIUbC04bdZEcP' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
main.7b810e50.chunk.css
car-surance.onewelcome.com/account/login/static/css/ 		248 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/static/css/main.7b810e50.chunk.css
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
b1978f9b5086280374069fd9c149d6b8e634cb58c3a8ce6285c7dff81245dae3
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-7igXxhcd2MpUvnLR8cO2cfkPjFuNeYQU' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-7igXxhcd2MpUvnLR8cO2cfkPjFuNeYQU' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-7igXxhcd2MpUvnLR8cO2cfkPjFuNeYQU' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-7igXxhcd2MpUvnLR8cO2cfkPjFuNeYQU' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
js
www.googletagmanager.com/gtag/ 		215 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-E33LWKB4JG
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2e47141ee4a912cc6147ef27ac9994d3dee1056a05b146a76f596661b6a734f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
74984
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Wed, 23 Nov 2022 17:09:20 GMT
runtime~main.d653cc00.js
car-surance.onewelcome.com/account/login/static/js/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/static/js/runtime~main.d653cc00.js
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
32347bcbd23fea57169370e3e9db21760d5975364d78a2b3e37b2cb3b97f4f0f
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-eQLEaDaIpONAf63xwcDatlnLqeBROVal' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-eQLEaDaIpONAf63xwcDatlnLqeBROVal' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-eQLEaDaIpONAf63xwcDatlnLqeBROVal' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-eQLEaDaIpONAf63xwcDatlnLqeBROVal' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
2.b752d2c3.chunk.js
car-surance.onewelcome.com/account/login/static/js/ 		1 MB
320 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
0cf17a78fcf8895b25d75c11b3fa567e3ea2860e8f46b441cd3e24b7e88afbf0
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-oPalwSjnMGqe7YXO1RrQ1HAQ42ljYik3' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-oPalwSjnMGqe7YXO1RrQ1HAQ42ljYik3' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-oPalwSjnMGqe7YXO1RrQ1HAQ42ljYik3' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-oPalwSjnMGqe7YXO1RrQ1HAQ42ljYik3' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
main.d7ab5d9f.chunk.js
car-surance.onewelcome.com/account/login/static/js/ 		437 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/static/js/main.d7ab5d9f.chunk.js
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
d7ee82875e47ffdda8ce18e354cb887ace2fd4408c52a8da1da5ac7116b13cec
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZbOh7YwrPhZe59vocG7DISKMMvYvLiTn' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZbOh7YwrPhZe59vocG7DISKMMvYvLiTn' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZbOh7YwrPhZe59vocG7DISKMMvYvLiTn' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-ZbOh7YwrPhZe59vocG7DISKMMvYvLiTn' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
css2
fonts.googleapis.com/ 		2 KB
521 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@400;500;700&display=swap
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/css/2.3d17192e.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6aea1352785a5bf7dae837b11f656694385d0d23321be6017590dad1d35f78df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 23 Nov 2022 17:09:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 23 Nov 2022 16:33:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 23 Nov 2022 17:09:20 GMT
configuration
car-surance.onewelcome.com/account/uic/api/v1/ 		3 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/uic/api/v1/configuration?type=page&name=default
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
150c25875ef080abcfa68963c3084fefb949decfee3b5dfa97ff450179f95866
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-44VbMJobhPT7xO00tSxfoZTt19dXmv8Q' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-44VbMJobhPT7xO00tSxfoZTt19dXmv8Q' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-44VbMJobhPT7xO00tSxfoZTt19dXmv8Q' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-44VbMJobhPT7xO00tSxfoZTt19dXmv8Q' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
configuration
car-surance.onewelcome.com/account/uic/api/v1/ 		262 KB
129 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/uic/api/v1/configuration?type=workflowEngine&name=iwMUITheme
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
092e588f924b658780a2eb1fe3f6f7750f9e4944a3a2e857f7f517443600dd60
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-YkJcPKmat8d2aoBhRnhEwmCK3T7FKG7M' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-YkJcPKmat8d2aoBhRnhEwmCK3T7FKG7M' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-YkJcPKmat8d2aoBhRnhEwmCK3T7FKG7M' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-YkJcPKmat8d2aoBhRnhEwmCK3T7FKG7M' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
configuration
car-surance.onewelcome.com/account/login/api/ 		3 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/api/configuration
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
04cb2a9493751a3f61283b10f9e124c65dfbeb95cf1d954e4d1baadec7d80dee
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-xbnQeY927Om7ZOuZ3lnioX7xv3szrz3n' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-xbnQeY927Om7ZOuZ3lnioX7xv3szrz3n' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-xbnQeY927Om7ZOuZ3lnioX7xv3szrz3n' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-xbnQeY927Om7ZOuZ3lnioX7xv3szrz3n' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
configuration
car-surance.onewelcome.com/account/uic/api/v1/ 		9 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/uic/api/v1/configuration?type=page&name=login
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
a91f4e020a37fd5093046de0cd1bb70af025d7073b3a93debbdf4d20d265c203
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-y7ypS1CbLc0AvexyVFy0zKfWKQOCj1kC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-y7ypS1CbLc0AvexyVFy0zKfWKQOCj1kC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-y7ypS1CbLc0AvexyVFy0zKfWKQOCj1kC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-y7ypS1CbLc0AvexyVFy0zKfWKQOCj1kC' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
translations
car-surance.onewelcome.com/account/uic/api/v1/ 		21 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/uic/api/v1/translations?language=en_GB_login
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
08438ea217fdf7fad7cb8088ebffd36ee666196c60aa25b756c308a7771d5a51
