urlscan.io logo urlscan.io
SecurityTrails logo

www.hbf.com.au Open in urlscan Pro
92.122.104.191  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://avanan.url-protection.com/v1/url?o=http%3A//www.hbf.com.au/&g=OTUzN2YwM2JjNzMzMmU1Zg==&h=YTk0MDA3ZTNiMDgzMGRlMjA4ZTMwZWQxY...
Effective URL: https://www.hbf.com.au/
Submission Tags: falconsandbox
Submission: On June 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 24 IPs in 7 countries across 17 domains to perform 132 HTTP transactions. The main IP is 92.122.104.191, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.hbf.com.au.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 31st 2023. Valid for: a year.
This is the only time www.hbf.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2600:9000:225... 16509 (AMAZON-02)
1 46 92.122.104.191 16625 (AKAMAI-AS)
27 104.17.215.66 13335 (CLOUDFLAR...)
7 2001:4860:480... 15169 (GOOGLE)
5 18.173.154.84 16509 (AMAZON-02)
4 34.36.178.232 396982 (GOOGLE-CL...)
2 2001:4860:480... 15169 (GOOGLE)
2 142.250.186.35 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 203.161.78.45 4826 (VOCUS-BAC...)
6 108.138.34.185 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 95.100.146.16 20940 (AKAMAI-ASN1)
2 2a02:26f0:e30... 20940 (AKAMAI-ASN1)
1 172.67.75.100 13335 (CLOUDFLAR...)
2 4 142.250.184.198 15169 (GOOGLE)
2 172.217.16.198 15169 (GOOGLE)
1 52.31.83.81 16509 (AMAZON-02)
1 157.240.252.13 32934 (FACEBOOK)
4 2.19.216.231 16625 (AKAMAI-AS)
4 2a03:2880:f17... 32934 (FACEBOOK)
1 104.120.210.155 20940 (AKAMAI-ASN1)
132 24
1    2600:9000:225b:6600:17:66f1:98c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
avanan.url-protection.com
46    92.122.104.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-122-104-191.deploy.static.akamaitechnologies.com
www.hbf.com.au
27    104.17.215.66 (None, )

ASN13335 (CLOUDFLARENET, US)
hbftest.report-uri.com
7    2001:4860:4802:36::15 (United States)

ASN15169 (GOOGLE, US)
metrics.hbf.com.au
5    18.173.154.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-84.muc50.r.cloudfront.net
try.abtasty.com
4    34.36.178.232 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 232.178.36.34.bc.googleusercontent.com
dcinfos-cache.abtasty.com
ariane.abtasty.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
www.google.de
2    2a00:1450:400c:c0d::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    203.161.78.45 (Perth, Australia)

ASN4826 (VOCUS-BACKBONE-AS Vocus Connect International Backbone, AU)
PTR: 203.161.78.45.static.amnet.net.au
salesapi.hbf.com.au
6    108.138.34.185 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-34-185.muc50.r.cloudfront.net
d10lpsik1i8c69.cloudfront.net
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700:10::6816:3668 (United States)

ASN13335 (CLOUDFLARENET, US)
rum-static.pingdom.net
5    95.100.146.16 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-100-146-16.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2a02:26f0:e300:2ac::1931 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
s.pinimg.com
1    172.67.75.100 (United States)

ASN13335 (CLOUDFLARENET, US)
settings.luckyorange.net
4    142.250.184.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net
5879482.fls.doubleclick.net
2    172.217.16.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f6.1e100.net
ad.doubleclick.net
1    52.31.83.81 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-83-81.eu-west-1.compute.amazonaws.com
rum-collector-2.pingdom.net
1    157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net
connect.facebook.net
4    2.19.216.231 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-216-231.deploy.static.akamaitechnologies.com
ct.pinterest.com
4    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    104.120.210.155 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-120-210-155.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
Apex Domain
Subdomains		 Transfer
54 hbf.com.au
www.hbf.com.au
metrics.hbf.com.au
salesapi.hbf.com.au
1 MB
27 report-uri.com
hbftest.report-uri.com
15 KB
9 abtasty.com
try.abtasty.com — Cisco Umbrella Rank: 6823
dcinfos-cache.abtasty.com — Cisco Umbrella Rank: 8577
ariane.abtasty.com — Cisco Umbrella Rank: 8041
78 KB
8 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
5879482.fls.doubleclick.net
ad.doubleclick.net — Cisco Umbrella Rank: 159
2 KB
6 cloudfront.net
d10lpsik1i8c69.cloudfront.net
100 KB
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 712
143 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
4 KB
4 pinterest.com
ct.pinterest.com — Cisco Umbrella Rank: 902
3 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
77 KB
2 pinimg.com
s.pinimg.com — Cisco Umbrella Rank: 911
22 KB
2 pingdom.net
rum-static.pingdom.net — Cisco Umbrella Rank: 6508
rum-collector-2.pingdom.net — Cisco Umbrella Rank: 5812
3 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
154 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 7810
126 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3095
263 B
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 6132
966 B
1 luckyorange.net
settings.luckyorange.net — Cisco Umbrella Rank: 12178
1 KB
1 url-protection.com
avanan.url-protection.com — Cisco Umbrella Rank: 331643
476 B
132 17
Domain Requested by
46 www.hbf.com.au 1 redirects www.hbf.com.au
27 hbftest.report-uri.com www.hbf.com.au
metrics.hbf.com.au
try.abtasty.com
s.pinimg.com
analytics.tiktok.com
d10lpsik1i8c69.cloudfront.net
7 metrics.hbf.com.au www.hbf.com.au
metrics.hbf.com.au
analytics.tiktok.com
6 d10lpsik1i8c69.cloudfront.net www.hbf.com.au
d10lpsik1i8c69.cloudfront.net
5 analytics.tiktok.com www.hbf.com.au
analytics.tiktok.com
5 try.abtasty.com www.hbf.com.au
try.abtasty.com
4 www.facebook.com
4 ct.pinterest.com s.pinimg.com
4 5879482.fls.doubleclick.net 2 redirects www.googletagmanager.com
3 connect.facebook.net www.hbf.com.au
connect.facebook.net
3 dcinfos-cache.abtasty.com try.abtasty.com
2 ad.doubleclick.net
2 s.pinimg.com www.hbf.com.au
s.pinimg.com
2 www.googletagmanager.com metrics.hbf.com.au
2 stats.g.doubleclick.net metrics.hbf.com.au
2 www.google.de
2 region1.analytics.google.com
1 analytics.pangle-ads.com analytics.tiktok.com
1 rum-collector-2.pingdom.net rum-static.pingdom.net
1 settings.luckyorange.net d10lpsik1i8c69.cloudfront.net
1 rum-static.pingdom.net metrics.hbf.com.au
1 salesapi.hbf.com.au www.hbf.com.au
1 ariane.abtasty.com try.abtasty.com
1 avanan.url-protection.com 1 redirects
132 24
Subject Issuer Validity Valid
www.hbf.com.au
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-08-13		 a year crt.sh
report-uri.com
E1		 2024-05-23 -
2024-08-21		 3 months crt.sh
metrics.hbf.com.au
R3		 2024-05-12 -
2024-08-10		 3 months crt.sh
*.abtasty.com
Amazon RSA 2048 M02		 2023-08-30 -
2024-09-27		 a year crt.sh
uc-info.abtasty.com
WR3		 2024-05-17 -
2024-08-15		 3 months crt.sh
ariane.abtasty.com
GTS CA 1D4		 2024-04-05 -
2024-07-04		 3 months crt.sh
*.google-analytics.com
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.google.de
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.hbf.com.au
RapidSSL TLS RSA CA G1		 2023-12-11 -
2024-12-30		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-03-11 -
2024-06-09		 3 months crt.sh
pingdom.net
Cloudflare Inc ECC CA-3		 2023-10-14 -
2024-10-13		 a year crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
*.pinterest.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-07 -
2024-08-07		 a year crt.sh
luckyorange.net
GTS CA 1P5		 2024-05-28 -
2024-08-26		 3 months crt.sh
*.doubleclick.net
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.pingdom.net
Amazon RSA 2048 M03		 2023-11-06 -
2024-12-03		 a year crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh

This page contains 5 frames:

Primary Page: https://www.hbf.com.au/
Frame ID: C4356ED44B39662AE1AC9F952F815F2D
Requests: 127 HTTP requests in this frame

Frame: https://5879482.fls.doubleclick.net/activityi;dc_pre=CIG1rYasvIYDFVxeHgId3AgZdA;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F
Frame ID: 579EE8C3E8F490018BA6222D84ACB4B0
Requests: 1 HTTP requests in this frame

Frame: https://5879482.fls.doubleclick.net/activityi;dc_pre=CJKxrYasvIYDFRBJHgIdmfwEHQ;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F
Frame ID: D2A058E08E0A45ACADA3FCEF61E386EF
Requests: 1 HTTP requests in this frame

Frame: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Frame ID: 4FE31BE2AE7EB18F9C619CAC48E05471
Requests: 6 HTTP requests in this frame

Frame: https://ct.pinterest.com/ct.html
Frame ID: CE775515218E811D99694EE2043699EF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HBF | Health Insurance

Page URL History Show full URLs

  1. https://avanan.url-protection.com/v1/url?o=http%3A//www.hbf.com.au/&g=OTUzN2YwM2JjNzMzMmU1Zg==&h=YTk0MDA3ZTNiM... HTTP 302
    http://www.hbf.com.au/ HTTP 307
    https://www.hbf.com.au/ HTTP 307
    http://www.hbf.com.au/ HTTP 301
    https://www.hbf.com.au/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \bangular.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • require.*\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

98 %
HTTPS

38 %
IPv6

17
Domains

24
Subdomains

24
IPs

7
Countries

2069 kB
Transfer

5336 kB
Size

42
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://avanan.url-protection.com/v1/url?o=http%3A//www.hbf.com.au/&g=OTUzN2YwM2JjNzMzMmU1Zg==&h=YTk0MDA3ZTNiMDgzMGRlMjA4ZTMwZWQxYWQ3M2RjZjc2YjllNzNhY2QwYzEyZWI5ZTNhODcwMjI0NTZkNmI5OQ==&p=YXAzOmVuLW1kYTphOm86MTQ3MGRmNDMxMDNjY2I1YjM5NWY0NTUxODBkZTMzMjc6djE6aDpU HTTP 302
    http://www.hbf.com.au/ HTTP 307
    https://www.hbf.com.au/ HTTP 307
    http://www.hbf.com.au/ HTTP 301
    https://www.hbf.com.au/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 93
  • https://5879482.fls.doubleclick.net/activityi;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F HTTP 302
  • https://5879482.fls.doubleclick.net/activityi;dc_pre=CIG1rYasvIYDFVxeHgId3AgZdA;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F
Request Chain 94
  • https://5879482.fls.doubleclick.net/activityi;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F HTTP 302
  • https://5879482.fls.doubleclick.net/activityi;dc_pre=CJKxrYasvIYDFRBJHgIdmfwEHQ;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F

132 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.hbf.com.au/
Redirect Chain
  • https://avanan.url-protection.com/v1/url?o=http%3A//www.hbf.com.au/&g=OTUzN2YwM2JjNzMzMmU1Zg==&h=YTk0MDA3ZTNiMDgzMGRlMjA4ZTMwZWQxYWQ3M2RjZjc2YjllNzNhY2QwYzEyZWI5ZTNhODcwMjI0NTZkNmI5OQ==&p=YXAzOmVuL...
  • http://www.hbf.com.au/
  • https://www.hbf.com.au/
  • http://www.hbf.com.au/
  • https://www.hbf.com.au/
854 KB
224 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0e093be9970752832cac7b6796df5696545595cfc653861683c7ee6d97c4b782
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/html; charset=utf-8
date
Sun, 02 Jun 2024 06:59:04 GMT
expires
-1
pragma
no-cache
server
server-timing
dtSInfo;desc="0", dtRpid;desc="-1232902056"
strict-transport-security
max-age=63072000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-oneagent-js-injection
true
x-ruxit-js-agent
true
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Sun, 02 Jun 2024 06:59:02 GMT
Location
https://www.hbf.com.au/
Server
AkamaiGHost
ruxitagentjs_ICANVfghqru_10289240325103055.js
www.hbf.com.au/ 		208 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10289240325103055.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a6e27fe15652c85670ef658cce60660d8416b03b4efc18188a946d3280675189
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=29368200
content-length
82357
x-xss-protection
1; mode=block
expires
Thu, 08 May 2025 04:49:04 GMT
VisitorIdentification.js
www.hbf.com.au/layouts/system/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/layouts/system/VisitorIdentification.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
126b381f32f601d12e517bff52589bd007f815ec05a422e22c118f6497a2abfc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="2109813065"
content-length
740
x-xss-protection
1; mode=block
last-modified
Thu, 14 Dec 2017 06:40:58 GMT
server
etag
"079b77fa674d31:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=424146
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:48:10 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
618 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f00de213491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
gtm.js
metrics.hbf.com.au/ 		488 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
581500404b6058ff037c4b6bfc3ec099e1e9c7d1360e727de15c91b347287150

