www.cliniko.com Open in urlscan Pro
2a05:d014:275:cb02::c8 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.cliniko.com/
Effective URL:
https://www.cliniko.com/
Submission: On September 09 via manual (September 9th 2023, 1:10:47 pm UTC) from GB — Scanned from GB

Summary HTTP 88 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 7 domains to perform 88 HTTP transactions. The main IP is 2a05:d014:275:cb02::c8, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.cliniko.com.
TLS certificate: Issued by R3 on August 27th 2023. Valid for: 3 months.

This is the only time www.cliniko.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a05:d014:275... 2a05:d014:275:cb01::c8	16509 (AMAZON-02) (AMAZON-02)
38	2a05:d014:275... 2a05:d014:275:cb02::c8	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
30	2606:4700::68... 2606:4700::6811:b658	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	143.204.214.12 143.204.214.12	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:400... 2a04:4e42:400::282	54113 (FASTLY) (FASTLY)
9	35.190.70.79 35.190.70.79	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.194.217 151.101.194.217	54113 (FASTLY) (FASTLY)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
88	10

1 2a05:d014:275:cb01::c8 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

www.cliniko.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2a05:d014:275:cb02::c8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.cliniko.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700::6811:b658 (United States)

ASN13335 (CLOUDFLARENET, US)

fa4a51a09d12751e5d532cfce80751aa.report-uri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 143.204.214.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-12.fra53.r.cloudfront.net

d33wubrfki0l68.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::282 (United States)

ASN54113 (FASTLY, US)

cdn.polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.190.70.79 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 79.70.190.35.bc.googleusercontent.com

cdn.sanity.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.217 (United States)

ASN54113 (FASTLY, US)

start.au2.cliniko.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	cliniko.com 1 redirects www.cliniko.com start.au2.cliniko.com	1 MB
30	report-uri.com fa4a51a09d12751e5d532cfce80751aa.report-uri.com	9 KB
9	sanity.io cdn.sanity.io — Cisco Umbrella Rank: 16945	662 KB
5	cloudfront.net d33wubrfki0l68.cloudfront.net	65 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49 region1.google-analytics.com — Cisco Umbrella Rank: 1977	21 KB
1	polyfill.io cdn.polyfill.io — Cisco Umbrella Rank: 3263	683 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	89 KB
88	7

	Domain	Requested by
39	www.cliniko.com	1 redirects www.cliniko.com
30	fa4a51a09d12751e5d532cfce80751aa.report-uri.com	www.cliniko.com www.googletagmanager.com
9	cdn.sanity.io	www.cliniko.com
5	d33wubrfki0l68.cloudfront.net	www.cliniko.com
2	www.google-analytics.com	www.cliniko.com www.google-analytics.com
1	region1.google-analytics.com	www.googletagmanager.com
1	start.au2.cliniko.com	www.cliniko.com
1	cdn.polyfill.io	www.cliniko.com
1	www.googletagmanager.com	www.cliniko.com
88	9

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.instagram.com
www.linkedin.com
www.youtube.com
apply.workable.com
status.cliniko.com
docs.api.cliniko.com

Subject Issuer	Validity	Valid
blog.cliniko.com R3	`2023-08-27` - `2023-11-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
report-uri.com E1	`2023-08-02` - `2023-10-31`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
polyfill.io Certainly Intermediate R1	`2023-08-24` - `2023-09-23`	a month	crt.sh
*.sanity.io Sectigo RSA Domain Validation Secure Server CA	`2022-10-04` - `2023-11-04`	a year	crt.sh
*.au2.cliniko.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.cliniko.com/
Frame ID: 839E12AD87A87CB64AF251DF18854534
Requests: 106 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Allied Health Practice Management Software - ClinikoCliniko

Page URL History Show full URLs

http://www.cliniko.com/ HTTP 301
https://www.cliniko.com/ Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

Page Statistics

88
Requests

100 %
HTTPS

70 %
IPv6

7
Domains

9
Subdomains

10
IPs

2
Countries

2360 kB
Transfer

3433 kB
Size

3
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/cliniko
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Cliniko/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cliniko/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cliniko
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCeO5UD-avc9K8zj3Rh6BnWw
Title: Youtube

Search URL Search Domain Scan URL

URL: https://apply.workable.com/cliniko/
Title: Jobs

Search URL Search Domain Scan URL

URL: https://status.cliniko.com/
Title: System status

Search URL Search Domain Scan URL

URL: https://docs.api.cliniko.com/developer-portal/
Title: Developer API

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.cliniko.com/ HTTP 301
https://www.cliniko.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

88 HTTP transactions
18 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.cliniko.com/
Redirect Chain

http://www.cliniko.com/
https://www.cliniko.com/

220 KB
55 KB

133ms
45ms

Document
text/html

2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

253ddbd9b7c021d9f50f6f6c057fe1a923a49c2ef0027cde945da8d66eca05bc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ranges: bytes
age: 70095
cache-control: public,max-age=0,must-revalidate
content-encoding: br
content-length: 54864
content-security-policy: frame-ancestors 'none';
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: text/html; charset=UTF-8
date: Sat, 09 Sep 2023 13:10:42 GMT
etag: "ce3421040c07796c11a54a9c5df7c99f-ssl-df"
link: </webpack-runtime-2f3bec9576b37233d1a6.js>; rel=preload; as=script, </framework-9d2524b17bc55fedcbfe.js>; rel=preload; as=script, </dc6a8720040df98778fe970bf6c000a41750d3ae-14e519eaac6c3b39d080.js>; rel=preload; as=script, </app-954f8e08c39bd021810c.js>; rel=preload; as=script, </commons-f8ffb44677cc88f1bca4.js>; rel=preload; as=script, </component---src-pages-index-js-fde9c0a08e056524fc0c.js>; rel=preload; as=script, </page-data/app-data.json>; rel=preload; as=fetch; crossorigin, </page-data/index/page-data.json>; rel=preload; as=fetch; crossorigin
referrer-policy: same-origin
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-content-type-options: nosniff
x-nf-request-id: 01H9X11S5HEM5X59DXE8Z580JP
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 39
Content-Type: text/plain; charset=utf-8
Date: Sat, 09 Sep 2023 13:10:41 GMT
Location: https://www.cliniko.com/
Server: Netlify
X-Nf-Request-Id: 01H9X11S1H3MJ74F7NZYRCW6F6

