maps.test-and-trace.nhs.uk Open in urlscan Pro
2600:9000:211e:8600:f:7d9:73c0:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://maps.test-and-trace.nhs.uk/
Submission: On May 20 via manual (May 20th 2022, 1:05:50 pm UTC) from GB — Scanned from GB

Summary HTTP 10 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2600:9000:211e:8600:f:7d9:73c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is maps.test-and-trace.nhs.uk.
TLS certificate: Issued by Amazon on October 27th 2021. Valid for: a year.

This is the only time maps.test-and-trace.nhs.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	2600:9000:211... 2600:9000:211e:8600:f:7d9:73c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	96.16.146.114 96.16.146.114	16625 (AKAMAI-AS) (AKAMAI-AS)
10	3

7 2600:9000:211e:8600:f:7d9:73c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

maps.test-and-trace.nhs.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 96.16.146.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-146-114.deploy.static.akamaitechnologies.com

assets.nhs.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	test-and-trace.nhs.uk maps.test-and-trace.nhs.uk	196 KB
2	assets.nhs.uk assets.nhs.uk — Cisco Umbrella Rank: 53728	35 KB
0	www.nhs.uk Failed www.nhs.uk Failed
10	3

	Domain	Requested by
7	maps.test-and-trace.nhs.uk	maps.test-and-trace.nhs.uk
2	assets.nhs.uk	maps.test-and-trace.nhs.uk
0	www.nhs.uk Failed	maps.test-and-trace.nhs.uk
10	3

This site contains links to these domains. Also see Links.

Domain
www.nhs.uk

Subject Issuer	Validity	Valid
maps.test-and-trace.nhs.uk Amazon	`2021-10-27` - `2022-11-24`	a year	crt.sh
www.nhs.uk DigiCert SHA2 Secure Server CA	`2021-07-16` - `2022-08-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://maps.test-and-trace.nhs.uk/
Frame ID: ED2CC49535DFD05F616347531F0A7E36
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Find where to get rapid lateral flow tests - NHS

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

90 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

231 kB
Transfer

674 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nhs.uk/our-policies/cookies-policy/
Title: read more about our cookies

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/conditions/coronavirus-covid-19/testing/regular-rapid-coronavirus-tests-if-you-do-not-have-symptoms/
Title: More about rapid tests and other ways to get tests

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/contact-us/
Title: Contact us

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/our-policies/
Title: Our policies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
maps.test-and-trace.nhs.uk/ 1 KB
3 KB 282ms
117ms Document
text/html 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9ee9cecadefb499ffdfa88c1c6368684b95a434de4271c8864fa9a54875e7094

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 40062
cache-control: public, max-age=86400
content-encoding: gzip
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
content-type: text/html
date: Fri, 20 May 2022 01:58:04 GMT
last-modified: Thu, 05 May 2022 10:23:03 GMT
referrer-policy: same-origin
server
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
x-amz-cf-id: SJoEVUEuQ0LJ4roYXAZHcZcchea5aPyJiWA231G_Kc42241NIez_6Q==
x-amz-cf-pop: FRA56-C2
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-powered-by
x-xss-protection: 1; mode=block

GET
H2 200 FrutigerLTW01-55Roman.woff2
assets.nhs.uk/fonts/ 17 KB
17 KB 256ms
57ms Font
application/octet-stream 96.16.146.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.nhs.uk/fonts/FrutigerLTW01-55Roman.woff2

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.146.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-146-114.deploy.static.akamaitechnologies.com

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer
Origin: https://maps.test-and-trace.nhs.uk
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 20 May 2022 13:05:45 GMT
content-md5: lRIDEWIJgHewKikdW/afDg==
content-length: 17284
x-ms-lease-status: unlocked
last-modified: Tue, 09 Apr 2019 10:17:13 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D6BCD488B0257A
strict-transport-security: max-age=300
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 3c6ee1df-501e-0063-0247-ceee60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=2628288
x-ms-version: 2009-09-19
expires: Sun, 19 Jun 2022 23:10:33 GMT

GET
H2 200 FrutigerLTW01-65Bold.woff2
assets.nhs.uk/fonts/ 17 KB
17 KB 305ms
106ms Font
application/octet-stream 96.16.146.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.nhs.uk/fonts/FrutigerLTW01-65Bold.woff2