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:04 GMT
content-encoding
gzip
via
1.1 google
last-modified
Sun, 02 Jun 2024 06:00:00 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=900
expires
Sun, 02 Jun 2024 07:13:33 GMT
alert-banner.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		1 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/alert-banner.css?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9254495d9962308570b0aba60dfbc92468f34a008aa8e94471ceb411426efabc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-775672805"
content-length
540
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:54 GMT
server
etag
"06b4e23419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=477164
accept-ranges
bytes
expires
Fri, 07 Jun 2024 19:31:48 GMT
hbf-logo-primary.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/hbf-logo-primary.svg?v=1.0.2.129
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c366a8d99c394ba19f44fb439273e2b92fea3e344987b76f5c6c05fbe6863d68
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-665711429"
content-length
1490
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=424207
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:11 GMT
myhbflogin-mini_module-c7ead445ea.min.js
www.hbf.com.au/Resources/HBF.Modules.myHBF/scripts/submodule/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/HBF.Modules.myHBF/scripts/submodule/myhbflogin-mini_module-c7ead445ea.min.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5622fc3ad3311a018d775241213d8e1a62974695d4ab41378bafe5d7c3d4ff1c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="2027387499"
content-length
1152
x-xss-protection
1; mode=block
last-modified
Tue, 09 Apr 2024 05:34:02 GMT
server
etag
"08165873f8ada1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=424243
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:47 GMT
myhbf-login-60ff54e052.css
www.hbf.com.au/Resources/HBF.Modules.myHBF/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.651
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c517be8f970a887f083d2766a5da6b37da8330e67c0556e5552bfb4789ca2974
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
668
x-xss-protection
1; mode=block
last-modified
Tue, 09 Apr 2024 05:34:02 GMT
server
etag
"08165873f8ada1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=424052
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:46:36 GMT
hbf-logo-2020.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/hbf-logo-2020.svg?v=1.0.2.129
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3826cab7a1d8668a2f60bf342e4a2466d70f0aa24e72b52b2f6f02531c67cc32
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="770063726"
content-length
805
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=424185
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:48:49 GMT
hero-standard.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/hero-standard.css?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dafe830772c603fe9336f3507fda5851388a25234be038066df4f92fd40bb02f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-1550637968"
content-length
618
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:56 GMT
server
etag
"0987f24419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=424196
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:00 GMT
hero-box-list.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		2 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/hero-box-list.css?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4432776d811fd53dbefc1c3aa183914349fd7c6d57a605c32fa40eedc7e09fc6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="1316575596"
content-length
735
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:58 GMT
server
etag
"0c5b025419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=424229
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:33 GMT
streamlineiconinterfacealertinformationcircle140x140.svg
www.hbf.com.au/-/media/images/hbf/icons/custom/ 		702 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/icons/custom/streamlineiconinterfacealertinformationcircle140x140.svg?la=en&hash=969427AA1ABA0F41A6714E1325E9C9A142E70934
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b8d3777dec24e796bd307508d6c62075645c62430dda1a5d4b4250582b79e8c4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-disposition
inline; filename="streamlineiconinterfacealertinformationcircle140x140.svg"
server-timing
dtSInfo;desc="0", dtRpid;desc="1154326565"
content-length
288
x-xss-protection
1; mode=block
last-modified
Mon, 24 Aug 2020 05:52:38 GMT
server
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private, max-age=424148
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:48:12 GMT
phi-exp.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		6 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/phi-exp.css?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
485c538e127375752f83e43598e1852a0b21ce8fd094af85511ff4b0f254e6d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-929749065"
content-length
1269
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:31:12 GMT
server
etag
"0092e419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=424232
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:36 GMT
footer-logo-app-store.svg
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer-logo-app-store.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bd72b31f37207cec5da3dcbdb28021bb7913c4c53ab863e88c2b5ce35ea074d9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-429771556"
content-length
2379
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=424249
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:53 GMT
footer-logo-play-store.svg
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		11 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer-logo-play-store.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f1e2f9746163a355386bdc879d1bbe3eff37829e0bca044a59d38ed8efd1a60f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-1388084569"
content-length
3633
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=424229
accept-ranges
bytes
expires
Fri, 07 Jun 2024 04:49:33 GMT
icons-global.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		105 KB
35 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/icons-global.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7e908c6f63e11a32f61976b089e3e4e6304de32685441b68b5c8197ca2310cc5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
32799
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:31:14 GMT
server
etag
"02d3a2f419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=425027
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:51 GMT
icons-lifestages.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		23 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/icons-lifestages.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fdf2e207fd7454d1b690d1a6cefe214c7056979df0d6a11be6ff72b60f7208cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-530387651"
content-length
5417
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:58 GMT
server
etag
"0c5b025419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=427900
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:50:44 GMT
my_logo_small.png
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		664 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/my_logo_small.png
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.651
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
36c892ed0f3984edc6b7f72cc13ef87e6ced849e60b434ca9b7f62b5487f87b0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.651
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:04 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=427903
server-timing
dtSInfo;desc="0", dtRpid;desc="-206900718"
accept-ranges
bytes
content-length
664
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:50:47 GMT
truncated
/ 		301 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1241114ef793919ce5616c035f031dc79262697abe666df83a73e3ecd343f26b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
truncated
/ 		303 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
23b900ba3978824ea16bbbb2e217af8d59c04d1420dac46198bf8fa431a4e27e

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
how-to-guide2.jpg
www.hbf.com.au/-/media/images/hbf/navigation/ 		88 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/navigation/how-to-guide2.jpg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
208f60d350ad338397cf51522aff076f426bb9771f6942f2c56a1c3922d9e950
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:04 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Mar 2024 04:09:26 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=427951
content-disposition
inline; filename="how-to-guide2.jpg"
server-timing
dtSInfo;desc="0", dtRpid;desc="1792761094"
accept-ranges
bytes
content-length
90047
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:51:35 GMT
incentive-hero-banner-desktop.jpg
www.hbf.com.au/-/media/images/hbf/banners/hero-banners/2024/ 		173 KB
176 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/banners/hero-banners/2024/incentive-hero-banner-desktop.jpg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4ff3be239fef2bc7c401b8c5036b1d9b1972d50ee16ddc7171514089d916be7d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:04 GMT
x-content-type-options
nosniff
last-modified
Thu, 23 May 2024 03:26:12 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=2056330
content-disposition
inline; filename="Incentive-Hero-Banner-Desktop.jpg"
server-timing
dtSInfo;desc="0", dtRpid;desc="364640881"
accept-ranges
bytes
content-length
177403
x-xss-protection
1; mode=block
expires
Wed, 26 Jun 2024 02:11:14 GMT
young-couple-researching.jpg
www.hbf.com.au/-/media/images/hbf/articles/thumbnails/ 		34 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/articles/thumbnails/young-couple-researching.jpg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
eae90f1241d79313d015130627a7e4bfe5a7b50b03e9e3bd8ef4d1f2dd116747
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jun 2020 07:40:39 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=427846
content-disposition
inline; filename="young couple researching.jpg"
server-timing
dtSInfo;desc="0", dtRpid;desc="-127643566"
accept-ranges
bytes
content-length
34835
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:49:50 GMT
hbf.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		82 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
13ebfb6715df8697c788b07202b0aeedda684552df5b35f79ce64a2142d21801
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:04 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
14148
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:31:12 GMT
server
etag
"0092e419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=425039
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:03:03 GMT
truncated
/ 		284 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
234e5b495b6340239b025103bdde1ebdcf13d1c1cbdc3e69acd062ead6f33ab2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
footer_social.png
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer_social.png
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f3a3a9a22cc2feeee816992d5b31a6757308c9badd626fca1b2dc7be8d2b864f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:04 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=427900
server-timing
dtSInfo;desc="0", dtRpid;desc="-735227716"
accept-ranges
bytes
content-length
1531
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:50:44 GMT
exclamation_functionality_missing.png
www.hbf.com.au/Resources/hbf.com.au/images/icons/ 		882 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/icons/exclamation_functionality_missing.png
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4dcab93a5283f441441ee1e00001c09b30c55c06a8580f4d748a328eb9bf8c9c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:05 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=427985
server-timing
dtSInfo;desc="0", dtRpid;desc="706615318"
accept-ranges
bytes
content-length
882
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:52:10 GMT
browser-update2.js
www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/ 		9 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/browser-update2.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
22adfe14c7c2fd4bef80affabeab68931048c70e03d66108eb8538110ee651f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:05 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
3620
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=425014
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:39 GMT
truncated
/ 		250 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f69f6e6240becaf47a6a1c7b5c8e48ff55d1a7e5fa047a8efcb1d9b9f07f8c4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
FSMeWeb-Regular.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 		21 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Regular.woff2
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7e4cc6e5e28d810f888a5b05d3568e3fd01b26d274a62ccf2511666c2960ba1d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin
https://www.hbf.com.au
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:05 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=425063
accept-ranges
bytes
content-length
21060
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:03:28 GMT
FSMeWeb-Bold.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 		44 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Bold.woff2
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6cb037948167b19b7b593a8b268023cf3f9db51ae5f5f20c2f4d33a51acdbd8c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin
https://www.hbf.com.au
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:05 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=424991
accept-ranges
bytes
content-length
45188
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:02:16 GMT
FSMeWeb-Light.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 		44 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Light.woff2
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c0e1b82c4eae6c29292f6dc53ff355c918c83de935c78218579879ac8f9412a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin
https://www.hbf.com.au
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:05 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=425022
accept-ranges
bytes
content-length
45220
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 05:02:47 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f06fe433491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
js
metrics.hbf.com.au/gtag/ 		323 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
369e4dd7c0850bac058046a42ab512cf9442f1b9c8f5c7590d81885a43462a57

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
application/javascript; charset=UTF-8
date
Sun, 02 Jun 2024 06:59:06 GMT
cache-control
private, max-age=900
content-encoding
gzip
via
1.1 google
vary
Accept-Encoding
expires
Sun, 02 Jun 2024 07:13:13 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f06fe4c3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
ebcb9988d27d098b750d78077da8ce75.js
try.abtasty.com/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-84.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c351198f79ac1ca61eaafd77ea0c2d0002e3e6c3084151bab821453b1bf40eb3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
TjD79x7A5q_dBIJhsVaS1n1LhRIbEHDX
content-encoding
gzip
via
1.1 ac174bd7948c4e669be0382ce2c052e8.cloudfront.net (CloudFront)
date
Sat, 01 Jun 2024 12:13:15 GMT
x-amz-cf-pop
MUC50-P3
age
72279
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 22 May 2024 06:46:14 GMT
server
AmazonS3
etag
W/"f26e0b394e3bbc0cd072edab07ba711e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=86400,max-age=30
x-amz-cf-id
ufJa_Z6DojvMwxlXqjtDRm2-EGySmxMUjEnoIyDUwTHPOQtZkt6mKg==
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f083fc23491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
commons.9b20dd57c6f12e1beb80.js
try.abtasty.com/shared/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/shared/commons.9b20dd57c6f12e1beb80.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-84.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
618ad76495dd6d322f6e225fd6bee12db7ad4479d7e0aaf39cd76e0a368342ac

