urlscan.io logo urlscan.io
SecurityTrails logo

metrobank.pr-2958.eligiblestaging.co.uk Open in urlscan Pro
63.32.161.232  Public Scan

Go To Rescan Add Verdict Report
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/
Submission: On November 16 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 63.32.161.232, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is metrobank.pr-2958.eligiblestaging.co.uk.
TLS certificate: Issued by R3 on November 16th 2023. Valid for: 3 months.
This is the only time metrobank.pr-2958.eligiblestaging.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 63.32.161.232 16509 (AMAZON-02)
6 52.212.52.84 16509 (AMAZON-02)
2 52.95.148.199 16509 (AMAZON-02)
18 3
Domain Requested by
10 metrobank.pr-2958.eligiblestaging.co.uk metrobank.pr-2958.eligiblestaging.co.uk
6 api.eligiblestaging.co.uk metrobank.pr-2958.eligiblestaging.co.uk
2 eligible-staging.s3.amazonaws.com
18 3

This site contains links to these domains. Also see Links.

Domain
ico.org.uk
www.metrobankonline.co.uk
Subject Issuer Validity Valid
metrobank.pr-2958.eligiblestaging.co.uk
R3		 2023-11-16 -
2024-02-14		 3 months crt.sh
api.eligiblestaging.co.uk
R3		 2023-11-11 -
2024-02-09		 3 months crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-10-10 -
2024-07-03		 9 months crt.sh

This page contains 1 frames:

Primary Page: https://metrobank.pr-2958.eligiblestaging.co.uk/
Frame ID: A1F102C1F5D58E93F37BE768F9DF6A31
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Metro Bank