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.146.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-146-114.deploy.static.akamaitechnologies.com

Software

Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer
Origin: https://maps.test-and-trace.nhs.uk
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 20 May 2022 13:05:45 GMT
content-md5: OPdl6/MQFVFaVJuAqOKjeg==
content-length: 17216
x-ms-lease-status: unlocked
last-modified: Tue, 09 Apr 2019 10:17:14 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D6BCD48962A5B8
strict-transport-security: max-age=300
content-type: application/octet-stream
access-control-allow-origin: *
x-ms-request-id: 80dbecb9-701e-005d-4547-ce5841000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=2628288
x-ms-version: 2009-09-19
expires: Sun, 19 Jun 2022 23:10:33 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
maps.test-and-trace.nhs.uk/assets/generated/src/public/js/ 88 KB
32 KB 108ms
107ms Script
application/x-javascript 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/assets/generated/src/public/js/jquery-3.6.0.min.js

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

0169f582dca8f236e5582adcc00fc6edf444e3cdde2864ea1c755318cdcbaafd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://maps.test-and-trace.nhs.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 06:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23550
x-powered-by
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 05 May 2022 10:23:20 GMT
server
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/x-javascript
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: j0njLNg-dtoKTz6xTSfJAi-lSU6_EVGMH9Mr8MLuCLFKO1fdDO-0PA==

GET
H2 200 cookie-consent1.js Show response
maps.test-and-trace.nhs.uk/assets/generated/src/public/js/ 106 KB
36 KB 157ms
157ms Script
application/x-javascript 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/assets/generated/src/public/js/cookie-consent1.js

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9c047f59c3b88ee104fa3b2644ce20312dde9422bcc5dc055da1335d20ea0e90

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://maps.test-and-trace.nhs.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 16:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74143
x-powered-by
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 05 May 2022 10:23:23 GMT
server
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/x-javascript
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: 2zNew2BnKm6fo3oDzDtzxV8_Gl73DbeSvzH5dqa1MXrwvGLVdHbD_g==

GET
H2 200 runtime.3b12db9a4f809144204d.bundle.js Show response
maps.test-and-trace.nhs.uk/ 3 KB
4 KB 118ms
117ms Script
application/x-javascript 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/runtime.3b12db9a4f809144204d.bundle.js

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

da62e6148f8ab143904814c515026de2900c8ac30a8997b7fd1dc79994d15f8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://maps.test-and-trace.nhs.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 16:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74143
x-powered-by
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 05 May 2022 10:23:27 GMT
server
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/x-javascript
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: rPcWboZZ0eWYYOUG45ryjS8loJ9C_bZyFrqWvmdUQufiR3U_TZwDoQ==

GET
H2 200 vendors.8b0d0bd81bd8aaf9f8d2.bundle.js Show response
maps.test-and-trace.nhs.uk/ 325 KB
101 KB 79ms
79ms Script
application/x-javascript 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/vendors.8b0d0bd81bd8aaf9f8d2.bundle.js

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

99a73477027856c935a18bd9eddfe5c2ed3307e588f9a42a05399ea8e3b4ef04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://maps.test-and-trace.nhs.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 16:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74143
x-powered-by
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 05 May 2022 10:23:10 GMT
server
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/x-javascript
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: IkjT8_g3K433VkcjxcnBjj36T-YTDWd9SJaiHI841fv2xl7U6Rk7fQ==

GET
H2 200 main.2470c3b56a5bbd7c5387.bundle.js Show response
maps.test-and-trace.nhs.uk/ 6 KB
4 KB 120ms
119ms Script
application/x-javascript 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/main.2470c3b56a5bbd7c5387.bundle.js

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9af79f1733d4b99b485b7cc0fdf0b97f4066d9f49770f1a59d3ea94f26887638

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://maps.test-and-trace.nhs.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 19 May 2022 16:30:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74143
x-powered-by
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 05 May 2022 10:23:05 GMT
server
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: application/x-javascript
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: MfvtKKwhaiVlFP3UTMA3E9NBsQfK5LHpbe-vFJPFP7BslRoql0CfvQ==