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 26 Feb 2024 13:47:01 GMT
x-amz-version-id
I759_v4LArLWDcMKV_huSSwP.Exoy2M3
content-encoding
br
via
1.1 ac174bd7948c4e669be0382ce2c052e8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
8356325
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 26 Feb 2024 13:46:58 GMT
server
AmazonS3
etag
W/"26c3c284edadc317106c9358baf83ab5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
qkt_E8g9nah8S_ayIZpOSpV9fyJBCU3ncqwgCTMiYvCFwA8Kv_qqcw==
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
585 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f083fc53491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
main.3eae7b7afa015b4bca93.js
try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/ 		238 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-84.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
70438ae94d7960bbfe1e267bd6ffe584a5e17e956109d0cefcd4e7daf0340e1c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 22 May 2024 06:46:21 GMT
x-amz-version-id
u5L5aEdXbkg3fg9dkvLO0nv5gvf.zlDr
content-encoding
br
via
1.1 ac174bd7948c4e669be0382ce2c052e8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
951164
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 22 May 2024 06:46:13 GMT
server
AmazonS3
etag
W/"6e173ed83ccb4dcb2d6be9a29830f604"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
nfHNH_gMySrl7V7WzCD0Lvt249m5RKFCq9Gr2K5npp9oQeoGfe-t6g==
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
584 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f083fc63491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
me.7d4a349527f92fc578d9.js
try.abtasty.com/shared/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/shared/me.7d4a349527f92fc578d9.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-84.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5d1b3d626ef2fe0a08f49f3eee2c5a769c36da469e7f8e7e557658effa3dc81a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 19 Mar 2024 08:55:17 GMT
x-amz-version-id
zaJqcZYD9stEpTpQj0dDHGLJOR1OTVko
content-encoding
br
via
1.1 ac174bd7948c4e669be0382ce2c052e8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
6473029
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 19 Mar 2024 08:55:14 GMT
server
AmazonS3
etag
W/"a2b9bc5819aa624c49a0036b660ab72b"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
BPPTCTdtda7E_xrf2dFjtIn0sVjqXSCBb38dTUVWi9r4atyBaIxC9Q==
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f083fc93491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
analytics.ee0f48fa14101830a401.js
try.abtasty.com/shared/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-84.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8b28c42a3443537830df909a3859ab36f0b28726c00cb2ba71aec98912782848

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 12:38:54 GMT
x-amz-version-id
M.uNZKuCt9kdPIqncfoYrDpknJw4.bra
content-encoding
br
via
1.1 ac174bd7948c4e669be0382ce2c052e8.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
2917212
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 29 Apr 2024 12:38:50 GMT
server
AmazonS3
etag
W/"4b40fd1042c6e8589ab6d92a7a9b780a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=31536000,max-age=31536000
x-amz-cf-id
C9sIQsG1BMJ28sy99ocN4l_K5pZ2pBgPQhs6urifjwzst8wyMTtK0A==
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
585 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f0939023491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f0939043491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f0959213491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
ua-parser
dcinfos-cache.abtasty.com/v1/ 		86 B
230 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dcinfos-cache.abtasty.com/v1/ua-parser
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
b54e83d56bb477ff6cdc22886b3c302d547e80fd4ad712dcfd1e0f1483d74ca0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-envoy-decorator-operation
uc-info.workload.svc.cluster.local:8080/*
via
1.1 google
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,User-Agent
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f0959223491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
geoip
dcinfos-cache.abtasty.com/v1/ 		323 B
489 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dcinfos-cache.abtasty.com/v1/geoip?weather=false
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
1bb3b2adba05c59e15c553af84271985c1c40fe71a7ae36de7fd1d455718983c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-envoy-decorator-operation
uc-info.workload.svc.cluster.local:8080/*
via
1.1 google
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f09592b3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
dynamic-allocation
dcinfos-cache.abtasty.com/dynalloc/clients/53017/ 		585 B
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dcinfos-cache.abtasty.com/dynalloc/clients/53017/dynamic-allocation?campaignIDs=1141214,1141220,1141222
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
30598315ac0dd53fb32fde7de99c9d0204767b5d6da91231a3514c618c167364
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-envoy-decorator-operation
uc-info.workload.svc.cluster.local:8080/*
via
1.1 google
vary
Accept-Encoding,Origin
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
584 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:05 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f09592f3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
/
ariane.abtasty.com/ 		43 B
414 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ariane.abtasty.com/
Requested by
Host: try.abtasty.com
URL: https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.178.232 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.178.36.34.bc.googleusercontent.com
Software
/
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Jun 2024 06:59:05 GMT
x-envoy-decorator-operation
entrypoint.workload.svc.cluster.local:8080/*
via
1.1 google
access-control-allow-methods
GET,HEAD,POST
content-type
image/gif
access-control-allow-origin
https://www.hbf.com.au
cache-control
must-revalidate, no-cache, private
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Origin,Accept,Set-Cookie,X-ABTasty-CrossDomain
content-length
43
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
collect
metrics.hbf.com.au/g/ 		746 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/g/collect?v=2&tid=G-MYCH9D7CM5&gtm=45he45t0v878992725z8832402519za200zb832402519&_p=1717311544363&gcd=13l3lPl2l2&npa=0&dma_cps=sypham&dma=1&cid=1255085813.1717311547&ecid=1421296636&ul=de-de&sr=1600x1200&_fplc=0&ur=DE-BY&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13l3lPl2l2&sst.tft=1717311544363&sst.ude=0&_s=1&dl=https%3A%2F%2Fwww.hbf.com.au%2F&dr=&dp=%2F&sid=1717311546&sct=1&seg=0&dt=HBF%20%7C%20Health%20Insurance&en=page_view&_fv=1&_nsi=1&_ss=1&ep.landing_page=%2F&ep.gtm_container=GTM-5H9BG3M&ep.gtm_version=186&ep.success_event=Action&ep.page_hostname=www.hbf.com.au&ep.fragment=&ep.pagination=0&epn.last_event_delay=9.45&ep.navigation_type=landing&ep.channel=Direct&epn.viewport_width=1600&epn.viewport_height=1200&epn.session_clicks=-1&ep.is_member=NON-MEMBER&ep.event_id=gtm.js.1717311544363.25&ep.type=Pageview&epn.value=9.45&up.member=NON-MEMBER&up.member_like=UNKNOWN&up.switcher_like=UNKNOWN&upn.viewport_height=1200&upn.viewport_width=1600&up.color_theme=light&up.page_path=%2F&up.page_hostname=www.hbf.com.au&up.landing_page=%2F&up.gtm_container=GTM-5H9BG3M&up.gtm_version=186&up.state_selection=OS&upn.visitor_scale=0&up.visitor_type=unknown&tfd=10667&richsstsse
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
0089750f04b296c2d01931805f8ccfaa9073984ce1b222df3fa50e5d5581cb7d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 google
vary
Accept-Encoding
content-type
text/plain
access-control-allow-origin
https://www.hbf.com.au
cache-control
no-cache
access-control-allow-credentials
true
firstload.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		193 KB
34 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/firstload.css?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0b58e2d94d3985eddf305dc8f5f48b47dadfcf0838c53b15bd076da3341a7b90
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
32045
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:52 GMT
server
etag
"03e1d22419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=425009
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:35 GMT
all.js
www.hbf.com.au/Resources/hbf.com.au/scripts/ 		446 KB
153 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/all.js?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
05450996c0f5ad07b4deb29dc6f326e149035ab28726b7e468555d14db7775e0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
153396
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:31:10 GMT
server
etag
"0d3d72c419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=425024
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:50 GMT
require.min.js
www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/ 		16 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/require.min.js?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b42c881f820f3d83a434c539118ebd9db65096c7a5d3e128f6311eaca102b983
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
6319
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=425004
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:30 GMT
all.postload.js
www.hbf.com.au/Resources/hbf.com.au/scripts/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/all.postload.js?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e93d75881fd63bc79866f450f041b6e95b3016ea9f97368ada3c64fc73ecfa05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
679
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:54 GMT
server
etag
"06b4e23419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=425080
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:03:46 GMT
modules.min.js
www.hbf.com.au/Resources/hbf.com.au/scripts/angular/hbf/ 		85 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/angular/hbf/modules.min.js?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c15e7acec06dad4e309dcfd680c4f7be9d14133f7cf01a387af05090326c221f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
22302
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:56 GMT
server
etag
"0987f24419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=424923
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:01:09 GMT
lazyload.min.js
www.hbf.com.au/Resources/hbf.com.au/scripts/ 		174 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/lazyload.min.js?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
853137e3d83353ad2be2e89e78a4a27c6a5bfa5fe1e60537b3d65062e80321fb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
156
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:52 GMT
server
etag
"03e1d22419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=424976
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:02 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:06 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f0eb9a43491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
analytics.js
metrics.hbf.com.au/ 		52 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/analytics.js
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
gzip
via
1.1 google
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
expires
Sun, 02 Jun 2024 08:58:20 GMT
HBF-favicon_512px_Light.png
www.hbf.com.au/ 		8 KB
11 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/HBF-favicon_512px_Light.png
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5b1a60629fc49ee8a7f2b88294978b1e401df68994cdea28e18b95754dc9640b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:06 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=424245
server-timing
dtSInfo;desc="0", dtRpid;desc="1565051295"
accept-ranges
bytes
content-length
8323
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 04:49:51 GMT
responsive-main.min.js
www.hbf.com.au/Resources/hbf.com.au/scripts/ 		13 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/responsive-main.min.js?v=1.0.5.1056
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/require.min.js?v=1.0.5.1056
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
af24c84d3d7d0364653f2e033c77fe21209f6ef87b226d141280a8d5036dc5be
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
4172
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:30:54 GMT
server
etag
"06b4e23419cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=424944
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:01:30 GMT
HBF-favicon_512px_Circle.png
www.hbf.com.au/ 		16 KB
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/HBF-favicon_512px_Circle.png
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f6018b5b7d38652315fd3ad386e2a412f3027d2597200804135d58eb78038f34
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:06 GMT
x-content-type-options
nosniff
last-modified
Thu, 02 May 2024 03:25:54 GMT
server
etag
"0d7e70409cda1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=424226
server-timing
dtSInfo;desc="0", dtRpid;desc="1526246068"
accept-ranges
bytes
content-length
16573
x-xss-protection
1; mode=block
expires
Fri, 07 Jun 2024 04:49:32 GMT
module-activator.js
www.hbf.com.au/Resources/hbf.com.au/scripts/utils/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/utils/module-activator.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/require.min.js?v=1.0.5.1056
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2515d4f725d6da1425fbb977cd35af5940cb461e9a2aec48837b549056987cbf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
3636
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=424942
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:01:28 GMT
jquery.cookie.js
www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/jquery.cookie.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/require.min.js?v=1.0.5.1056
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9a05d7d8bfe5f332fea7f2d1a20a53e5d30389a16593319d89b5d32ec4550a7d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
1072
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=425022
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:48 GMT
GetQuote
www.hbf.com.au/Services/hbf/QuoteApi.svc/ 		854 B
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Services/hbf/QuoteApi.svc/GetQuote
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9c7b32385faeee740f114d5f5580f6898a01abab5ccaf83901af50ab208a4ccd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Referer
https://www.hbf.com.au/
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:07 GMT
x-content-type-options
nosniff
server
x-frame-options
SAMEORIGIN
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
application/json; charset=utf-8
cache-control
private
server-timing
dtSInfo;desc="0", dtRpid;desc="-1795215651", dtTao;desc="1"
timing-allow-origin
*
content-length
854
x-xss-protection
1; mode=block
HideAlert.js
www.hbf.com.au/Resources/hbf.com.au/scripts/components/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/components/HideAlert.js?v=1.0.2.129
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/require.min.js?v=1.0.5.1056
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b76697753f96b4a1de169953e5df1c127d1a336c9b87c813b1f3abdbb168db8f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
563
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=472094
accept-ranges
bytes
expires
Fri, 07 Jun 2024 18:07:20 GMT
SearchForm.js
www.hbf.com.au/Resources/hbf.com.au/scripts/components/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/components/SearchForm.js?v=1.0.2.129
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/require.min.js?v=1.0.5.1056
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8b5b0a6b57b3b2bf67798593aba7a9f8ea40a0b483a2cafb7dee72c2591587ab
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 02 Jun 2024 06:59:06 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
733
x-xss-protection
1; mode=block
last-modified
Thu, 02 May 2024 03:25:56 GMT
server
etag
"03aaf71409cda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=425015
accept-ranges
bytes
expires
Fri, 07 Jun 2024 05:02:41 GMT
collect
metrics.hbf.com.au/g/ 		526 B
835 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/g/collect?v=2&tid=G-MYCH9D7CM5&gtm=45he45t0v878992725z8832402519za200zb832402519&_p=1717311544363&gcd=13l3lPl2l2&npa=0&dma_cps=sypham&dma=1&cid=1255085813.1717311547&ecid=1421296636&ul=de-de&sr=1600x1200&_fplc=0&ur=DE-BY&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13l3lPl2l2&sst.tft=1717311544363&sst.ude=0&_s=2&dl=https%3A%2F%2Fwww.hbf.com.au%2F&dr=&dp=%2F&sid=1717311546&sct=1&seg=0&dt=HBF%20%7C%20Health%20Insurance&en=telemetry&ep.landing_page=%2F&ep.gtm_container=GTM-5H9BG3M&ep.gtm_version=186&ep.success_event=Action&ep.page_hostname=www.hbf.com.au&ep.fragment=&ep.pagination=0&epn.last_event_delay=10.685&ep.navigation_type=landing&ep.channel=Direct&epn.viewport_width=1600&epn.viewport_height=1200&epn.session_clicks=0&ep.is_member=NON-MEMBER&ep.event_id=win-onload.1717311544363.46&ep.type=Window%20Loaded&ep.label=landing&epn.value=10.684&_et=22&up.visitor_type=hit&tfd=11192&richsstsse
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
58ba3bc419c0e7d34a47be36fed38e9dff15a9de8fc74dadcebf2a591bf798f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 google
vary
Accept-Encoding
content-type
text/plain
access-control-allow-origin
https://www.hbf.com.au
cache-control
no-cache
access-control-allow-credentials
true
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
581 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f125edd3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
linkid.js
metrics.hbf.com.au/plugins/ua/ 		2 KB
991 B 		Script
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/plugins/ua/linkid.js
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 30 Jun 2023 18:58:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
expires
Sun, 02 Jun 2024 07:58:10 GMT
collect
region1.analytics.google.com/g/s/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://region1.analytics.google.com/g/s/collect?dma=1&dma_cps=sypham&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&_gsid=MYCH9D7CM5R39tLSYaidCX15oBWgMxJA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f125ee93491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-MYCH9D7CM5&cid=1255085813.1717311547&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&aip=1&z=513281289
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=1&dma_cps=sypham&tid=G-MYCH9D7CM5&cid=1255085813.1717311547&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
price
salesapi.hbf.com.au/sales/pricing/api/Pricing/ 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://salesapi.hbf.com.au/sales/pricing/api/Pricing/price?api-version=1.0&australianResident=true&commencementDate=2024-06-02&coverScale=single&paymentMethod=DIRECT_DEBIT&productCodes=EL0,01E,JL0,01F,FL0,01G,ML0,01H,AL0,3E0,3M0&rebatePercentageLevel=THIRTY&rebateRequested=true&state=wa
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.161.78.45 Perth, Australia, ASN4826 (VOCUS-BACKBONE-AS Vocus Connect International Backbone, AU),
Reverse DNS
203.161.78.45.static.amnet.net.au
Software
Microsoft-IIS/7.5 / ARR/3.0, ASP.NET
Resource Hash
b195c8cf47d1d59fe5357a0c8d868b990937d12934032cde06edf2152023ad7e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 02 Jun 2024 06:59:07 GMT
Server
Microsoft-IIS/7.5
X-Powered-By
ARR/3.0, ASP.NET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
private,max-age=3600
Server-Timing
dtSInfo;desc="0", dtRpid;desc="486820977", dtTao;desc="1"
Timing-Allow-Origin
*
Content-Length
6600
w.js
d10lpsik1i8c69.cloudfront.net/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.34.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-34-185.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:00:28 GMT
content-encoding
gzip
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
last-modified
Thu, 25 Jan 2024 18:19:40 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
3521
x-amz-server-side-encryption
AES256
etag
W/"e31293f40e8a324de552ff593ee76a9b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
IcPMnu3c0Flk5GYBD_8k2a5xTdxDAhEccRlq34pHz_KZE-ifQ7ibxQ==
destination
www.googletagmanager.com/gtag/ 		222 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-956238894&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6881e1223dc0000354f30f227e62eb73487b4a16d29c2e0a5f74324b558c092b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82494
x-xss-protection
0
last-modified
Sun, 02 Jun 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 02 Jun 2024 06:59:07 GMT
destination
www.googletagmanager.com/gtag/ 		201 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-5879482&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
70b40c64b39d87bfd191e7cb9fca20a1835ff4a1ec3be09790b7fb9e1801cf45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74883
x-xss-protection
0
last-modified
Sun, 02 Jun 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 02 Jun 2024 06:59:07 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Jun 2024 06:59:07 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=40, rtx=0, c=12, mss=1294, tbw=2774, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
gXTwPZz/2Lmsm8w1MyVLcvlZomJv4F0VNLIH763fjzq1zvD1iGUnwKQuQWtETAR4J5wFS7IzSvxtkPDI0BJtQA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
x-fb-optimizer
0
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pa-531fb5feabe53d6951069f59.js
rum-static.pingdom.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rum-static.pingdom.net/pa-531fb5feabe53d6951069f59.js
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3668 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9f2192089bbaaf2bb5f4b251d4710ea3e5647b61f5ba83ff9097ba004f73217