GET
H2 200 webpack-runtime-2f3bec9576b37233d1a6.js Show response
www.cliniko.com/ 7 KB
3 KB 121ms
120ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/webpack-runtime-2f3bec9576b37233d1a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

2694d44a57e37d44ccd37aec759bad2cc513b4cc24216af71a1c5efd291f8e15

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S73VMZ5AWB789AA212W
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 70094
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 2886
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "a9c63dc6dbe357f128b9bb82da2d39d6-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 framework-9d2524b17bc55fedcbfe.js Show response
www.cliniko.com/ 145 KB
43 KB 123ms
122ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/framework-9d2524b17bc55fedcbfe.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

040277d2451f6f18868fdb4166845b9147932e78a77930ac6803d9aad32be436

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S73NWGJR2ANPGQQRCQ6
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 12100
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 43534
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "d24ac5590e9e0783b63f0a56b2f4a474-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 dc6a8720040df98778fe970bf6c000a41750d3ae-14e519eaac6c3b39d080.js Show response
www.cliniko.com/ 13 KB
5 KB 124ms
123ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/dc6a8720040df98778fe970bf6c000a41750d3ae-14e519eaac6c3b39d080.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

c965770d3fc2c2d576a8ae873a2da0f0bd6ed0470c4777d98cafc69091112477

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S739N72ZWX8EGJEAMK5
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 11051
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 4781
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "fac947cdde8f28478091bb3052cf2a90-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 app-954f8e08c39bd021810c.js Show response
www.cliniko.com/ 304 KB
83 KB 125ms
124ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

6655574feb80f1c2a7f82dfcb12fd6159494aa418db3c8fe479e83c575251e36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S73351JYE5VBR8734RN
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 15002
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 85234
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "976fed09d300412598e23fbf9998b353-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 commons-f8ffb44677cc88f1bca4.js Show response
www.cliniko.com/ 302 KB
104 KB 125ms
124ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/commons-f8ffb44677cc88f1bca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

845e542a5974623b6e76fbcdc2e9c9aa0c21dd8ec22f428d7fb2a294e60ea536

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S744MBM3TZBB8ZQE454
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 15002
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 105550
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "f09569939f362bb326476929d95b5731-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 component---src-pages-index-js-fde9c0a08e056524fc0c.js Show response
www.cliniko.com/ 25 KB
11 KB 122ms
121ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/component---src-pages-index-js-fde9c0a08e056524fc0c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

40dbba9af0b0a5cbc5fdabec1cfa1e2a21668ed6206a8eb93f3b77c64f55188e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S74XXM4WST9E2NFAC5T
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 12100
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 10958
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "2c4f114e73811368b5d8d1be8f9e12c8-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 app-data.json
www.cliniko.com/page-data/ 50 B
162 B 125ms
125ms Other
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/app-data.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

1845f86b49d7119fdfeb3f3c425ee28abd05223f3b17b78324012b6aa3bfecb2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S7417KEZ846AC26EE09
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 70094
x-content-type-options: nosniff
etag: "3326f212d6127f6400273d5aaf5ba4bd-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 50
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json
www.cliniko.com/page-data/index/ 145 KB
36 KB 81ms
80ms Other
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/index/page-data.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b856ee7ed9e3ed295042dfc20ce312d19ad3ff5daf6d33842d9a29f0d8ca7bb6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S74M00FH2045BADPMHT
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 17287
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 37048
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "73accee0ecc0e4fb865e4f6607546053-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
89 KB 167ms
63ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YC35D4SQ9X

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

95788cd5ba3f9b4b9098470ed76ba6d4c59e38ea235854fe8524fd50df00a1fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90886
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 09 Sep 2023 13:10:42 GMT

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 148ms
64ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac41e9fa4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
578 B 146ms
63ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac41e9fb4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 147ms
68ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac41e9fe4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 151ms
74ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac41ea014142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 143ms
67ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac41ea024142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 150ms
75ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac41ea054142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 62ms
57ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a944142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 57ms
52ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a984142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 60ms
55ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a994142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
265 B 56ms
51ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a9b4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
570 B 59ms
54ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a9d4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 61ms
56ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a9e4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 60ms
55ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423a9f4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
264 B 79ms
74ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423aa04142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 62ms
57ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423aa24142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 58ms
53ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423aa44142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
268 B 64ms
59ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac423aa54142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
265 B 64ms
60ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424abd4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 63ms
59ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ac04142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 63ms
58ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ac34142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
264 B 74ms
69ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ac54142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
265 B 78ms
74ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ac64142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 83ms
79ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ac74142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
265 B 76ms
71ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ac94142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
265 B 81ms
77ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424acb4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
570 B 68ms
64ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424acd4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

GET
H2 200 open-sans-regular.woff2
d33wubrfki0l68.cloudfront.net/bcf921cf98e03d0f5a766968f88b6e9778a4beaf/dda17/fonts/ 9 KB
10 KB 154ms
49ms Font
font/woff2 143.204.214.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d33wubrfki0l68.cloudfront.net/bcf921cf98e03d0f5a766968f88b6e9778a4beaf/dda17/fonts/open-sans-regular.woff2
Requested by: Host: www.cliniko.com
URL: https://www.cliniko.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-12.fra53.r.cloudfront.net
Software: Netlify /
Resource Hash: 989050cfaca9cef4642cfb414bfc3add16858a6048e8fc9115296f40aac9128f

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01GQBW3ED0K9KQ51DK1M3ZY29Q
date: Sun, 22 Jan 2023 04:34:35 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
server: Netlify
x-amz-cf-pop: FRA53-C1
age: 19902967
etag: 079cb0a81321ef8853e81c3f32a369ea9e166a0f
x-cache: Hit from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
content-length: 9416
x-amz-cf-id: 3-0Z1CiCEtSMnqoiLQ9M2oIipanUNc0nNLbrBlzFvZwoKBE6VMK_Ag==