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Q9fTdCVQlmxQi0vbIukJsOkhs9vPozF1' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Q9fTdCVQlmxQi0vbIukJsOkhs9vPozF1' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Q9fTdCVQlmxQi0vbIukJsOkhs9vPozF1' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json;charset=UTF-8
cache-control
no-cache
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-Q9fTdCVQlmxQi0vbIukJsOkhs9vPozF1' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
authenticate
car-surance.onewelcome.com/account/login/api/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://car-surance.onewelcome.com/account/login/api/authenticate
Requested by
Host: car-surance.onewelcome.com
URL: https://car-surance.onewelcome.com/account/login/static/js/2.b752d2c3.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
server
nginx
content-length
0
x-xss-protection
1; mode=block
carsurance-background.png
car-surance.onewelcome.com/account/login/ui/resources/theme/img/ 		3 MB
3 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://car-surance.onewelcome.com/account/login/ui/resources/theme/img/carsurance-background.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
1e0e06ac8fc61698f997290d54ed141cfbf82ba3d84f70eed89531ec3c397932
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-hU7EzE3F3KzA88cF7xJMkklWEvOgOYzh' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-hU7EzE3F3KzA88cF7xJMkklWEvOgOYzh' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:20 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-hU7EzE3F3KzA88cF7xJMkklWEvOgOYzh' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
content-type
image/png
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-hU7EzE3F3KzA88cF7xJMkklWEvOgOYzh' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
carsurance-logo.svg
car-surance.onewelcome.com/account/login/ui/resources/theme/img/ 		7 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://car-surance.onewelcome.com/account/login/ui/resources/theme/img/carsurance-logo.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
bdf17acc42faa6dcc117121ea20219ea6591d483131499bcf864b3ad53d54a35
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-MH7FECAw3A1zFpaLzidegnhf6HpoDJqH' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-MH7FECAw3A1zFpaLzidegnhf6HpoDJqH' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:21 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
content-encoding
gzip
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-MH7FECAw3A1zFpaLzidegnhf6HpoDJqH' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-MH7FECAw3A1zFpaLzidegnhf6HpoDJqH' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
logo-facebook.png
car-surance.onewelcome.com/account/login/static/img/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://car-surance.onewelcome.com/account/login/static/img/logo-facebook.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
5d7a3f1916e44dec4a7b64784cd14e2bb88990ff35aa68ea33ef2e06a1b585f8
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-I3cRPzMUtHn4hBeERZsvG7a2eRJtzTek' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-I3cRPzMUtHn4hBeERZsvG7a2eRJtzTek' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:21 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-I3cRPzMUtHn4hBeERZsvG7a2eRJtzTek' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
content-type
image/png
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
accept-ranges
bytes
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-I3cRPzMUtHn4hBeERZsvG7a2eRJtzTek' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
logo-google.png
car-surance.onewelcome.com/account/login/static/img/ 		8 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://car-surance.onewelcome.com/account/login/static/img/logo-google.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
93eb80dc01e920eaa7f23f998f67e5a5fc55e02b8e66bd3d8f5fef097d88565f
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-VbdyalnUJbc1PQOCMPjCakNlbckRMlp0' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-VbdyalnUJbc1PQOCMPjCakNlbckRMlp0' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:21 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-VbdyalnUJbc1PQOCMPjCakNlbckRMlp0' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
content-type
image/png
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
accept-ranges
bytes
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-VbdyalnUJbc1PQOCMPjCakNlbckRMlp0' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
logo-microsoft.png
car-surance.onewelcome.com/account/login/static/img/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://car-surance.onewelcome.com/account/login/static/img/logo-microsoft.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.143.27.137 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
insurgroup.iwelcome.com
Software
nginx /
Resource Hash
930c58828d987f2a5041c1752b8512bb2f58296d60756e9f7bc7cd6337b4f4fa
Security Headers
Name Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-c6GYUaxbvkfufQfCMGjoWPaJNuVIVQpm' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-c6GYUaxbvkfufQfCMGjoWPaJNuVIVQpm' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://car-surance.onewelcome.com/account/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Wed, 23 Nov 2022 17:09:21 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
referrer-policy
same-origin
server
nginx
content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-c6GYUaxbvkfufQfCMGjoWPaJNuVIVQpm' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
content-type
image/png
feature-policy
geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'self'; payment 'none';
accept-ranges
bytes
x-xss-protection
1; mode=block
x-content-security-policy
default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-c6GYUaxbvkfufQfCMGjoWPaJNuVIVQpm' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2
fonts.gstatic.com/s/redhatdisplay/v14/ 		28 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/redhatdisplay/v14/8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Red+Hat+Display:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1dbe80d2c777c173f7f7b2fe368fbdd6b3de977c9e02548b03d15cc441a80a69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://car-surance.onewelcome.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 20:55:32 GMT
x-content-type-options
nosniff
age
159229
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28964
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 17:54:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 21 Nov 2023 20:55:32 GMT