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
gzip
cf-cache-status
REVALIDATED
last-modified
Fri, 14 Oct 2022 06:22:28 GMT
server
cloudflare
etag
W/"63490024-1852"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=86400
cf-ray
88d58f1598fc9b25-FRA
expires
Sun, 02 Jun 2024 07:04:07 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C6SIATC8D8G7TBKFJU8G&lib=ttq
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.16 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
cb384ff6054dbc7b77f2099cb71f9e0b8789bcdccbf1bb3a09b064dee5e6347c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
30b62058
date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-24060206590782C9024976783EDC910E-11C530C1B44CE0A0-00
x-cache
TCP_MISS from a95-100-146-12.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=1, origin; dur=115
content-length
1509
pragma
no-cache
server
nginx
x-tt-logid
2024060206590782C9024976783EDC910E
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
115,95.100.146.12
x-tt-trace-host
0176175838f994675ea04d3dba20037fedca2df6b8a9b0f0d989ab742b47c291e51529cfe0f49ff420141fad5df79f6c8f2d39826ec6e82910a4d9b8b576ddc37cd62a4f691db762f4afbff0d6072316f9fcc28ed5ae3e51ee921bc07cfd0e2fde
expires
Sun, 02 Jun 2024 06:59:07 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f150ac83491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
core.js
s.pinimg.com/ct/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300:2ac::1931 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0882be2bb685d64ae46b56574b330fb1afe5dfef39f940d12ca776475248eaa8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-cdn
akamai
etag
"c292daff66d2a9db8fb67b7807bf3c7b"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=7200
accept-ranges
bytes
alt-svc
h3=":443"; ma=600
content-length
1881
collect
metrics.hbf.com.au/ 		35 B
353 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/collect
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:08 GMT
via
1.1 google
content-type
image/gif
access-control-allow-origin
https://www.hbf.com.au
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-3748144-13&cid=1255085813.1717311547&jid=292341602&gjid=1176623246&_gid=1747509537.1717311547&npa=1&_u=aChAiEAjBAAAAEAAMK~&z=606993638
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sun, 02 Jun 2024 06:59:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hbf.com.au
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
settings.luckyorange.net/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.hbf.com.au%2F&s=103294
Requested by
Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.75.100 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ea59b3f5b364cdbb07a492b7630ce170f73650f62dadd57d31322493f2ca3a1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.hbf.com.au
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BDVlzFUdf98Rs9QTHjtmC6Cl%2Fvjd%2FoYIbBXsKaD5aI0j5LWER7BztmC%2BA9nqOB5g71%2FeHrg9luj1EIL%2FRctJf66Uf4uTjDLL8gmK7KXnTlJ5RdcTqz%2FiUnnGHIVGWdfwj4SCZ2u39ibypA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-frame-options
SAMEORIGIN
access-control-allow-credentials
true
cf-ray
88d58f167e8d0497-FRA
access-control-allow-headers
Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since
content-length
825
336203654266608
connect.facebook.net/signals/config/ 		56 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/336203654266608?v=2.9.156&r=stable&domain=www.hbf.com.au&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
89db3f3949ba4ec785219328860c854e38e3faf277306c95c5d0fefa78362dbb
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Jun 2024 06:59:07 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
11837
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=63, mss=1294, tbw=63371, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
LoIBNOszkBn5Swf3RWcwL/UKVe7G1kD77N1wQkGScg+8fo9pKQ+eH1hus2c54+P+QEslZgqCbv/ufDw1gRwasQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:07 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f168cdd3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
main.2bdc3040.js
s.pinimg.com/ct/lib/ 		69 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.2bdc3040.js
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:e300:2ac::1931 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
32d720cede6dadc60f848ff6670b767292e508c5ec392ef64ffd4fd46982e565