GET
H2 200 open-sans-italic.woff2
d33wubrfki0l68.cloudfront.net/8975cf9b222c1272f989dc5cb35ab36c07ed73ad/c0cb7/fonts/ 9 KB
9 KB 154ms
50ms Font
font/woff2 143.204.214.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d33wubrfki0l68.cloudfront.net/8975cf9b222c1272f989dc5cb35ab36c07ed73ad/c0cb7/fonts/open-sans-italic.woff2
Requested by: Host: www.cliniko.com
URL: https://www.cliniko.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-12.fra53.r.cloudfront.net
Software: Netlify /
Resource Hash: 2e159c2db328d6579e04bbf7b754803f452a6d8aff7e1c1adba8f0ef9ebd593e

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01GPMMVCMMCHNYKHAJGGEKXQZ1
date: Fri, 13 Jan 2023 04:05:19 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
server: Netlify
x-amz-cf-pop: FRA53-C1
age: 20682323
etag: 365d247da6797f7357ce822268c1a0a09abd3897
x-cache: Hit from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
content-length: 9112
x-amz-cf-id: uvOj6ye-WrxzqW5dXQp_XGmC2gPJlWl5hgr2cqCUl6bHSwXc3coydA==

GET
H2 200 open-sans-bold.woff2
d33wubrfki0l68.cloudfront.net/30d95fbda6e5828e4f5a7d776b2d4dad239ea34e/b7088/fonts/ 10 KB
10 KB 154ms
50ms Font
font/woff2 143.204.214.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d33wubrfki0l68.cloudfront.net/30d95fbda6e5828e4f5a7d776b2d4dad239ea34e/b7088/fonts/open-sans-bold.woff2

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.214.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-214-12.fra53.r.cloudfront.net

Software

Netlify /

Resource Hash

e74c121f11a2e37e7bc3a50c485f5864750b950e103ec0b35b37138fa0e40505

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H56T6WMTW67D3V2JM636K0FK
date: Thu, 13 Jul 2023 05:05:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
server: Netlify
x-amz-cf-pop: FRA53-C1
age: 5040338
etag: beab2cb18e2555788e4d6cb88bf42fb46639b798
x-cache: Hit from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
content-length: 9908
x-amz-cf-id: Ynq9Eq-Qv5hRZj6TARIoWzZP_vLBMmKQIIQ-sqks01u1jto6B8D1yw==

GET
H2 200 clan-pro-black.woff2
d33wubrfki0l68.cloudfront.net/e6196cf9c80d159e6c5ec42587b953f7316fac39/da9d1/fonts/ 20 KB
21 KB 161ms
57ms Font
font/woff2 143.204.214.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d33wubrfki0l68.cloudfront.net/e6196cf9c80d159e6c5ec42587b953f7316fac39/da9d1/fonts/clan-pro-black.woff2
Requested by: Host: www.cliniko.com
URL: https://www.cliniko.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-12.fra53.r.cloudfront.net
Software: Netlify /
Resource Hash: 84c604f8e7e91c9819e29b26d1164ceb1b0b9bcd5980881f2363a01d457884bd

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01GPPX25JGK39B7EYYY7CAJVQW
date: Sat, 14 Jan 2023 01:07:19 GMT
via: 1.1 cc77875ec7dfc885cffaa2ec6fa578f6.cloudfront.net (CloudFront)
server: Netlify
x-amz-cf-pop: FRA53-C1
age: 20606603
etag: e278a3dd7ed4d0d79d6c53177a59b855465b2c21
x-cache: Hit from cloudfront
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
content-length: 20724
x-amz-cf-id: yQWJIy8E7PYppjpFlukNwbvj9GAV4Vr3lUar9UgcccxUbttv7f2bvA==

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 046c3c41fe2e3ba004656d7a7fa6c4a3849b48bb48e8d4bb2d398fa1d73eae37

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d8e62dd6e765a1121ce98d904aaa1377d28b816f8b59a92501ae2f8daf59d7d

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 hero-full.webp
www.cliniko.com/static/3933bbf7e479fa8d94e220d0dd02268d/ab38a/ 121 KB
121 KB 73ms
73ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/3933bbf7e479fa8d94e220d0dd02268d/ab38a/hero-full.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b37c4e94805388fff93176114bf473524ae4f64368d00c77f4a0f8dc9ababa1f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S8R538SHR074Z23R3RJ
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 2887
x-content-type-options: nosniff
etag: "3c8bf6c7dc1ea5b8ab0b1ca3dea9b70c-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 123838
x-xss-protection: 1; mode=block

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 74ms
70ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac424ace4142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fcb1a76ad4d31169b1665a20cf9f9d278d42ee48d926fac27a47d4463e9eb90

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09c550fc987d217ab0e181a511674f13e603c173b3ff4b77871186913499bb4e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 hero-small.webp
www.cliniko.com/static/3459759ec6bf38394df63db03a8fde5a/b5a1e/ 41 KB
42 KB 74ms
74ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/3459759ec6bf38394df63db03a8fde5a/b5a1e/hero-small.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

bd5c76ddcdf181af38e09b59a27df573290d63c0be0b6d197a8e51bb978395c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11S8SEJ6NATF8CASAAXCQ
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 10068
x-content-type-options: nosniff
etag: "8ac76e5221d2ca382f7f785cf758d22d-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 42458
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6d81767ca3576b3f2deaefbfc48bb93b010ef2d2c83b3707a98ff0e1d9cdfe8b

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ec36f8fe22f65191c1d36146ebb9123c9ada2a143137d6b0628b4b7653f5e074

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 094611b3749d83fe497e01da54fc5d914b6500800804a81c0fd5ef109396bc1e

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e06fe31967801119931f906ddd7295e809f9e8d56f29ee722a5c8005a23487bc

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 6 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b1aa6939b032aa5e2ccec7195a6e95ee8fc8ab5703cf55d18cf2ef0a5b58ad7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pricing-6-bb0286e2461b26422750940e535e3d14.png
d33wubrfki0l68.cloudfront.net/e107d1a98aa54c6bf587d9117d62affcfc6be209/59da8/static/ 15 KB
15 KB 140ms
49ms Image
image/png 143.204.214.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d33wubrfki0l68.cloudfront.net/e107d1a98aa54c6bf587d9117d62affcfc6be209/59da8/static/pricing-6-bb0286e2461b26422750940e535e3d14.png
Requested by: Host: www.cliniko.com
URL: https://www.cliniko.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-12.fra53.r.cloudfront.net
Software: Netlify /
Resource Hash: b2760dc672c9f896b7b2cbd19036cc581a073729d484c8d64b1223e6afdfaf66