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

879 kB
Transfer

2508 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
metrobank.pr-2958.eligiblestaging.co.uk/ 		9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b0d4443ae38cd56d9634ae12bdef44c07a0bc3de0f19805aaa20a13071d0cc3d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Content-Type
text/html; charset=UTF-8
Date
Thu, 16 Nov 2023 10:23:06 GMT
Etag
W/"6555e983-240b"
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Referrer-Policy
same-origin
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130186&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=K8ogggFDdFji6fXrAl6rJ2o3ESgABGt7hlKcN70Mka8%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130186&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=K8ogggFDdFji6fXrAl6rJ2o3ESgABGt7hlKcN70Mka8%3D
Server
nginx
Strict-Transport-Security
max-age=63072000
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Xss-Protection
1; mode=block
main.c83842cc.js
metrobank.pr-2958.eligiblestaging.co.uk/static/js/ 		1 MB
440 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
26dd424dc8a93824326a7ff58b2b4d72289e7fe0ce94d92e37693058b9d112e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:06 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130186&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=K8ogggFDdFji6fXrAl6rJ2o3ESgABGt7hlKcN70Mka8%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:06:54 GMT
Server
nginx
Etag
W/"6555e9be-1761ed"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130186&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=K8ogggFDdFji6fXrAl6rJ2o3ESgABGt7hlKcN70Mka8%3D"}]}
Content-Type
application/x-javascript
X-Frame-Options
DENY
main.cabb7c7f.css
metrobank.pr-2958.eligiblestaging.co.uk/static/css/ 		117 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/css/main.cabb7c7f.css
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cbb9c7cac824ce06ac119d3480a4fb0e884c636e8f63e3def8757e5d24a60fdc
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:06 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130186&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=K8ogggFDdFji6fXrAl6rJ2o3ESgABGt7hlKcN70Mka8%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
W/"6555e983-1d3ad"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130186&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=K8ogggFDdFji6fXrAl6rJ2o3ESgABGt7hlKcN70Mka8%3D"}]}
Content-Type
text/css
X-Frame-Options
DENY
/
api.eligiblestaging.co.uk/api-v1/me/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.eligiblestaging.co.uk/api-v1/me/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.212.52.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-52-84.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-frontend-version
Access-Control-Request-Method
GET
Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Headers
accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, x-frontend-version
Access-Control-Allow-Methods
DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Access-Control-Max-Age
86400
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Nov 2023 10:23:07 GMT
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130187&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=SDhz9E1%2FDjs9RAf5WnW%2BC4T2KAuH2hWmuvvaK59froM%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130187&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=SDhz9E1%2FDjs9RAf5WnW%2BC4T2KAuH2hWmuvvaK59froM%3D
Server
gunicorn
Vary
Origin
Via
1.1 vegur
/
api.eligiblestaging.co.uk/api-v1/me/ 		9 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.eligiblestaging.co.uk/api-v1/me/
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.212.52.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-52-84.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
49f673213cad5907ef0b186c75573c96ab66647557130bbe50a868662a24d851
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
x-frontend-version
e1e1dcec8043704ace4d6bca8b3920811818289f
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:07 GMT
Strict-Transport-Security
max-age=60
X-Content-Type-Options
nosniff
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via
1.1 vegur
Content-Security-Policy-Report-Only
object-src 'none'; default-src 'none'; base-uri 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://eligible-production.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-staging.s3.amazonaws.com; script-src 'self'; manifest-src 'self'; frame-ancestors 'none'; report-uri /csp-reports/
Connection
keep-alive
Content-Length
9072
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130187&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=SDhz9E1%2FDjs9RAf5WnW%2BC4T2KAuH2hWmuvvaK59froM%3D
Referrer-Policy
same-origin
Server
gunicorn
Cross-Origin-Opener-Policy
same-origin
Allow
GET, HEAD, OPTIONS
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130187&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=SDhz9E1%2FDjs9RAf5WnW%2BC4T2KAuH2hWmuvvaK59froM%3D"}]}
Content-Type
application/json
X-Frame-Options
DENY
Access-Control-Allow-Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Cache-Control
no-store
Vary
Cookie, Origin
/
api.eligiblestaging.co.uk/api-v1/content/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.eligiblestaging.co.uk/api-v1/content/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.212.52.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-52-84.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-frontend-version
Access-Control-Request-Method
GET
Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Headers
accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, x-frontend-version
Access-Control-Allow-Methods
DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Access-Control-Max-Age
86400
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Nov 2023 10:23:08 GMT
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D
Server
gunicorn
Vary
Origin
Via
1.1 vegur
/
api.eligiblestaging.co.uk/api-v1/content/ 		25 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.eligiblestaging.co.uk/api-v1/content/
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.212.52.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-52-84.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
29924267c024604d51840c7ac39985ec319a732e1595b12670a87847f7d5d608
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
x-frontend-version
e1e1dcec8043704ace4d6bca8b3920811818289f
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=60
X-Content-Type-Options
nosniff
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via
1.1 vegur
Content-Security-Policy-Report-Only
object-src 'none'; default-src 'none'; base-uri 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://eligible-production.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-staging.s3.amazonaws.com; script-src 'self'; manifest-src 'self'; frame-ancestors 'none'; report-uri /csp-reports/
Connection
keep-alive
Content-Length
25178
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D
Referrer-Policy
same-origin
Server
gunicorn
Cross-Origin-Opener-Policy
same-origin
Allow
GET, HEAD, OPTIONS
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D"}]}
Content-Type
application/json
X-Frame-Options
DENY
Access-Control-Allow-Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Cache-Control
no-store
Vary
Cookie, Origin
309.e5cc7eff.chunk.js
metrobank.pr-2958.eligiblestaging.co.uk/static/js/ 		342 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/309.e5cc7eff.chunk.js
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
38423c5bd6273acd2d6c0255f44aa64fea5eed05874668634bf7db3095f60bc6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
W/"6555e983-558f4"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
application/x-javascript
X-Frame-Options
DENY
470.52631318.chunk.js
metrobank.pr-2958.eligiblestaging.co.uk/static/js/ 		28 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/470.52631318.chunk.js
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1512a397054a57a6474766045b35412dac7082b52eda00932828c6a1c614cd4d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
W/"6555e983-6fa9"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
application/x-javascript
X-Frame-Options
DENY
180.4c9e4065.chunk.js
metrobank.pr-2958.eligiblestaging.co.uk/static/js/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/180.4c9e4065.chunk.js
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9352106d40a5ffe8fdec0334b88ec6a37d2880304222c79f28520bf404406377
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
W/"6555e983-5703"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
application/x-javascript
X-Frame-Options
DENY
577.0d792e4a.chunk.css
metrobank.pr-2958.eligiblestaging.co.uk/static/css/ 		57 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/css/577.0d792e4a.chunk.css
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d6c42ab815ed6ec50cec4f58cbd5454892aa537351f84b026f3689456c9a44fa
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
W/"6555e983-e2cc"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
text/css
X-Frame-Options
DENY
577.41b169dc.chunk.js
metrobank.pr-2958.eligiblestaging.co.uk/static/js/ 		204 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/577.41b169dc.chunk.js
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
76167d9e35f9dfb88cf4850b678ef9867c4d2e9bb8a20345724b92d8e1850496
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Content-Encoding
gzip
Transfer-Encoding
chunked
Via
1.1 vegur
Connection
keep-alive
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
W/"6555e983-33160"
Vary
Accept-Encoding
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
application/x-javascript
X-Frame-Options
DENY
mulish-latin-wght-normal.534216428c5bbca363fa.woff2
metrobank.pr-2958.eligiblestaging.co.uk/static/media/ 		27 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/media/mulish-latin-wght-normal.534216428c5bbca363fa.woff2
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/css/main.cabb7c7f.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8da72dacca3725d500bc789e5f506c76367804eecc46c4249ce0ff822d7a147e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/static/css/main.cabb7c7f.css
Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via
1.1 vegur
Connection
keep-alive
Content-Length
27428
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
"6555e983-6b24"
X-Frame-Options
DENY
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
application/octet-stream
Accept-Ranges
bytes
5b4a5063-73ef-462b-93c0-f2f29c57e35e.png.240x240_q85_autocrop.png
eligible-staging.s3.amazonaws.com/firms/2f0620dc-3923-4ff5-80b4-7dc90a27c831/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eligible-staging.s3.amazonaws.com/firms/2f0620dc-3923-4ff5-80b4-7dc90a27c831/5b4a5063-73ef-462b-93c0-f2f29c57e35e.png.240x240_q85_autocrop.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.148.199 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-w.eu-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
4e440af83151b39151f8d7cf1083a62987029ea871a01e55bcc048a225b65044