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-cdn
akamai
etag
"12a8f2d3ddbe2363a4a569b085d70d28"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding, Origin
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET
access-control-expose-headers
X-CDN
cache-control
max-age=1209600
accept-ranges
bytes
content-length
19942
activityi;dc_pre=CIG1rYasvIYDFVxeHgId3AgZdA;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125....
5879482.fls.doubleclick.net/ Frame 579E
Redirect Chain
  • https://5879482.fls.doubleclick.net/activityi;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B12...
  • https://5879482.fls.doubleclick.net/activityi;dc_pre=CIG1rYasvIYDFVxeHgId3AgZdA;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;u...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://5879482.fls.doubleclick.net/activityi;dc_pre=CIG1rYasvIYDFVxeHgId3AgZdA;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-5879482&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.hbf.com.au/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
736
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 02 Jun 2024 06:59:08 GMT
expires
Sun, 02 Jun 2024 06:59:08 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 02 Jun 2024 06:59:08 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://5879482.fls.doubleclick.net/activityi;dc_pre=CIG1rYasvIYDFVxeHgId3AgZdA;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activityi;dc_pre=CJKxrYasvIYDFRBJHgIdmfwEHQ;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%...
5879482.fls.doubleclick.net/ Frame D2A0
Redirect Chain
  • https://5879482.fls.doubleclick.net/activityi;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrom...
  • https://5879482.fls.doubleclick.net/activityi;dc_pre=CJKxrYasvIYDFRBJHgIdmfwEHQ;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://5879482.fls.doubleclick.net/activityi;dc_pre=CJKxrYasvIYDFRBJHgIdmfwEHQ;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-5879482&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.hbf.com.au/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
908
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 02 Jun 2024 06:59:08 GMT
expires
Sun, 02 Jun 2024 06:59:08 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 02 Jun 2024 06:59:08 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://5879482.fls.doubleclick.net/activityi;dc_pre=CJKxrYasvIYDFRBJHgIdmfwEHQ;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
activity;register_conversion=1;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7C...
ad.doubleclick.net/ 		0
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=5879482;type=remar0;cat=hbf_m0;ord=5100910446073;npa=1;auiddc=1275138965.1717311545;ps=1;pcor=106800551;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:08 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"4908092294758577328"}],"aggregatable_trigger_data":[{"filters":[{"14":["3781942"]}],"key_piece":"0xc2bf99dede51355f","source_keys":["12","13","14","15","16","17","18","19","20","21","628669636","628669637","628669638","628669639","628747128","628747129","628747130","628747131","628860344","628860345","628860346","628860347","628874672","628874673","628874674","628874675","628885784","628885785","628885786","628885787","634978660","634978661","634978662","634978663","634984960","634984961","634984962","634984963"]},{"key_piece":"0x361329dde79164b4","not_filters":{"14":["3781942"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628669636","628669637","628669638","628669639","628747128","628747129","628747130","628747131","628860344","628860345","628860346","628860347","628874672","628874673","628874674","628874675","628885784","628885785","628885786","628885787","634978660","634978661","634978662","634978663","634984960","634984961","634984962","634984963"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628669636":32,"628669637":32,"628669638":32,"628669639":3177,"628747128":59,"628747129":59,"628747130":59,"628747131":5778,"628860344":32,"628860345":32,"628860346":32,"628860347":3177,"628874672":34,"628874673":34,"628874674":34,"628874675":3345,"628885784":34,"628885785":34,"628885786":34,"628885787":3345,"634978660":32,"634978661":32,"634978662":32,"634978663":3177,"634984960":36,"634984961":36,"634984962":36,"634984963":3530},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"13887323106794778584","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"source_type":["event"]},{"14":["3781942"],"24":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"23":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"25":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"26":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"27":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"28":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"4908092294758577328","filters":[{"14":["3781942"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"4908092294758577328","filters":[{"source_type":["event"]},{"23":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"4908092294758577328","filters":[{"24":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"4908092294758577328","filters":[{"25":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"4908092294758577328","filters":[{"26":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"4908092294758577328","filters":[{"27":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"4908092294758577328","filters":[{"28":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"4908092294758577328","filters":[{"29":["3781942"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"4908092294758577328","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["5879482"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activity;register_conversion=1;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422....
ad.doubleclick.net/ 		0
23 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/activity;register_conversion=1;src=5879482;type=audie0;cat=hbf_a0;ord=9422445658826;npa=1;auiddc=1275138965.1717311545;u1=%2F;ps=1;pcor=58131963;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe45t0z8832402519za201zb832402519;gcd=13l3l3l2l1;dma_cps=sypham;dma=1;epver=2;~oref=https%3A%2F%2Fwww.hbf.com.au%2F?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:08 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"4313336587105058370"}],"aggregatable_trigger_data":[{"filters":[{"14":["4537907"]}],"key_piece":"0x1c7b34b939417995","source_keys":["12","13","14","15","16","17","18","19","20","21","628669636","628669637","628669638","628669639","628747128","628747129","628747130","628747131","628860344","628860345","628860346","628860347","628874672","628874673","628874674","628874675","628885784","628885785","628885786","628885787","634978660","634978661","634978662","634978663","634984960","634984961","634984962","634984963"]},{"key_piece":"0x603e2d6bc4a8319e","not_filters":{"14":["4537907"]},"source_keys":["12","13","14","15","16","17","18","19","20","21","628669636","628669637","628669638","628669639","628747128","628747129","628747130","628747131","628860344","628860345","628860346","628860347","628874672","628874673","628874674","628874675","628885784","628885785","628885786","628885787","634978660","634978661","634978662","634978663","634984960","634984961","634984962","634984963"]}],"aggregatable_values":{"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"628669636":32,"628669637":32,"628669638":32,"628669639":3177,"628747128":59,"628747129":59,"628747130":59,"628747131":5778,"628860344":32,"628860345":32,"628860346":32,"628860347":3177,"628874672":34,"628874673":34,"628874674":34,"628874675":3345,"628885784":34,"628885785":34,"628885786":34,"628885787":3345,"634978660":32,"634978661":32,"634978662":32,"634978663":3177,"634984960":36,"634984961":36,"634984962":36,"634984963":3530},"aggregation_coordinator_origin":"https://publickeyservice.msmt.aws.privacysandboxservices.com","debug_key":"17827016389186379743","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"source_type":["event"]},{"14":["4537907"],"24":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"1"},{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"23":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"0"},{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"25":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"2"},{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"26":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"3"},{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"27":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"4"},{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"28":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"5"},{"deduplication_key":"4313336587105058370","filters":[{"14":["4537907"],"source_type":["navigation"]}],"priority":"10","trigger_data":"6"},{"deduplication_key":"4313336587105058370","filters":[{"source_type":["event"]},{"23":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"0"},{"deduplication_key":"4313336587105058370","filters":[{"24":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"1"},{"deduplication_key":"4313336587105058370","filters":[{"25":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"2"},{"deduplication_key":"4313336587105058370","filters":[{"26":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"3"},{"deduplication_key":"4313336587105058370","filters":[{"27":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"4"},{"deduplication_key":"4313336587105058370","filters":[{"28":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"5"},{"deduplication_key":"4313336587105058370","filters":[{"29":["4537907"],"source_type":["navigation"]}],"priority":"0","trigger_data":"6"},{"deduplication_key":"4313336587105058370","filters":[{"source_type":["navigation"]}],"priority":"0","trigger_data":"7"}],"filters":{"8":["5879482"]}}
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
beacon.gif
rum-collector-2.pingdom.net/img/ 		0
213 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rum-collector-2.pingdom.net/img/beacon.gif?id=531fb5feabe53d6951069f59&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=6378&cE=6378&dLE=6378&dLS=6378&fS=6378&hS=-1&rE=-1&rS=-1&reS=6379&resS=8374&resE=8942&uEE=-1&uES=-1&dL=8379&dI=9011&dCLES=9011&dCLEE=9027&dC=10673&lES=10674&lEE=10675&s=nt&title=HBF%20%7C%20Health%20Insurance&path=https%3A%2F%2Fwww.hbf.com.au%2F&ref=&sId=ukvkz01n&sST=1717311547&sIS=1&rV=0&v=1.4.1
Requested by
Host: rum-static.pingdom.net
URL: https://rum-static.pingdom.net/pa-531fb5feabe53d6951069f59.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.31.83.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-31-83-81.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Sun, 02 Jun 2024 06:59:08 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
1731206713857668
connect.facebook.net/signals/config/ 		31 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1731206713857668?v=2.9.156&r=stable&domain=www.hbf.com.au&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105%2C184%2C183%2C185%2C190%2C191%2C192%2C188%2C180%2C122%2C150%2C179%2C181%2C113%2C144%2C135%2C139%2C119%2C174%2C216%2C106%2C217%2C152%2C110%2C133%2C126%2C114
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
b63ca73b9c599d01a4a16dd9ada16bcb3d88378bfb708755b7f9d697736c64dc
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 02 Jun 2024 06:59:07 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6530
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=23, mss=1232, tbw=4320, tp=9, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
UaqJ9m+Wl4RM84d8n4WVSNEC8iwTgU08+OXue3lmf19/vYz7RCmASYxV3lWeFeD0oN+n3bw/N20UjmnFDyYNng==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
main.MWY1ZWZmZjM0MA.js
analytics.tiktok.com/i18n/pixel/static/ 		344 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C6SIATC8D8G7TBKFJU8G&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.16 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
73cfec825cb8c3d30231bbf218655b3441a852d9dd32a83425b7d4672af4f7e3

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
30b6237b
date
Sun, 02 Jun 2024 06:59:07 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202405301306207EC2AF0BA696A67E1F39
x-tt-trace-id
00-2405301306207EC2AF0BA696A67E1F39-1C6863A58D07FAEA-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a95-100-146-12.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01cdee3083ea679cafb8d66f61f98f2c9161b049d12e8fac70670971f1c34a61c1f9f1c4e8e1148910deab267763b255e4a5910673bc7f0f7dc958ae454c9bab221366cee78c8b1b3f5c64544f845b496e905e5f23e7cd6437e9c03486c8b565d2
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=6
content-length
101717
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f170d843491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
/
ct.pinterest.com/user/ 		326 B
724 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2613749352641&cb=1717311547985&dep=2%2CPAGE_LOAD
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.216.231 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-231.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7c3ffee5bcd22c88b35273b0e47553373564c519031afac4fdd45cea71107e4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.c4931102.1717311548.21eb22f8
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=600
content-length
185
x-pinterest-rid
4105174272358276
pin-unauth
dWlkPU9ESTFZV1UxT1RNdFpESTVPUzAwWW1VekxXSXdaVGt0TWpVeFltRXdZelptTTJKaw
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.hbf.com.au
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
pinterest-version
0acf2821fed5456b690322e537fbd16e9a4bf075
expires
Sat, 01 Jan 2000 00:00:00 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
580 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f170d873491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
/
ct.pinterest.com/v3/ 		35 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/v3/?tid=2613749352641&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.hbf.com.au%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.112%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1717311547986
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.216.231 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-231.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
referrer-policy
origin
x-cdn
akamai
akamai-grn
0.c4931102.1717311548.21eb22f9
content-type
image/gif
access-control-allow-origin
https://www.hbf.com.au
pinterest-version
0acf2821fed5456b690322e537fbd16e9a4bf075
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
content-length
35
x-pinterest-rid
1061933960395880
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=336203654266608&ev=PageView&dl=https%3A%2F%2Fwww.hbf.com.au%2F&rl=&if=false&ts=1717311548014&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.2.1717311548014.171924207&ler=empty&cdl=API_unavailable&it=1717311547900&coo=false&eid=doc-onload.1717311544363.62&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1294, tbw=2849, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Jun 2024 06:59:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=336203654266608&ev=PageView&dl=https%3A%2F%2Fwww.hbf.com.au%2F&rl=&if=false&ts=1717311548014&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.2.1717311548014.171924207&ler=empty&cdl=API_unavailable&it=1717311547900&coo=false&eid=doc-onload.1717311544363.62&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x9d7821b628b2b12d","source_keys":["1","2"]},{"key_piece":"0x84bd49b884580efc","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Sun, 02 Jun 2024 06:59:08 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=16, mss=1294, tbw=3292, tp=-1, tpl=-1, uplat=264, ullat=0
pragma
no-cache
x-fb-debug
bvWiIgH/kCyeyhPa7M4MQm9xdhKU3cabGl5oywA04Jyew7Zm3mZw7jX5f+avXGmGugUWPUeON6yKaP9etKA3RA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1731206713857668&ev=PageView&dl=https%3A%2F%2Fwww.hbf.com.au&rl=&if=false&ts=1717311548016&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4124&fbp=fb.2.1717311548014.171924207&ler=empty&cdl=API_unavailable&pm=1&hrl=72595d&it=1717311547900&coo=false&eid=doc-onload.1717311544363.62&cs_cc=1&cas=7474373032654818%2C6344495765665310%2C4001432583276328%2C4256751347685659&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=10, mss=1294, tbw=3136, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 02 Jun 2024 06:59:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1731206713857668&ev=PageView&dl=https%3A%2F%2Fwww.hbf.com.au&rl=&if=false&ts=1717311548016&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4124&fbp=fb.2.1717311548014.171924207&ler=empty&cdl=API_unavailable&pm=1&hrl=72595d&it=1717311547900&coo=false&eid=doc-onload.1717311544363.62&cs_cc=1&cas=7474373032654818%2C6344495765665310%2C4001432583276328%2C4256751347685659&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xe74f42f3127cf561","source_keys":["1","2"]},{"key_piece":"0x79b592d4c3cce0aa","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Sun, 02 Jun 2024 06:59:08 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=10, mss=1294, tbw=6454, tp=-1, tpl=-1, uplat=264, ullat=0
pragma
no-cache
x-fb-debug
w0Q+ZrorZQ5JqAvRnB/LyNjm4QtBsSmA4FJF6Gilv0PBiSZD/G5q1665wutRonvQU0jhANDqrlrg6kfUTydItw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
clickstream.js
d10lpsik1i8c69.cloudfront.net/js/ Frame 4FE3 		287 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Requested by
Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.34.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-34-185.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e865cf013eaa0223f508139bd864e5a3f2b88fc1857c0bc714cc48389a3ea82f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://www.hbf.com.au
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 00:04:16 GMT
content-encoding
gzip
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
111293
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 25 Jan 2024 18:19:40 GMT
server
AmazonS3
etag
W/"ba41e1e15fa64ba31fd66b66e19eb16f"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id
kg3YUqMJrbsAbsG6U1zku1THh96YNWzcVVYVMwxHqXdj1mqWg0Cuvw==
identify_ce1d8843.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.16 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
30b6275c
date
Sun, 02 Jun 2024 06:59:08 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202405211400006CC3DC71344D3E3F1E8D
x-tt-trace-id
00-2405211400006CC3DC71344D3E3F1E8D-7F4F7B97700EA26A-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a95-100-146-12.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01765f5ed76f55820bc89c764bd5a9e020c4d08b71f93a6b9d1ce0337c52ea7c9cb5b50384101d29d6ddc4015f1c873f508e1d7eed79fe5ec9c0eb0f5a16a185024d245984f1de12c30096680d8c0a2c219e5c08b474cf1613802a4acd040aec47
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length
39663
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f184f503491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
966 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.120.210.155 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-120-210-155.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
1ae62bb5.80303cce
date
Sun, 02 Jun 2024 06:59:08 GMT
x-bytefaas-request-id
202406020659085F04FF4176C7AEE6233B
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2406020659085F04FF4176C7AEE6233B-2D665BF888BABAB3-00
x-cache
TCP_MISS from a104-120-210-151.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56337083) (-)
x-parent-response-time
29,104.120.210.151
server-timing
cdn-cache; desc=MISS, edge; dur=22, origin; dur=9, inner; dur=6
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202406020659085F04FF4176C7AEE6233B
x-cache-remote
TCP_MISS from a23-58-124-25.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56337083) (-)
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
4.45
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
0194396cf2295cd34be2888f6ac96d89d0b88fa5191a326c15caed3383e994f7c5521a19dd505d2e6485f93d5c68395265199503b3f34e4d5cfd122f33a2d4e45ae0d0ee38c54b8a7ddf80db226d022870a5a1b8ecbef0b42187ec7aee79a7dfb92c55eb20670770849edc11b1897c8636
x-origin-response-time
9,23.58.124.25
access-control-allow-headers
*
expires
Sun, 02 Jun 2024 06:59:08 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
845 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.16 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
5a722553.30b62779
date
Sun, 02 Jun 2024 06:59:08 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2406020659083B4F68EA66A0DFEE9109-38A08A7C970CFBF3-00
x-cache
TCP_MISS from a95-100-146-12.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
x-parent-response-time
125,95.100.146.12
server-timing
cdn-cache; desc=MISS, edge; dur=144, origin; dur=26, inner; dur=22
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202406020659083B4F68EA66A0DFEE9109
x-cache-remote
TCP_MISS from a23-48-100-137.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
26,23.48.100.137
x-tt-trace-host
0176175838f994675ea04d3dba20037fed72379e29d288016677bcc3442ab4099a89ede90951f841b6b23dce853bfa9d4459b7351e08091e89de55cfa9887de49713f37fa1a00e15c67419efcbf477a9269428a87b5c036699b9e27aef7d39e7f7a77adf6b471560cc3c1051e9c4c52dd6
access-control-allow-headers
Authorization,*
expires
Sun, 02 Jun 2024 06:59:08 GMT
collect
region1.analytics.google.com/g/s/ 		0
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://region1.analytics.google.com/g/s/collect?dma=1&dma_cps=sypham&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&_gsid=MYCH9D7CM5PSLodoI5ZAJXUOuCZgf3iw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f185f653491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-MYCH9D7CM5&cid=1255085813.1717311547&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&aip=1&z=120919006
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 02 Jun 2024 06:59:08 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f18f84e3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
token_create.js
ct.pinterest.com/static/ct/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/static/ct/token_create.js
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2.19.216.231 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-231.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
x-cdn
akamai
akamai-grn
0.bc931102.1717311548.1a558235
etag
"19c94b308deaf8fbf050b4fca2fa21b7"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200
alt-svc
h3=":443"; ma=600
content-length
2108
quic-version
0x00000001
ct.html
ct.pinterest.com/ Frame CE77 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/ct.html
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.216.231 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-216-231.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.hbf.com.au/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