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01GQ4AKRWVT0C467RVTGVYE9P7
date: Thu, 19 Jan 2023 06:14:15 GMT
via: 1.1 a75b67932d84d80b40e12159613deb16.cloudfront.net (CloudFront)
server: Netlify
x-amz-cf-pop: FRA53-C1
age: 20156187
etag: 4df17be8197ef6adea88be5c8408f6b4a6750345
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31556926
accept-ranges: bytes
content-length: 14931
x-amz-cf-id: sCFiL5QpkHAPDeGWsMNoIVTp6IXsaEa39k0Jj6PyASL_PYDGeBQTSA==

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eeb1ef7dcacb53823edebb4c5a5b31a0e0cdb0b10526ff8bd919989f9fe3b2c2

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 832 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 511e6739f9ec2ee804e5f9e8200f07b5db48a5957f72e4e14ed8d2d53e45bf4f

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 101 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1cc238b889b5c92f9b0b230bb2c3e0180c08cdb65379424a7760bbc48de57b7

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9cacab6be80b747899b60a8feb4e60b3171c46b5664f136662e69b7c73430f5

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d3c4e76f9fe44b68c7a2c39f2650e981ca1456557dbebea8b41da78d385040fa

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be36ec35d7650ee060cffa286baaeee29298c3ab45d9352b9d8d4b823be630ff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff5358fadf010c2dc7ca30f235395ae11ed5797a0ed1dd4d955594f9099987af

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 87 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 70a3aea11036ccd8bcb3cc6b3bc3fd298287c3112b310faf40d3f3979fa7712a

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 417 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6deb3f8af51a41f7b2cf2a6c59c5987d5355be68a9e99db33795006ff53fe011

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/jpeg

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
267 B 72ms
72ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac421a704142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

GET
H2 200 polyfill.min.js Show response
cdn.polyfill.io/v3/ 101 B
683 B 86ms
26ms Script
text/javascript 2a04:4e42:400::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.polyfill.io/v3/polyfill.min.js?features=default,EventSource,NodeList.prototype.forEach,Number.isInteger,Symbol

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
age: 2082998
detected-user-agent: Chrome/116.0.0
useragent_normaliser: chrome/116.0.0
server-timing: HIT-CLUSTER, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 113
referrer-policy: origin-when-cross-origin
last-modified: Thu, 10 Aug 2023 13:32:32 GMT
fastly_service_version: 225
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
normalized-user-agent: chrome/116.0.0
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 security.webp
www.cliniko.com/static/59769f9175a1da33ced4861d0996ead2/3de10/ 58 KB
58 KB 45ms
44ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/59769f9175a1da33ced4861d0996ead2/3de10/security.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

0d567a699074f1ab39d8ef5a32df09d977f7f42e3a4d8504d0abba87a9cee7ff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SD6M230H2G0VJD2JMPK
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 27287
x-content-type-options: nosniff
etag: "54e21b7b4ad055910d2268de22eb5ef3-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 59532
x-xss-protection: 1; mode=block

GET
H2 200 support.webp
www.cliniko.com/static/03b209a82b3d25bf88e705d0956a0b41/45e54/ 77 KB
77 KB 47ms
46ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/03b209a82b3d25bf88e705d0956a0b41/45e54/support.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

4a1b7bebb319366f509c3759f416c9b647661e98f129511bf5ace287dd20d91e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SD6YJ0SPRVW5926X55C
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 18619
x-content-type-options: nosniff
etag: "ce312736c4924d567db28ffbe81fcd4d-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 78834
x-xss-protection: 1; mode=block

GET
H2 200 connected-apps.webp
www.cliniko.com/static/5acf42fb8a38ae6ca2c6249fc9ad9b63/b53de/ 62 KB
62 KB 46ms
45ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/5acf42fb8a38ae6ca2c6249fc9ad9b63/b53de/connected-apps.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

32e38c849079c7587a006252fe708ce999ae28124711f729104f0f857d470311

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SD6D48095RDWANR4X55
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 17583
x-content-type-options: nosniff
etag: "0bd90f58363f2a854f24db791134c327-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 63602
x-xss-protection: 1; mode=block

GET
H2 200 fe41aaa6914370649dc4ea0ac8a2a4ba6079b527-1536x1072.jpg
cdn.sanity.io/images/3rd8yckx/production/ 153 KB
153 KB 142ms
61ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/fe41aaa6914370649dc4ea0ac8a2a4ba6079b527-1536x1072.jpg?rect=54,0,1429,1072&w=1024&h=768&auto=format

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

a7948de91cfbd587f8027addb2aae0dda9f2c558ff7194a9d47c31586b952a30

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 12:56:16 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: ba831d7764c740e9f232357b5d97730d
age: 173666
x-varnish-age: 10837
x-b3-parentspanid: 90022ef79933e158
vha6-origin: image-varnish-ssd-0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156590
last-modified: Tue, 01 Aug 2023 12:12:41 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: fc3066e56f2da452
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 03f2c5bbdb63cbb6462c2b5b4f9d796668998e9e-1536x1072.png
cdn.sanity.io/images/3rd8yckx/production/ 26 KB
27 KB 115ms
34ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/03f2c5bbdb63cbb6462c2b5b4f9d796668998e9e-1536x1072.png?rect=54,0,1429,1072&w=1024&h=768&auto=format

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

1a1dc2ed68bd3fa0920d0e05824e13610df9adf157950fb093c5ddf566c0038b

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Sat, 26 Aug 2023 07:16:27 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: f7189a95dbb4a141e3591d49faa9112d
age: 1230855
x-varnish-age: 0
x-b3-parentspanid: ef0c6fdb7a44e594
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26714
last-modified: Mon, 22 May 2023 16:32:22 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: e4c491267fc0aca4
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 365b7d287df11e18816bf448ec07fc148dd41eb8-1280x960.png
cdn.sanity.io/images/3rd8yckx/production/ 41 KB
41 KB 209ms
128ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/365b7d287df11e18816bf448ec07fc148dd41eb8-1280x960.png?w=1024&h=768&auto=format