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:09 GMT
Last-Modified
Thu, 13 Apr 2023 13:54:38 GMT
Server
AmazonS3
x-amz-request-id
0WWQGAZW1866VNPG
ETag
"b968423db4c4063d0e3fd7f188214c70"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
15518
x-amz-id-2
1ujt+YlZIgS1+mdUWjfDVBmSVKwqedgMeXy+fxDUvGPWN3W+Mk6tRqBVky1UYZKUNQaxk0u29q0=
6_noId.jpg
eligible-staging.s3.amazonaws.com/contentblock/d09283e9-d93c-4f44-b9a4-e4546f3cd2e9/image/ 		129 KB
130 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eligible-staging.s3.amazonaws.com/contentblock/d09283e9-d93c-4f44-b9a4-e4546f3cd2e9/image/6_noId.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.148.199 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-w.eu-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
d47e92e7cc01b5e70629ee90d210cd90e68235daf112625b9b7225f2ba6f434d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:09 GMT
Last-Modified
Thu, 02 Nov 2023 10:14:41 GMT
Server
AmazonS3
x-amz-request-id
0WWJTSVRYV1ENAV7
ETag
"b339cd70aec48e2a1c9f7706c2a83176"
x-amz-server-side-encryption
AES256
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
132243
x-amz-id-2
K/VLoywpRwGW/Pkt9KWpAhY5MXYxNjfB93v2e+2V27kPklNieg9Uxw46xYCzHPEZnJCgaArgPsA=
mulish-latin-wght-italic.ffcffbb02133b5916da0.woff2
metrobank.pr-2958.eligiblestaging.co.uk/static/media/ 		28 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://metrobank.pr-2958.eligiblestaging.co.uk/static/media/mulish-latin-wght-italic.ffcffbb02133b5916da0.woff2
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/css/main.cabb7c7f.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7d081b1ed15a0074cf2cc7e574123fc85736ef6648ba45c5e6f5a446c9dcc849
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://metrobank.pr-2958.eligiblestaging.co.uk/static/css/main.cabb7c7f.css
Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Thu, 16 Nov 2023 10:23:08 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via
1.1 vegur
Connection
keep-alive
Content-Length
29156
X-Xss-Protection
1; mode=block
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D
Referrer-Policy
same-origin
Last-Modified
Thu, 16 Nov 2023 10:05:55 GMT
Server
nginx
Etag
"6555e983-71e4"
X-Frame-Options
DENY
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=EoCIyE5K4YJEnUUP1YnCzRVBsUglOtV8BObBqa9%2BudU%3D"}]}
Content-Type
application/octet-stream
Accept-Ranges
bytes
/
api.eligiblestaging.co.uk/api-v1/pageview/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.eligiblestaging.co.uk/api-v1/pageview/
Requested by
Host: metrobank.pr-2958.eligiblestaging.co.uk
URL: https://metrobank.pr-2958.eligiblestaging.co.uk/static/js/main.c83842cc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.212.52.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-52-84.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
x-frontend-version
e1e1dcec8043704ace4d6bca8b3920811818289f
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