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| readCookie function| setCookie function| _setAppBrand string| brand object| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ function| classNames undefined| stepUpTrackId undefined| return_from undefined| trackingId object| google_tag_manager object| google_tag_data object| dataLayer boolean| useV2authentication string| clientId string| clientSecret string| redirectUri undefined| isTagManagerEnable object| theme

2 Cookies

Domain/Path Name / Value
.car-surance.onewelcome.com/account/ Name: iWelcome-Segment
Value: carsurance
car-surance.onewelcome.com/ Name: iWelcome-Locale
Value: en_GB

8 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'notifications'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'push'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
security error URL: https://car-surance.onewelcome.com/account/login/(Line 44)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com". Either the 'unsafe-inline' keyword, a hash ('sha256-D2mtl3qE/2cY6OP/nrHvv0PZATLEAZ6jS9yBK1wZbgs='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://car-surance.onewelcome.com/account/login/(Line 71)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com". Either the 'unsafe-inline' keyword, a hash ('sha256-cIp575NUOoqM3hRlKAE+HrR2BNXt9AIykCOQ01xdSVE='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://car-surance.onewelcome.com/account/login/(Line 91)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com". Either the 'unsafe-inline' keyword, a hash ('sha256-HlTOIUAbDhs6JaHL5B8e035RkEcaEorozXOBam4+J2c='), or a nonce ('nonce-...') is required to enable inline execution.
network error URL: https://car-surance.onewelcome.com/account/login/api/authenticate
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Security-Policy default-src 'unsafe-inline' 'self'; base-uri 'self'; script-src 'self' 'unsafe-eval' 'nonce-fyFqn4PUJoCoU8GaNnrfzYfNIZ6bpylI' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; img-src 'self' data: *; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; object-src 'none'; child-src 'self'; frame-src 'self' https://insurgroup.iwelcome.com https://roadhelp.iwelcome.com https://admin-demo.iwelcome.com https://stare-away.iwelcome.com https://shopmeister.iwelcome.com https://login-hugoboss.onewelcome.com https://car-surance.onewelcome.com; worker-src 'self' blob:; frame-ancestors 'self' https://admin-demo.iwelcome.com; form-action 'self' *; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; manifest-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

car-surance.onewelcome.com
fonts.googleapis.com
fonts.gstatic.com
www.googletagmanager.com
195.143.27.137
2a00:1450:4001:80e::2008
2a00:1450:4001:811::200a
2a00:1450:4001:828::2003
04cb2a9493751a3f61283b10f9e124c65dfbeb95cf1d954e4d1baadec7d80dee
08438ea217fdf7fad7cb8088ebffd36ee666196c60aa25b756c308a7771d5a51
092e588f924b658780a2eb1fe3f6f7750f9e4944a3a2e857f7f517443600dd60
0cf17a78fcf8895b25d75c11b3fa567e3ea2860e8f46b441cd3e24b7e88afbf0
150c25875ef080abcfa68963c3084fefb949decfee3b5dfa97ff450179f95866
1dbe80d2c777c173f7f7b2fe368fbdd6b3de977c9e02548b03d15cc441a80a69
1e0e06ac8fc61698f997290d54ed141cfbf82ba3d84f70eed89531ec3c397932
2e47141ee4a912cc6147ef27ac9994d3dee1056a05b146a76f596661b6a734f2
32347bcbd23fea57169370e3e9db21760d5975364d78a2b3e37b2cb3b97f4f0f
5d7a3f1916e44dec4a7b64784cd14e2bb88990ff35aa68ea33ef2e06a1b585f8
6aea1352785a5bf7dae837b11f656694385d0d23321be6017590dad1d35f78df
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
930c58828d987f2a5041c1752b8512bb2f58296d60756e9f7bc7cd6337b4f4fa
93eb80dc01e920eaa7f23f998f67e5a5fc55e02b8e66bd3d8f5fef097d88565f
a91f4e020a37fd5093046de0cd1bb70af025d7073b3a93debbdf4d20d265c203
b1978f9b5086280374069fd9c149d6b8e634cb58c3a8ce6285c7dff81245dae3
bdf17acc42faa6dcc117121ea20219ea6591d483131499bcf864b3ad53d54a35
d7ee82875e47ffdda8ce18e354cb887ace2fd4408c52a8da1da5ac7116b13cec
f7d50ac580295fe2f3094e6b382933f90b1f47cba11f3743424cad803801ade4