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

ccb0c581669d43e5ef5dba553a8029bde655fb9b1de57248383f2968753c41f0

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Sat, 26 Aug 2023 07:33:50 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: 47a98eee78a3e81b5e84cea51194bf12
age: 1229812
x-varnish-age: 10087
x-b3-parentspanid: 7c2ae24306b47443
vha6-origin: image-varnish-ssd-2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42250
last-modified: Fri, 13 Mar 2020 11:22:50 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: 7d33bd1faad31584
x-b3-sampled: 0
accept-ranges: bytes

POST
H2 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
266 B 44ms
43ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac434c934142-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 137ms
42ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 11:44:23 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5179
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 09 Sep 2023 13:44:23 GMT

GET
H2 200 locale Show response
start.au2.cliniko.com/ 39 B
2 KB 1164ms
1086ms Fetch
application/json 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://start.au2.cliniko.com/locale

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a58c98161fd5c090f4fc8feb30e5be2e45ed10cc30727f83bb7b091ea9a64222

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:43 GMT
via: 1.1 varnish
x-permitted-cross-domain-policies: none
content-security-policy-report-only: default-src 'self'; font-src 'self' fonts.gstatic.com *.intercomcdn.com assets.au2.cliniko.com *.cliniko.com; frame-src 'self' checkout.stripe.com js.stripe.com *.medipass.io *.facebook.com; img-src * 'self' data: *.stripe.com; media-src 'self' *.intercomcdn.com assets.au2.cliniko.com *.cliniko.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://code.jquery.com https://*.pusher.com https://checkout.stripe.com https://js.stripe.com https://bam.nr-data.net https://html5shim.googlecode.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://maps.gstatic.com https://*.intercom.io https://*.intercomcdn.com https://*.adroll.com https://*.medipass.io assets.au2.cliniko.com *.cliniko.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com code.jquery.com assets.au2.cliniko.com *.cliniko.com; connect-src 'self' https://api.honeybadger.io https://*.intercom.io https://*.intercomcdn.com wss://*.intercom.io wss://*.twilio.com https://*.twilio.com https://app.getsentry.com https://*.pusher.com wss://ws.pusherapp.com wss://ws.pusherapp.com:443 wss://ws-mt1.pusher.com https://api.stripe.com https://checkout.stripe.com https://translate.googleapis.com https://*.google-analytics.com https://*.medipass.io assets.au2.cliniko.com *.cliniko.com; report-uri https://cliniko.report-uri.io/r/default/csp/reportOnly
x-cache: MISS
content-length: 63
x-xss-protection: 1; mode=block
x-request-id: 0ed50af3-cb46-46af-9cfd-4631dc6d0297
x-served-by: cache-man4130-MAN
x-runtime: 0.009405
referrer-policy: strict-origin-when-cross-origin
server: nginx
x-timer: S1694265043.518080,VS0,VE1061
etag: W/"a58c98161fd5c090f4fc8feb30e5be2e"
x-download-options: noopen
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers
cache-control: private, no-store
x-frame-options: SAMEORIGIN
accept-ranges: bytes
vary: Accept,Origin,Accept-Encoding
x-cache-hits: 0

POST
H3 429 reportOnly
fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/ 11 B
581 B 61ms
61ms Other
text/plain 2606:4700::6811:b658
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YC35D4SQ9X

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b658 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain
cf-ray: 803fac43af6d8889-LHR
alt-svc: h3=":443"; ma=86400
content-length: 11

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 112ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-YC35D4SQ9X&gtm=45je3960&_p=376804875&cid=1316309466.1694265042&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694265042&sct=1&seg=0&dl=https%3A%2F%2Fwww.cliniko.com%2F&dt=Allied%20Health%20Practice%20Management%20Software%20-%20Cliniko&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YC35D4SQ9X
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 Sep 2023 13:10:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cliniko.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1597897351.json Show response
www.cliniko.com/page-data/sq/d/ 463 B
570 B 43ms
43ms XHR
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/sq/d/1597897351.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

a401d46f51a6b7d06a99bd81be9e79581a46da53f0cf6512e22fdafff0294bd0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SK2MWRN6YRH9S7VA8DA
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 70094
x-content-type-options: nosniff
etag: "fc1021f91e32249adf7152edfdd58c70-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 463
x-xss-protection: 1; mode=block

GET
H2 200 3740316044.json Show response
www.cliniko.com/page-data/sq/d/ 4 KB
1 KB 44ms
43ms XHR
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/sq/d/3740316044.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e32073461c090a3f51d1d055ee56890c4eef5af592443d16c52222e484d1984c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SK2PZWHBDEVJZ08W514
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 70094
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 1407
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "f268f0df9217c8476108cd853150eb7b-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 396852870.json Show response
www.cliniko.com/page-data/sq/d/ 42 KB
24 KB 44ms
44ms XHR
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/sq/d/396852870.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

03bc60d3b1909b453d5316c27d1734d4184927f4194d8d5b990a39556ef2a39b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SK2P4HK48TDSASPKTAF
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 15985
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 24799
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "a1fc3296ca1bb8f2e920ada91ebfd94d-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 51ms
51ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=376804875&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cliniko.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Allied%20Health%20Practice%20Management%20Software%20-%20Cliniko&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEABAAAAACAAIg~&cid=1316309466.1694265042&tid=UA-19838433-2&_gid=1100739987.1694265043&_slc=1&z=77097402

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 09 Sep 2023 13:10:42 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cliniko.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 223-f88019c32efe2c638158.js Show response
www.cliniko.com/ 9 KB
5 KB 43ms
43ms Script
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/223-f88019c32efe2c638158.js

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/webpack-runtime-2f3bec9576b37233d1a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

7d56b1e910fa02de5b0b88eabec2e9cbf695588161722563ebca845692a3f53c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SS6J4YBVQJPPHXVK4A2
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:42 GMT
strict-transport-security: max-age=31536000
age: 59418
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 3630
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "c1d02372f08453fa8e8b36dcdefb99f9-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 pricing-6-bb0286e2461b26422750940e535e3d14.png
www.cliniko.com/static/ 15 KB
15 KB 55ms
54ms Image
image/png 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/pricing-6-bb0286e2461b26422750940e535e3d14.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b2760dc672c9f896b7b2cbd19036cc581a073729d484c8d64b1223e6afdfaf66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11STMYKWYCGF7XCAETRP3
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 7570
x-content-type-options: nosniff
etag: "68faafec16da1bed2a1bd3e36e9e7689-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/png
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 14931
x-xss-protection: 1; mode=block