Date
Thu, 16 Nov 2023 10:23:09 GMT
Strict-Transport-Security
max-age=60
X-Content-Type-Options
nosniff
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Via
1.1 vegur
Content-Security-Policy-Report-Only
object-src 'none'; default-src 'none'; base-uri 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://eligible-production.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-staging.s3.amazonaws.com; script-src 'self'; manifest-src 'self'; frame-ancestors 'none'; report-uri /csp-reports/
Connection
keep-alive
Content-Length
0
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D
Referrer-Policy
same-origin
Server
gunicorn
Cross-Origin-Opener-Policy
same-origin
Allow
POST, OPTIONS
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D"}]}
X-Frame-Options
DENY
Access-Control-Allow-Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Cache-Control
no-store
Vary
Cookie, Origin
/
api.eligiblestaging.co.uk/api-v1/pageview/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.eligiblestaging.co.uk/api-v1/pageview/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.212.52.84 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-52-84.eu-west-1.compute.amazonaws.com
Software
gunicorn /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-frontend-version
Access-Control-Request-Method
POST
Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Headers
accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, x-frontend-version
Access-Control-Allow-Methods
DELETE, GET, OPTIONS, PATCH, POST, PUT
Access-Control-Allow-Origin
https://metrobank.pr-2958.eligiblestaging.co.uk
Access-Control-Max-Age
86400
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Nov 2023 10:23:08 GMT
Nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Report-To
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D"}]}
Reporting-Endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1700130188&sid=c4c9725f-1ab0-44d8-820f-430df2718e11&s=jGl1MXDEzb4iQSHLvXlyP9iEjDKa7qgdMXuxLtTEUc4%3D
Server
gunicorn
Vary
Origin
Via
1.1 vegur

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| Retain function| Beacon object| webpackChunkretain_frontend function| clearImmediate function| setImmediate object| regeneratorRuntime object| __SENTRY__ object| __localeData__

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://player.vimeo.com 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://beacon-v2.helpscout.net https://widget.intercom.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; img-src 'self' https://eligible-staging.s3.amazonaws.com https://eligible-production.s3.eu-west-2.amazonaws.com https://eligible-production.s3.amazonaws.com https://eligible.ai https://*.eligiblestaging.co.uk https://media.giphy.com https://d33v4339jhl8k0.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com blob: data:; connect-src 'self' https://*.cloudfront.net https://*.helpscout.net https://api.eligible.ai https://*.eligiblestaging.co.uk https://sentry.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; object-src 'none'; manifest-src 'self' blob: ;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block