akamai-grn
0.c4931102.1717311548.21eb244d
alt-svc
h3=":443"; ma=600
cache-control
max-age=86400
content-encoding
gzip
content-length
323
content-type
text/html; charset=utf-8
date
Sun, 02 Jun 2024 06:59:08 GMT
pinterest-version
0acf2821fed5456b690322e537fbd16e9a4bf075
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
vary
Accept-Encoding
x-cdn
akamai
x-envoy-upstream-service-time
0
x-pinterest-rid
6752408721705830
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
581 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f19186c3491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
blink_green.png
d10lpsik1i8c69.cloudfront.net/graphics/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d10lpsik1i8c69.cloudfront.net/graphics/blink_green.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.34.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-34-185.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9746bbc8be1eacd912bb90f2226b3f9141b15938f7b0281825c74999c0040c9b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Jan 2024 18:19:46 GMT
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
last-modified
Thu, 25 Jan 2024 18:19:40 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
11104763
etag
"2e4ff7ec8bf18d247ee942621e0f9d65"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1283
x-amz-cf-id
c85O4rmJnJHbOcEUyp_5njOgUK46t6CP4c_Q9_n4WalQCX4NH5Yy3Q==
logo-light.png
d10lpsik1i8c69.cloudfront.net/graphics/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d10lpsik1i8c69.cloudfront.net/graphics/logo-light.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.34.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-34-185.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8c34bc7bc1985e63394c3c2afff88cdcfc06e501320432dd23eaff83ea6754eb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Jan 2024 18:19:45 GMT
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
last-modified
Thu, 25 Jan 2024 18:19:40 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
11104764
etag
"35ce74c31e3ef54462a234340af702d7"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1143
x-amz-cf-id
8qPWQRXmPbfAyIXW0mjYxJn74-_AW6AhQbWKB9XXf0ghBvl_OmYM3w==
sound-on-white.png
d10lpsik1i8c69.cloudfront.net/graphics/ 		277 B
647 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d10lpsik1i8c69.cloudfront.net/graphics/sound-on-white.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.34.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-34-185.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da0c1bc51d4ebfa2570f3e7546d9d3ccfb3f9d3c1199b1ca49869510aa79392a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 22:36:07 GMT
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
last-modified
Thu, 25 Jan 2024 18:19:40 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
2362982
etag
"76f1993de0fd323f67cece8d8e63bfa2"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
277
x-amz-cf-id
PV3q2wyEkNFiGjYiiwhjxE07ZeWgdGnrP93huybngkwe0-yHPxx3IA==
act
analytics.tiktok.com/api/v2/pixel/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.146.16 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-146-16.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
30b62ba1
date
Sun, 02 Jun 2024 06:59:08 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2406020659084D6821960C1518EC5DA0-0080BF7ED4E47574-00
x-cache
TCP_MISS from a95-100-146-12.deploy.akamaitechnologies.com (AkamaiGHost/11.5.1-56325026) (-)
server-timing
inner; dur=23, cdn-cache; desc=MISS, edge; dur=11, origin; dur=125
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202406020659084D6821960C1518EC5DA0
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
125,95.100.146.12
x-tt-trace-host
0176175838f994675ea04d3dba20037fedca2df6b8a9b0f0d989ab742b47c291e58d952e89877f379f1e7e831744257e172fac512e95eb78e5e814c8c70fca98214a19531163441136d46dff335799872a797c2215e5f8f7d27b8f44f366187edc
access-control-allow-headers
Authorization,*
expires
Sun, 02 Jun 2024 06:59:08 GMT
rb_bf04700wip
www.hbf.com.au/ 		118 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/rb_bf04700wip?type=js3&sn=v_4_srv_3_sn_50F945B653FF12D8EEE09688176A5E31_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0&svrid=3&flavor=post&vi=FWDAKORMPRUWCMEKMPNIFFHKOKIJFFCE-0&modifiedSince=1716796049605&rf=https%3A%2F%2Fwww.hbf.com.au%2F&bp=3&app=2cc8b170ae18fec1&crc=2842874370&en=un4hjmv8&end=1
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10289240325103055.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a228965d3fd6a1e0f1f42ce59971b315b7e3c576bee69ae09b16892b82dc9f93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:09 GMT
x-content-type-options
nosniff
server
x-frame-options
SAMEORIGIN
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/plain; charset=utf-8
content-length
118
x-xss-protection
1; mode=block
reset.css
d10lpsik1i8c69.cloudfront.net/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d10lpsik1i8c69.cloudfront.net/css/reset.css
Requested by
Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.34.185 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-34-185.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
401f533697cfb484598d2da76b5f4708bbca985a1fab42dbcfaa0741374d3245

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 25 Jan 2024 18:19:49 GMT
content-encoding
gzip
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
last-modified
Thu, 25 Jan 2024 18:19:39 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P2
age
11104760
etag
W/"7144eaceff0b31347712515a6116074e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
cache-control
max-age=31536000
x-amz-cf-id
km80KgGN0JfPinbMLx0zJK1i7LU5QRiCnuY_XJx5YWwcc5yVSMsg8Q==
reportOnly
hbftest.report-uri.com/r/d/csp/ Frame 4FE3 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f1bbc423491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
reportOnly
hbftest.report-uri.com/r/d/csp/ Frame 4FE3 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f1bbc463491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
reportOnly
hbftest.report-uri.com/r/d/csp/ Frame 4FE3 		0
583 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 02 Jun 2024 06:59:08 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
88d58f1bbc493491-WAW
alt-svc
h3=":443"; ma=86400
content-length
0
efa98bad-dc05-4f11-ae7d-2732be541d36
https://www.hbf.com.au/ Frame 4FE3 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.hbf.com.au/efa98bad-dc05-4f11-ae7d-2732be541d36
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
0
Content-Type
29538f4f-943d-4b67-8a1f-06ad654c9e41
https://www.hbf.com.au/ Frame 4FE3 		30 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.hbf.com.au/29538f4f-943d-4b67-8a1f-06ad654c9e41
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb5a1fff57218742c5c1e469970504556a10d235b2379872b4ffcef9901d3bc0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
31224
Content-Type
rb_bf04700wip
www.hbf.com.au/ 		118 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/rb_bf04700wip?type=js3&sn=v_4_srv_3_sn_50F945B653FF12D8EEE09688176A5E31_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0&svrid=3&flavor=post&vi=FWDAKORMPRUWCMEKMPNIFFHKOKIJFFCE-0&modifiedSince=1716796049605&rf=https%3A%2F%2Fwww.hbf.com.au%2F&bp=3&app=2cc8b170ae18fec1&crc=1800899702&en=un4hjmv8&end=1
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10289240325103055.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a228965d3fd6a1e0f1f42ce59971b315b7e3c576bee69ae09b16892b82dc9f93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:09 GMT
x-content-type-options
nosniff
server
x-frame-options
SAMEORIGIN
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/plain; charset=utf-8
content-length
118
x-xss-protection
1; mode=block
rb_bf04700wip
www.hbf.com.au/ 		118 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/rb_bf04700wip?type=js3&sn=v_4_srv_3_sn_50F945B653FF12D8EEE09688176A5E31_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0&svrid=3&flavor=post&vi=FWDAKORMPRUWCMEKMPNIFFHKOKIJFFCE-0&modifiedSince=1716796049605&rf=https%3A%2F%2Fwww.hbf.com.au%2F&bp=3&app=2cc8b170ae18fec1&crc=1300919588&en=un4hjmv8&end=1
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10289240325103055.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a228965d3fd6a1e0f1f42ce59971b315b7e3c576bee69ae09b16892b82dc9f93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:11 GMT
x-content-type-options
nosniff
server
x-frame-options
SAMEORIGIN
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/plain; charset=utf-8
content-length
118
x-xss-protection
1; mode=block
rb_bf04700wip
www.hbf.com.au/ 		118 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/rb_bf04700wip?type=js3&sn=v_4_srv_3_sn_50F945B653FF12D8EEE09688176A5E31_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0&svrid=3&flavor=post&vi=FWDAKORMPRUWCMEKMPNIFFHKOKIJFFCE-0&modifiedSince=1716796049605&rf=https%3A%2F%2Fwww.hbf.com.au%2F&bp=3&app=2cc8b170ae18fec1&crc=38808334&en=un4hjmv8&end=1
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10289240325103055.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
92.122.104.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-104-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a228965d3fd6a1e0f1f42ce59971b315b7e3c576bee69ae09b16892b82dc9f93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=63072000
date
Sun, 02 Jun 2024 06:59:12 GMT
x-content-type-options
nosniff
server
x-frame-options
SAMEORIGIN
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/plain; charset=utf-8
content-length
118
x-xss-protection
1; mode=block
collect
metrics.hbf.com.au/g/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
metrics.hbf.com.au
URL
https://metrics.hbf.com.au/g/collect?v=2&tid=G-MYCH9D7CM5&gtm=45he45t0v878992725z8832402519za200zb832402519&_p=1717311544363&gcd=13l3lPl2l2&npa=0&dma_cps=sypham&dma=1&cid=1255085813.1717311547&ecid=1421296636&ul=de-de&sr=1600x1200&ur=DE-BY&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13l3lPl2l2&sst.tft=1717311544363&sst.ude=0&_s=3&dl=https%3A%2F%2Fwww.hbf.com.au%2F&dr=&dp=%2F&sid=1717311546&sct=1&seg=0&dt=HBF%20%7C%20Health%20Insurance&en=telemetry&ep.landing_page=%2F&ep.gtm_container=GTM-5H9BG3M&ep.gtm_version=186&ep.success_event=Action&ep.page_hostname=www.hbf.com.au&ep.fragment=&ep.pagination=0&epn.last_event_delay=11.69&ep.navigation_type=landing&ep.channel=Direct&epn.viewport_width=1600&epn.viewport_height=1200&epn.session_clicks=0&ep.is_member=NON-MEMBER&ep.event_id=doc-onload.1717311544363.62&ep.lifestage=single&ep.type=Document%20Loaded&ep.label=landing&epn.value=11.688&_et=1005&upn.visitor_scale=1&up.visitor_type=viewer&tfd=16702&richsstsse