GET
H2 200 hero-full.webp
www.cliniko.com/static/3933bbf7e479fa8d94e220d0dd02268d/ab38a/ 121 KB
121 KB 44ms
44ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/3933bbf7e479fa8d94e220d0dd02268d/ab38a/hero-full.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/commons-f8ffb44677cc88f1bca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b37c4e94805388fff93176114bf473524ae4f64368d00c77f4a0f8dc9ababa1f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SW4AC1TPRTBAZWGA6F3
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 2887
x-content-type-options: nosniff
etag: "3c8bf6c7dc1ea5b8ab0b1ca3dea9b70c-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 123838
x-xss-protection: 1; mode=block

GET
H2 200 hero-small.webp
www.cliniko.com/static/3459759ec6bf38394df63db03a8fde5a/b5a1e/ 41 KB
42 KB 45ms
45ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/3459759ec6bf38394df63db03a8fde5a/b5a1e/hero-small.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/commons-f8ffb44677cc88f1bca4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

bd5c76ddcdf181af38e09b59a27df573290d63c0be0b6d197a8e51bb978395c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SW442JCWBHV2VQSTFCA
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 10068
x-content-type-options: nosniff
etag: "8ac76e5221d2ca382f7f785cf758d22d-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 42458
x-xss-protection: 1; mode=block

GET
H2 200 security.webp
www.cliniko.com/static/59769f9175a1da33ced4861d0996ead2/3de10/ 58 KB
58 KB 46ms
44ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/59769f9175a1da33ced4861d0996ead2/3de10/security.webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

0d567a699074f1ab39d8ef5a32df09d977f7f42e3a4d8504d0abba87a9cee7ff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SWBYJHACM0DC6R50B69
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 27287
x-content-type-options: nosniff
etag: "54e21b7b4ad055910d2268de22eb5ef3-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 59532
x-xss-protection: 1; mode=block

GET
H2 200 support.webp
www.cliniko.com/static/03b209a82b3d25bf88e705d0956a0b41/45e54/ 77 KB
77 KB 46ms
44ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/03b209a82b3d25bf88e705d0956a0b41/45e54/support.webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

4a1b7bebb319366f509c3759f416c9b647661e98f129511bf5ace287dd20d91e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SWBYFP3AFQQ12J3S520
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 18619
x-content-type-options: nosniff
etag: "ce312736c4924d567db28ffbe81fcd4d-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 78834
x-xss-protection: 1; mode=block

GET
H2 200 connected-apps.webp
www.cliniko.com/static/5acf42fb8a38ae6ca2c6249fc9ad9b63/b53de/ 62 KB
62 KB 45ms
43ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/5acf42fb8a38ae6ca2c6249fc9ad9b63/b53de/connected-apps.webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

32e38c849079c7587a006252fe708ce999ae28124711f729104f0f857d470311

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SWBWHVH5BATV1Z5PNB0
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 17583
x-content-type-options: nosniff
etag: "0bd90f58363f2a854f24db791134c327-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 63602
x-xss-protection: 1; mode=block

GET
H2 200 fe41aaa6914370649dc4ea0ac8a2a4ba6079b527-1536x1072.jpg
cdn.sanity.io/images/3rd8yckx/production/ 153 KB
153 KB 34ms
32ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/fe41aaa6914370649dc4ea0ac8a2a4ba6079b527-1536x1072.jpg?rect=54,0,1429,1072&w=1024&h=768&auto=format

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

a7948de91cfbd587f8027addb2aae0dda9f2c558ff7194a9d47c31586b952a30

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 12:56:16 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: ba831d7764c740e9f232357b5d97730d
age: 173666
x-varnish-age: 10837
x-b3-parentspanid: 90022ef79933e158
vha6-origin: image-varnish-ssd-0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156590
last-modified: Tue, 01 Aug 2023 12:12:41 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: fc3066e56f2da452
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 03f2c5bbdb63cbb6462c2b5b4f9d796668998e9e-1536x1072.png
cdn.sanity.io/images/3rd8yckx/production/ 26 KB
26 KB 49ms
48ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/03f2c5bbdb63cbb6462c2b5b4f9d796668998e9e-1536x1072.png?rect=54,0,1429,1072&w=1024&h=768&auto=format

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

1a1dc2ed68bd3fa0920d0e05824e13610df9adf157950fb093c5ddf566c0038b

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Sat, 26 Aug 2023 07:16:27 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: f7189a95dbb4a141e3591d49faa9112d
age: 1230855
x-varnish-age: 0
x-b3-parentspanid: ef0c6fdb7a44e594
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26714
last-modified: Mon, 22 May 2023 16:32:22 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: e4c491267fc0aca4
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 365b7d287df11e18816bf448ec07fc148dd41eb8-1280x960.png
cdn.sanity.io/images/3rd8yckx/production/ 41 KB
41 KB 46ms
46ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/365b7d287df11e18816bf448ec07fc148dd41eb8-1280x960.png?w=1024&h=768&auto=format

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

ccb0c581669d43e5ef5dba553a8029bde655fb9b1de57248383f2968753c41f0

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Sat, 26 Aug 2023 07:33:50 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: 47a98eee78a3e81b5e84cea51194bf12
age: 1229812
x-varnish-age: 10087
x-b3-parentspanid: 7c2ae24306b47443
vha6-origin: image-varnish-ssd-2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42250
last-modified: Fri, 13 Mar 2020 11:22:50 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: 7d33bd1faad31584
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 hero-full.webp
www.cliniko.com/static/3933bbf7e479fa8d94e220d0dd02268d/ab38a/ 121 KB
121 KB 44ms
43ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/3933bbf7e479fa8d94e220d0dd02268d/ab38a/hero-full.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b37c4e94805388fff93176114bf473524ae4f64368d00c77f4a0f8dc9ababa1f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SXK75B4ACZW6G6J070K
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 2887
x-content-type-options: nosniff
etag: "3c8bf6c7dc1ea5b8ab0b1ca3dea9b70c-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 123838
x-xss-protection: 1; mode=block