GET
H2 200 main.a844fd594e202a4b3500.css
maps.test-and-trace.nhs.uk/ 110 KB
17 KB 171ms
171ms Stylesheet
text/css 2600:9000:211e:8600:f:7d9:73c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.test-and-trace.nhs.uk/main.a844fd594e202a4b3500.css

Requested by

Host: maps.test-and-trace.nhs.uk
URL: https://maps.test-and-trace.nhs.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:211e:8600:f:7d9:73c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

257fad1aff853d9943e77d5ebb111b836163148422febf98e23b5810925c0ca1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://maps.test-and-trace.nhs.uk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 06:33:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23550
x-powered-by
x-cache: Hit from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
referrer-policy: same-origin
last-modified: Thu, 05 May 2022 10:23:03 GMT
server
x-frame-options: DENY
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: text/css
via: 1.1 753f415578c1ca010e51a83aef192330.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://*.googleapis.com https://*.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm*-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: cio__a5fcFNb2ipjCA8j5VQ51V_QgVORj4kYhCkhg60UkaPvAk9HMg==

GET /
www.nhs.uk/our-policies/cookies-policy/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.nhs.uk
URL: https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			maps.test-and-trace.nhs.uk/	1969-12-31 23:59:59	Name: nhsuk-cookie-consent Value: %7B%22necessary%22%3Atrue%2C%22preferences%22%3Afalse%2C%22statistics%22%3Afalse%2C%22marketing%22%3Afalse%2C%22consented%22%3Afalse%2C%22version%22%3A3%7D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://maps.test-and-trace.nhs.uk/ Message: Access to XMLHttpRequest at 'https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen' from origin 'https://maps.test-and-trace.nhs.uk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nhs.uk/our-policies/cookies-policy/?policy-action=seen Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ 'unsafe-inline' https://.googleapis.com https://.ggpht.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://maps.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://unpkg.com/@googlemaps/markerclustererplus/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://storage.googleapis.com/ https://ajax.googleapis.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/ https://assets.nhs.uk https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://assets.nhs.uk https://fonts.gstatic.com https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ ; connect-src 'self' https://api.maps.test-and-trace.nhs.uk/ https://maps-test-and-trace-prod.auth.eu-west-2.amazoncognito.com/ https://cognito-idp.eu-west-2.amazonaws.com/ https://nhsdigital.d3.sc.omtrdc.net/ https://www.nhs.uk/ https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://kit.fontawesome.com/ https://ka-f.fontawesome.com/; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/ https://s3-eu-west-2.amazonaws.com/ttm-242278518570-eu-west-2-prod-origin/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.nhs.uk
maps.test-and-trace.nhs.uk
www.nhs.uk
www.nhs.uk
2600:9000:211e:8600:f:7d9:73c0:93a1
96.16.146.114
0169f582dca8f236e5582adcc00fc6edf444e3cdde2864ea1c755318cdcbaafd
257fad1aff853d9943e77d5ebb111b836163148422febf98e23b5810925c0ca1
886f640d4cb31c0114351f25e5eeba98b79e7ae405fcc2ca50aac6ed79ff8995
99a73477027856c935a18bd9eddfe5c2ed3307e588f9a42a05399ea8e3b4ef04
9af79f1733d4b99b485b7cc0fdf0b97f4066d9f49770f1a59d3ea94f26887638
9c047f59c3b88ee104fa3b2644ce20312dde9422bcc5dc055da1335d20ea0e90
9ee9cecadefb499ffdfa88c1c6368684b95a434de4271c8864fa9a54875e7094
d7a61b8131c25f4f7949162fcf342c8ba52b0257756aaacf23aa948f0403c842
da62e6148f8ab143904814c515026de2900c8ac30a8997b7fd1dc79994d15f8a

maps.test-and-trace.nhs.uk Open in urlscan Pro 2600:9000:211e:8600:f:7d9:73c0:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

231 kBTransfer

674 kBSize

1 Cookies

4 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

1 Cookies

2 Console Messages

Security Headers

Indicators

maps.test-and-trace.nhs.uk Open in urlscan Pro
2600:9000:211e:8600:f:7d9:73c0:93a1 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

231 kB
Transfer

674 kB
Size

1
Cookies

10 HTTP transactions
0 data transactions