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| dataLayer object| $buoop object| dT_ object| dtrum object| dynatrace function| subscribeEvent function| unsubscribeEvent function| startActivityHandler function| placeCheckerRequest function| placeCssAspxRequest function| timeoutSleep function| getMetatagContent function| DeferRes function| DeferScript object| hbf number| readyStateCheckInterval object| SuccessEvents object| $jscomp object| $jscomp$this function| throttle object| sc function| trackEvent function| setRegion function| changeLocation function| addProp function| addProcessProp function| setCompare object| products function| setProducts function| addProduct function| writeProducts object| components function| addComponent function| writeComponents function| addPageProp function| addBlogProp function| sendPageProp function| pageBottom object| SCTracking function| $ function| jQuery object| angular function| Spinner object| Ladda function| dayjs function| dayjs_plugin_customParseFormat function| moment function| svg4everybody object| PointerEventsPolyfill function| anime function| Popper function| tippy function| CountUp function| LazyLoad function| customSelect function| $buo_f function| $bu_getBrowser function| $buo function| docReady object| _buorgres object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| _NT object| VSscale object| _ET number| SEa number| abtiming object| webpackChunktag boolean| ABTastyTagPerforming object| ABTasty function| ABTastyStartTest function| ABTastyReload function| ABTastyPageView object| abtasty function| ABTastyClickTracking function| ABTastyEvent object| _abtasty function| onYouTubeIframeAPIReady object| gaGlobal boolean| hbf_window_loaded string| GoogleAnalyticsObject function| ga function| _FNbeforeunload function| _FNmouseleave function| _FNmousemove function| _FNbelowfold number| _FNidle object| _CL number| onloaded function| requirejs function| require function| define function| tooltipInit function| initTooltips object| hbf_moduleloaded object| lazyLoadInstance boolean| IeVersion object| jQuery191041629737698757396 object| gaplugins object| gaData number| __lo_site_id function| fbq function| _fbq object| _elqQ string| TiktokAnalyticsObject object| ttq function| pintrk boolean| __lo_csr_added object| SIGNAL_TYPE object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| WTW_Watcher object| LO object| _loq

42 Cookies

Domain/Path Name / Value
avanan.url-protection.com/ Name: x-cloud-sec-ctp
Value: cf225f3f-571d-4c26-93bc-1560630d6edf
www.hbf.com.au/ Name: sc_device
Value: Desktop
www.hbf.com.au/ Name: sc_loc
Value: OS
www.hbf.com.au/ Name: sc_locp
Value: OS
www.hbf.com.au/ Name: sc_locx
Value: 1
www.hbf.com.au/ Name: ASP.NET_SessionId
Value: i4xks0hxnwtorzkcnkd0yo4t
www.hbf.com.au/ Name: SC_ANALYTICS_GLOBAL_COOKIE
Value: 3222a01d58114c17ae77fe45f93a46aa|False
www.hbf.com.au/ Name: Bootstrap
Value: 1
www.hbf.com.au/ Name: __RequestVerificationToken
Value: gOnA0cba-LfeNbas70JqoAAdFAQvflexG_GE6KhxKBaxm-nfamldcI4tAEC_ZinjgxZqwrz1K1xrFyZVpd5hNKXM2SuvpnylhDLijXsQKGk1
.hbf.com.au/ Name: dtCookie
Value: v_4_srv_3_sn_50F945B653FF12D8EEE09688176A5E31_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0
www.hbf.com.au/ Name: HBFCOMAU
Value: 1477056940.20480.0000
.hbf.com.au/ Name: rxVisitor
Value: 1717311544466QKTSUBEJ26VDT8238E4KOJNJH5OFTTOK
.hbf.com.au/ Name: dtSa
Value: -
.hbf.com.au/ Name: _gcl_au
Value: 1.1.1275138965.1717311545
.hbf.com.au/ Name: ABTastySession
Value: mrasn=&lp=https%253A%252F%252Fwww.hbf.com.au%252F
.hbf.com.au/ Name: ABTasty
Value: uid=xk1zpyypf6w8y5wr&fst=1717311545788&pst=-1&cst=1717311545788&ns=1&pvt=1&pvis=1&th=
.hbf.com.au/ Name: _ga
Value: GA1.1.1255085813.1717311547
.hbf.com.au/ Name: rxvt
Value: 1717313346645|1717311544466
.hbf.com.au/ Name: dtPC
Value: 3$111544465_528h-vFWDAKORMPRUWCMEKMPNIFFHKOKIJFFCE-0e0
.metrics.hbf.com.au/ Name: FPID
Value: FPID2.4.tK01gYLf5w3sSzf2xLe04Euc2jcQrzT2mj2TgRKshuA%3D.1717311547
.hbf.com.au/ Name: FPAU
Value: 1.1.1275138965.1717311545
www.hbf.com.au/ Name: quote
Value: quoteid=bjAD7N8jyEKC/kTvgjHcMg==&quote=lxbINwMPwndH88S7BynRDrXzSqrYGq3G+uGaOHdjmJuey+wOKOJbD45RwV9YdShsQkvB5pvsaV5deh82O+kMMwMqyLYQjt+5VCEkUXHw+qCcRyoWnQ8OcHGlK+gsJzKvV6rBnbaeYOAYa6iujH7eRTXuea1QbpYsNr/8ibWlIy33WCdq0NpQQRP25/Z+GRoJefnpwSi0tGw5l3uItaBQmQ==
.hbf.com.au/ Name: _ga_MYCH9D7CM5
Value: GS1.1.1717311546.1.0.1717311547.0.0.1421296636
.tiktok.com/ Name: _ttp
Value: 2hJUCh7BjW6SK0nV7JY3Ogbhn9T
.hbf.com.au/ Name: _fbp
Value: fb.2.1717311548014.171924207
.doubleclick.net/ Name: ar_debug
Value: 1
.hbf.com.au/ Name: _tt_enable_cookie
Value: 1
.hbf.com.au/ Name: _ttp
Value: wk5mCSEJdKazG-gs1F7-0MclMWv
.hbf.com.au/ Name: FPLC
Value: UWVl5eBB8n9pN1ZqN4RXL3TVUsZE75ZE2CCaibLz5K6CmWaNIbrptP8JAQPYv44dIc1fwxCr6Tuwqo2lWgBXtMXnNzoCGtHbM%2FOxNFe0fbUVMD8iYjKB%2FEwEK0YGhg%3D%3D
.hbf.com.au/ Name: FPGSID
Value: 1.1717311548.1717311548.G-MYCH9D7CM5.PSLodoI5ZAJXUOuCZgf3iw
.metrics.hbf.com.au/ Name: FPID_UA
Value: FPID1.4.tK01gYLf5w3sSzf2xLe04Euc2jcQrzT2mj2TgRKshuA%3D.1717311547
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUlWkFnJU9p_yktoUnAQweXbulv2Y-vk1xLg-iG7dX8pkH6gfqJscraqS7lYDw8
.pinterest.com/ Name: ar_debug
Value: 1
.hbf.com.au/ Name: _pin_unauth
Value: dWlkPU9ESTFZV1UxT1RNdFpESTVPUzAwWW1VekxXSXdaVGt0TWpVeFltRXdZelptTTJKaw
.hbf.com.au/ Name: _lo_uid
Value: 103294-1717311547991-502c8d08996bd589
.hbf.com.au/ Name: _lorid
Value: 103294-1717311547991-0ad90f8730640147
.hbf.com.au/ Name: _lo_v
Value: 1
.hbf.com.au/ Name: __lotl
Value: https%3A%2F%2Fwww.hbf.com.au%2F
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.twitter.com/ Name: personalization_id
Value: "v1_uCxSI6kuvqhcq74oQzdd3g=="
.t.co/ Name: muc_ads
Value: 6d93ef30-0b1b-4750-94fc-db12f54ba235