GET
H2 200 hero-small.webp
www.cliniko.com/static/3459759ec6bf38394df63db03a8fde5a/b5a1e/ 41 KB
42 KB 47ms
47ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/3459759ec6bf38394df63db03a8fde5a/b5a1e/hero-small.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

bd5c76ddcdf181af38e09b59a27df573290d63c0be0b6d197a8e51bb978395c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SXMXNNSN8HQ1JNND3QH
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 10068
x-content-type-options: nosniff
etag: "8ac76e5221d2ca382f7f785cf758d22d-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 42458
x-xss-protection: 1; mode=block

GET
H2 200 connected-apps.webp
www.cliniko.com/static/5acf42fb8a38ae6ca2c6249fc9ad9b63/b53de/ 62 KB
62 KB 52ms
51ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/5acf42fb8a38ae6ca2c6249fc9ad9b63/b53de/connected-apps.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

32e38c849079c7587a006252fe708ce999ae28124711f729104f0f857d470311

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SY0TW7661GTVCRPREVV
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 17583
x-content-type-options: nosniff
etag: "0bd90f58363f2a854f24db791134c327-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 63602
x-xss-protection: 1; mode=block

GET
H2 200 security.webp
www.cliniko.com/static/59769f9175a1da33ced4861d0996ead2/3de10/ 58 KB
58 KB 54ms
53ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/59769f9175a1da33ced4861d0996ead2/3de10/security.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

0d567a699074f1ab39d8ef5a32df09d977f7f42e3a4d8504d0abba87a9cee7ff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SY0NFWK4PWQRJCTZN53
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 27287
x-content-type-options: nosniff
etag: "54e21b7b4ad055910d2268de22eb5ef3-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 59532
x-xss-protection: 1; mode=block

GET
H2 200 support.webp
www.cliniko.com/static/03b209a82b3d25bf88e705d0956a0b41/45e54/ 77 KB
77 KB 52ms
52ms Image
image/webp 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cliniko.com/static/03b209a82b3d25bf88e705d0956a0b41/45e54/support.webp

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

4a1b7bebb319366f509c3759f416c9b647661e98f129511bf5ace287dd20d91e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11SY0E4NDEJA0M2CAK26W
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:42 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 18619
x-content-type-options: nosniff
etag: "ce312736c4924d567db28ffbe81fcd4d-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: image/webp
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
content-length: 78834
x-xss-protection: 1; mode=block

GET
H2 200 fe41aaa6914370649dc4ea0ac8a2a4ba6079b527-1536x1072.jpg
cdn.sanity.io/images/3rd8yckx/production/ 153 KB
153 KB 37ms
37ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/fe41aaa6914370649dc4ea0ac8a2a4ba6079b527-1536x1072.jpg?rect=54,0,1429,1072&w=1024&h=768&auto=format

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

a7948de91cfbd587f8027addb2aae0dda9f2c558ff7194a9d47c31586b952a30

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 12:56:16 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: ba831d7764c740e9f232357b5d97730d
age: 173666
x-varnish-age: 10837
x-b3-parentspanid: 90022ef79933e158
vha6-origin: image-varnish-ssd-0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156590
last-modified: Tue, 01 Aug 2023 12:12:41 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: fc3066e56f2da452
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 03f2c5bbdb63cbb6462c2b5b4f9d796668998e9e-1536x1072.png
cdn.sanity.io/images/3rd8yckx/production/ 26 KB
26 KB 45ms
45ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/03f2c5bbdb63cbb6462c2b5b4f9d796668998e9e-1536x1072.png?rect=54,0,1429,1072&w=1024&h=768&auto=format

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

1a1dc2ed68bd3fa0920d0e05824e13610df9adf157950fb093c5ddf566c0038b

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Sat, 26 Aug 2023 07:16:27 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: f7189a95dbb4a141e3591d49faa9112d
age: 1230855
x-varnish-age: 0
x-b3-parentspanid: ef0c6fdb7a44e594
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26714
last-modified: Mon, 22 May 2023 16:32:22 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: e4c491267fc0aca4
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 365b7d287df11e18816bf448ec07fc148dd41eb8-1280x960.png
cdn.sanity.io/images/3rd8yckx/production/ 41 KB
41 KB 46ms
46ms Image
image/webp 35.190.70.79
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.sanity.io/images/3rd8yckx/production/365b7d287df11e18816bf448ec07fc148dd41eb8-1280x960.png?w=1024&h=768&auto=format

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/223-f88019c32efe2c638158.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.70.79 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

79.70.190.35.bc.googleusercontent.com

Software

Resource Hash

ccb0c581669d43e5ef5dba553a8029bde655fb9b1de57248383f2968753c41f0

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: script-src 'none'
x-sanity-asset-storage: gcs-default
x-content-type-options: nosniff
date: Sat, 26 Aug 2023 07:33:50 GMT
via: 1.1 google
xkey: project-3rd8yckx-production
x-b3-traceid: 47a98eee78a3e81b5e84cea51194bf12
age: 1229812
x-varnish-age: 10087
x-b3-parentspanid: 7c2ae24306b47443
vha6-origin: image-varnish-ssd-2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42250
last-modified: Fri, 13 Mar 2020 11:22:50 GMT
vary: origin, accept
content-type: image/webp
cache-control: public, max-age=31536000, s-maxage=2592000
x-b3-spanid: 7d33bd1faad31584
x-b3-sampled: 0
accept-ranges: bytes

GET
H2 200 page-data.json
www.cliniko.com/page-data/features/ 0
14 KB 46ms
44ms Other
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/features/page-data.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WS2PKYG9S0T563QS2AF
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 14021
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 14654
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "8ef63f7dbfc2fa2d4d7616c8651c857a-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 page-data.json
www.cliniko.com/page-data/help/ 0
3 KB 91ms
89ms Other
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/help/page-data.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WS37190J5MG7DPXMABE
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 68159
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 2233
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "aeb5d57df6836c9aea6a9c56de53d90e-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 page-data.json
www.cliniko.com/page-data/policies/cookies/ 0
305 B 93ms
92ms Other
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/policies/cookies/page-data.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cliniko.com/
Origin: https://www.cliniko.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WS3B0J4225H6MRKEGKN
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:45 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 60819
x-content-type-options: nosniff
etag: "1d39b267c291e8c8914e74662be343a2-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 169
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json Show response
www.cliniko.com/page-data/features/ 42 KB
14 KB 48ms
47ms XHR
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/features/page-data.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