61 Console Messages

Source Level URL
Text
security error URL: https://www.hbf.com.au/(Line 87)
Message:
[Report Only] Refused to load the script 'https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M(Line 219)
Message:
[Report Only] Refused to load the script 'https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=90306a748dd956168bb2454e55a0d4e295e802a274e65f1f713bc309984783e3_20240602' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/commons.9b20dd57c6f12e1beb80.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/me.7d4a349527f92fc578d9.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/me.7d4a349527f92fc578d9.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Message:
[Report Only] Refused to connect to 'https://dcinfos-cache.abtasty.com/v1/ua-parser' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Message:
[Report Only] Refused to connect to 'https://dcinfos-cache.abtasty.com/v1/ua-parser' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Message:
[Report Only] Refused to connect to 'https://dcinfos-cache.abtasty.com/v1/geoip?weather=false' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Message:
[Report Only] Refused to connect to 'https://dcinfos-cache.abtasty.com/v1/geoip?weather=false' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Message:
[Report Only] Refused to connect to 'https://dcinfos-cache.abtasty.com/dynalloc/clients/53017/dynamic-allocation?campaignIDs=1141214,1141220,1141222' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3eae7b7afa015b4bca93.js
Message:
[Report Only] Refused to connect to 'https://dcinfos-cache.abtasty.com/dynalloc/clients/53017/dynamic-allocation?campaignIDs=1141214,1141220,1141222' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js
Message:
[Report Only] Refused to connect to 'https://ariane.abtasty.com/' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://try.abtasty.com/shared/analytics.ee0f48fa14101830a401.js
Message:
[Report Only] Refused to connect to 'https://ariane.abtasty.com/' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M(Line 219)
Message:
[Report Only] Refused to load the script 'https://metrics.hbf.com.au/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://metrics.hbf.com.au/analytics.js(Line 23)
Message:
[Report Only] Refused to load the script 'https://metrics.hbf.com.au/plugins/ua/linkid.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.hbf.com.au/
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-MYCH9D7CM5&cid=1255085813.1717311547&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&aip=1&z=513281289' because it violates the following Content Security Policy directive: "img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com".
security error
Message:
[Report Only] Refused to load the script 'https://s.pinimg.com/ct/core.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://s.pinimg.com/ct/core.js
Message:
[Report Only] Refused to load the script 'https://s.pinimg.com/ct/lib/main.2bdc3040.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Message:
[Report Only] Refused to connect to 'https://ct.pinterest.com/user/?tid=2613749352641&cb=1717311547985&dep=2%2CPAGE_LOAD' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Message:
[Report Only] Refused to connect to 'https://ct.pinterest.com/v3/?tid=2613749352641&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.hbf.com.au%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.112%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1717311547986' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Message:
[Report Only] Refused to connect to 'https://ct.pinterest.com/v3/?tid=2613749352641&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.hbf.com.au%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222bdc3040%22%2C%22is_eu%22%3Atrue%2C%22architecture%22%3A%22x86%22%2C%22bitness%22%3A%2264%22%2C%22brands%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22125%22%7D%2C%7B%22brand%22%3A%22Not%3AA-Brand%22%2C%22version%22%3A%228%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22125%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Win32%22%2C%22platformVersion%22%3A%2210.0.0%22%2C%22uaFullVersion%22%3A%22125.0.6422.112%22%2C%22ecm_enabled%22%3Atrue%7D&cb=1717311547986' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.pangle-ads.com/api/v2/pangle_pixel' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWY1ZWZmZjM0MA.js(Line 1)
Message:
[Report Only] Refused to connect to 'https://analytics.pangle-ads.com/api/v2/pangle_pixel' because it violates the following Content Security Policy directive: "connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com".
security error URL: https://www.hbf.com.au/
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-MYCH9D7CM5&cid=1255085813.1717311547&gtm=45h91e45l1v878992725z8832402519z9896432850za200zb832402519&aip=1&z=120919006' because it violates the following Content Security Policy directive: "img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com".
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://s.pinimg.com/ct/lib/main.2bdc3040.js
Message:
[Report Only] Refused to load the script 'https://ct.pinterest.com/static/ct/token_create.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://s.pinimg.com/
Message:
[Report Only] Refused to frame 'https://ct.pinterest.com/' because it violates the following Content Security Policy directive: "frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com".
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://s.pinimg.com/
Message:
[Report Only] Refused to frame 'https://ct.pinterest.com/' because it violates the following Content Security Policy directive: "frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com".
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc(Line 13)
Message:
[Report Only] Refused to create a worker from 'blob:https://www.hbf.com.au/efa98bad-dc05-4f11-ae7d-2732be541d36' because it violates the following Content Security Policy directive: "child-src blob". Note that 'worker-src' was not explicitly set, so 'child-src' is used as a fallback.
security error URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e5a2acc(Line 13)
Message:
[Report Only] Refused to create a worker from 'blob:https://www.hbf.com.au/29538f4f-943d-4b67-8a1f-06ad654c9e41' because it violates the following Content Security Policy directive: "child-src blob". Note that 'worker-src' was not explicitly set, so 'child-src' is used as a fallback.
security error URL: about:blank
Message:
[Report Only] Refused to create a worker from 'blob:https://www.hbf.com.au/efa98bad-dc05-4f11-ae7d-2732be541d36' because it violates the following Content Security Policy directive: "child-src blob". Note that 'worker-src' was not explicitly set, so 'child-src' is used as a fallback.
security error URL: about:blank
Message:
[Report Only] Refused to create a worker from 'blob:https://www.hbf.com.au/29538f4f-943d-4b67-8a1f-06ad654c9e41' because it violates the following Content Security Policy directive: "child-src blob". Note that 'worker-src' was not explicitly set, so 'child-src' is used as a fallback.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.hbf.com.au/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5879482.fls.doubleclick.net
ad.doubleclick.net
analytics.pangle-ads.com
analytics.tiktok.com
ariane.abtasty.com
avanan.url-protection.com
connect.facebook.net
ct.pinterest.com
d10lpsik1i8c69.cloudfront.net
dcinfos-cache.abtasty.com
hbftest.report-uri.com
metrics.hbf.com.au
region1.analytics.google.com
rum-collector-2.pingdom.net
rum-static.pingdom.net
s.pinimg.com
salesapi.hbf.com.au
settings.luckyorange.net
stats.g.doubleclick.net
try.abtasty.com
www.facebook.com
www.google.de
www.googletagmanager.com
www.hbf.com.au
metrics.hbf.com.au
104.120.210.155
104.17.215.66
108.138.34.185
142.250.184.198
142.250.186.35
157.240.252.13
172.217.16.198
172.67.75.100
18.173.154.84
2.19.216.231
2001:4860:4802:32::36
2001:4860:4802:36::15
203.161.78.45
2600:9000:225b:6600:17:66f1:98c0:93a1
2606:4700:10::6816:3668
2a00:1450:4001:82f::2008
2a00:1450:400c:c0d::9b
2a02:26f0:e300:2ac::1931
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
34.36.178.232
52.31.83.81
92.122.104.191
95.100.146.16
0089750f04b296c2d01931805f8ccfaa9073984ce1b222df3fa50e5d5581cb7d
05450996c0f5ad07b4deb29dc6f326e149035ab28726b7e468555d14db7775e0
0882be2bb685d64ae46b56574b330fb1afe5dfef39f940d12ca776475248eaa8
0b58e2d94d3985eddf305dc8f5f48b47dadfcf0838c53b15bd076da3341a7b90
0e093be9970752832cac7b6796df5696545595cfc653861683c7ee6d97c4b782
1241114ef793919ce5616c035f031dc79262697abe666df83a73e3ecd343f26b
126b381f32f601d12e517bff52589bd007f815ec05a422e22c118f6497a2abfc
13ebfb6715df8697c788b07202b0aeedda684552df5b35f79ce64a2142d21801
1bb3b2adba05c59e15c553af84271985c1c40fe71a7ae36de7fd1d455718983c
1f69f6e6240becaf47a6a1c7b5c8e48ff55d1a7e5fa047a8efcb1d9b9f07f8c4
208f60d350ad338397cf51522aff076f426bb9771f6942f2c56a1c3922d9e950
22adfe14c7c2fd4bef80affabeab68931048c70e03d66108eb8538110ee651f6
234e5b495b6340239b025103bdde1ebdcf13d1c1cbdc3e69acd062ead6f33ab2
23b900ba3978824ea16bbbb2e217af8d59c04d1420dac46198bf8fa431a4e27e
2515d4f725d6da1425fbb977cd35af5940cb461e9a2aec48837b549056987cbf
30598315ac0dd53fb32fde7de99c9d0204767b5d6da91231a3514c618c167364
32d720cede6dadc60f848ff6670b767292e508c5ec392ef64ffd4fd46982e565
369e4dd7c0850bac058046a42ab512cf9442f1b9c8f5c7590d81885a43462a57
36c892ed0f3984edc6b7f72cc13ef87e6ced849e60b434ca9b7f62b5487f87b0
3826cab7a1d8668a2f60bf342e4a2466d70f0aa24e72b52b2f6f02531c67cc32
401f533697cfb484598d2da76b5f4708bbca985a1fab42dbcfaa0741374d3245
4432776d811fd53dbefc1c3aa183914349fd7c6d57a605c32fa40eedc7e09fc6
485c538e127375752f83e43598e1852a0b21ce8fd094af85511ff4b0f254e6d3
4dcab93a5283f441441ee1e00001c09b30c55c06a8580f4d748a328eb9bf8c9c
4ff3be239fef2bc7c401b8c5036b1d9b1972d50ee16ddc7171514089d916be7d
5622fc3ad3311a018d775241213d8e1a62974695d4ab41378bafe5d7c3d4ff1c
581500404b6058ff037c4b6bfc3ec099e1e9c7d1360e727de15c91b347287150
58ba3bc419c0e7d34a47be36fed38e9dff15a9de8fc74dadcebf2a591bf798f1
5b1a60629fc49ee8a7f2b88294978b1e401df68994cdea28e18b95754dc9640b
5d1b3d626ef2fe0a08f49f3eee2c5a769c36da469e7f8e7e557658effa3dc81a
618ad76495dd6d322f6e225fd6bee12db7ad4479d7e0aaf39cd76e0a368342ac
6881e1223dc0000354f30f227e62eb73487b4a16d29c2e0a5f74324b558c092b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6cb037948167b19b7b593a8b268023cf3f9db51ae5f5f20c2f4d33a51acdbd8c
6cb6821219dae9fa9a21519d86d7ec7acaf0c4dd61463eb336eb92964feebef3
6ea59b3f5b364cdbb07a492b7630ce170f73650f62dadd57d31322493f2ca3a1
70438ae94d7960bbfe1e267bd6ffe584a5e17e956109d0cefcd4e7daf0340e1c
70b40c64b39d87bfd191e7cb9fca20a1835ff4a1ec3be09790b7fb9e1801cf45
73cfec825cb8c3d30231bbf218655b3441a852d9dd32a83425b7d4672af4f7e3
7c3ffee5bcd22c88b35273b0e47553373564c519031afac4fdd45cea71107e4f
7e4cc6e5e28d810f888a5b05d3568e3fd01b26d274a62ccf2511666c2960ba1d
7e908c6f63e11a32f61976b089e3e4e6304de32685441b68b5c8197ca2310cc5
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853137e3d83353ad2be2e89e78a4a27c6a5bfa5fe1e60537b3d65062e80321fb
89db3f3949ba4ec785219328860c854e38e3faf277306c95c5d0fefa78362dbb
8b28c42a3443537830df909a3859ab36f0b28726c00cb2ba71aec98912782848
8b5b0a6b57b3b2bf67798593aba7a9f8ea40a0b483a2cafb7dee72c2591587ab
8c34bc7bc1985e63394c3c2afff88cdcfc06e501320432dd23eaff83ea6754eb
9254495d9962308570b0aba60dfbc92468f34a008aa8e94471ceb411426efabc
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9746bbc8be1eacd912bb90f2226b3f9141b15938f7b0281825c74999c0040c9b
9a05d7d8bfe5f332fea7f2d1a20a53e5d30389a16593319d89b5d32ec4550a7d
9c7b32385faeee740f114d5f5580f6898a01abab5ccaf83901af50ab208a4ccd
a228965d3fd6a1e0f1f42ce59971b315b7e3c576bee69ae09b16892b82dc9f93
a6e27fe15652c85670ef658cce60660d8416b03b4efc18188a946d3280675189
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af24c84d3d7d0364653f2e033c77fe21209f6ef87b226d141280a8d5036dc5be
b195c8cf47d1d59fe5357a0c8d868b990937d12934032cde06edf2152023ad7e
b42c881f820f3d83a434c539118ebd9db65096c7a5d3e128f6311eaca102b983
b54e83d56bb477ff6cdc22886b3c302d547e80fd4ad712dcfd1e0f1483d74ca0
b63ca73b9c599d01a4a16dd9ada16bcb3d88378bfb708755b7f9d697736c64dc
b76697753f96b4a1de169953e5df1c127d1a336c9b87c813b1f3abdbb168db8f
b8d3777dec24e796bd307508d6c62075645c62430dda1a5d4b4250582b79e8c4
bd72b31f37207cec5da3dcbdb28021bb7913c4c53ab863e88c2b5ce35ea074d9
c0e1b82c4eae6c29292f6dc53ff355c918c83de935c78218579879ac8f9412a9
c15e7acec06dad4e309dcfd680c4f7be9d14133f7cf01a387af05090326c221f
c351198f79ac1ca61eaafd77ea0c2d0002e3e6c3084151bab821453b1bf40eb3
c366a8d99c394ba19f44fb439273e2b92fea3e344987b76f5c6c05fbe6863d68
c517be8f970a887f083d2766a5da6b37da8330e67c0556e5552bfb4789ca2974
cb384ff6054dbc7b77f2099cb71f9e0b8789bcdccbf1bb3a09b064dee5e6347c
cd56592299c1c670fb97ef28bcb50048508c01879ecb23b71364aecc0483e202
d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03
da0c1bc51d4ebfa2570f3e7546d9d3ccfb3f9d3c1199b1ca49869510aa79392a
dafe830772c603fe9336f3507fda5851388a25234be038066df4f92fd40bb02f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e865cf013eaa0223f508139bd864e5a3f2b88fc1857c0bc714cc48389a3ea82f
e93d75881fd63bc79866f450f041b6e95b3016ea9f97368ada3c64fc73ecfa05
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
e9f2192089bbaaf2bb5f4b251d4710ea3e5647b61f5ba83ff9097ba004f73217
eae90f1241d79313d015130627a7e4bfe5a7b50b03e9e3bd8ef4d1f2dd116747
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e2f9746163a355386bdc879d1bbe3eff37829e0bca044a59d38ed8efd1a60f
f3a3a9a22cc2feeee816992d5b31a6757308c9badd626fca1b2dc7be8d2b864f
f6018b5b7d38652315fd3ad386e2a412f3027d2597200804135d58eb78038f34
fb5a1fff57218742c5c1e469970504556a10d235b2379872b4ffcef9901d3bc0
fdf2e207fd7454d1b690d1a6cefe214c7056979df0d6a11be6ff72b60f7208cd