99a386ffa17a62717932c6c5d7e2f97fbea6aedfc1b7dbd121e21f126a5bd99c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WW20FNPWYWNY6NT7QHB
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 14021
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 14654
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "8ef63f7dbfc2fa2d4d7616c8651c857a-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 page-data.json Show response
www.cliniko.com/page-data/help/ 9 KB
2 KB 45ms
44ms XHR
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/help/page-data.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

c34c3269293b9a7df8be25166f869922b56c0578d0666950f99495c2ca3eab3a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WW2W7WTDVCKSD8WNR5D
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 68159
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 2233
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "aeb5d57df6836c9aea6a9c56de53d90e-ssl-df"
vary: Accept-Encoding
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 page-data.json Show response
www.cliniko.com/page-data/policies/cookies/ 169 B
225 B 49ms
49ms XHR
application/json 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/page-data/policies/cookies/page-data.json

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

3d2c36880f578a20f30f1060cb88941fc37d4d6b1c132d0cd147e4a4969e07a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WW46DHBWV333HVTPJ8A
content-security-policy: frame-ancestors 'none';
date: Sat, 09 Sep 2023 13:10:45 GMT
referrer-policy: same-origin
strict-transport-security: max-age=31536000
server: Netlify
age: 60819
x-content-type-options: nosniff
etag: "1d39b267c291e8c8914e74662be343a2-ssl"
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-type: application/json
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes
content-length: 169
x-xss-protection: 1; mode=block

GET
H2 200 component---src-pages-help-js-f6292355b95a91f4374d.js
www.cliniko.com/ 0
7 KB 45ms
44ms Other
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/component---src-pages-help-js-f6292355b95a91f4374d.js

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WY579R543AQ5YG9ZR7K
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 59392
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 7174
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "536605c14b81d41314f58847f0d770cc-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 component---src-pages-features-js-f07f19b4fc4489d0dbb9.js
www.cliniko.com/ 0
917 B 45ms
44ms Other
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/component---src-pages-features-js-f07f19b4fc4489d0dbb9.js

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WYB7Q2DYC4BKM1FQVKG
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 68233
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 793
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "883c0d3c253264cfb227e6d18df7ead5-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

GET
H2 200 component---src-pages-policies-cookies-js-fc1c5f97694771833465.js
www.cliniko.com/ 0
2 KB 47ms
46ms Other
application/javascript 2a05:d014:275:cb02::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cliniko.com/component---src-pages-policies-cookies-js-fc1c5f97694771833465.js

Requested by

Host: www.cliniko.com
URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb02::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.cliniko.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-nf-request-id: 01H9X11WYDWSF4M65A0KWD8811
content-security-policy: frame-ancestors 'none';
content-encoding: br
x-content-type-options: nosniff
date: Sat, 09 Sep 2023 13:10:45 GMT
strict-transport-security: max-age=31536000
age: 60818
content-security-policy-report-only: base-uri 'self'; child-src https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://*.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com; default-src 'self'; font-src 'self' data: https://*.cloudfront.net https://js.intercomcdn.com; form-action 'self' https://intercom.help https://api-iam.intercom.io; frame-ancestors 'none'; img-src 'self' data: https:; manifest-src 'self'; media-src: https://js.intercomcdn.com script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.polyfill.io; style-src 'self' 'report-sample' 'unsafe-inline'; report-uri https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly;
content-length: 1881
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: Netlify
etag: "cc3cc6e18c044ca32680c46a7ee84110-ssl-df"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cliniko.com/	1970-01-21 00:13:45	Name: _ga Value: GA1.2.1316309466.1694265042
.cliniko.com/	1970-01-20 14:39:11	Name: _gid Value: GA1.2.1100739987.1694265043
.cliniko.com/	1970-01-21 00:13:45	Name: _ga_YC35D4SQ9X Value: GS1.1.1694265042.1.1.1694265043.0.0.0

275 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.cliniko.com/ Message: The Content-Security-Policy directive name 'media-src:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://www.cliniko.com/ Message: [Report Only] Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-YC35D4SQ9X' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/ Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-0BNc3vqwsKaIosI4OxmXZO/DF29Jxz6mtX4QpUMlSRk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "default-src 'self'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/ Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 211) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-UIxXD8fF/W7coY2NtAJ8jnU9KAHa9/FMLPA+H6nd1BQ='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/ Message: [Report Only] Refused to load the script 'https://cdn.polyfill.io/v3/polyfill.min.js?features=default,EventSource,NodeList.prototype.forEach,Number.isInteger,Symbol' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-BN4YgQpyk/K+EomOtsMisFRDBzYrWJK/3VtmMujSCdk='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.cliniko.com/(Line 280) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-jLvw6YFq4XeAHnuD2DO8Eq79Al8d0To8PJ/pItoVQj4='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://www.cliniko.com/app-954f8e08c39bd021810c.js(Line 1) Message: [Report Only] Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-YC35D4SQ9X(Line 179) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-YC35D4SQ9X&gtm=45je3960&_p=376804875&cid=1316309466.1694265042&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694265042&sct=1&seg=0&dl=https%3A%2F%2Fwww.cliniko.com%2F&dt=Allied%20Health%20Practice%20Management%20Software%20-%20Cliniko&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-YC35D4SQ9X(Line 179) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-YC35D4SQ9X&gtm=45je3960&_p=376804875&cid=1316309466.1694265042&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1694265042&sct=1&seg=0&dl=https%3A%2F%2Fwww.cliniko.com%2F&dt=Allied%20Health%20Practice%20Management%20Software%20-%20Cliniko&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.cliniko.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.honeybadger.io https://.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com".
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()
network	error	URL: https://fa4a51a09d12751e5d532cfce80751aa.report-uri.com/r/d/csp/reportOnly Message: Failed to load resource: the server responded with a status of 429 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.polyfill.io
cdn.sanity.io
d33wubrfki0l68.cloudfront.net
fa4a51a09d12751e5d532cfce80751aa.report-uri.com
region1.google-analytics.com
start.au2.cliniko.com
www.cliniko.com
www.google-analytics.com
www.googletagmanager.com
143.204.214.12
151.101.194.217
2001:4860:4802:32::36
2606:4700::6811:b658
2a00:1450:4001:809::200e
2a00:1450:4001:830::2008
2a04:4e42:400::282
2a05:d014:275:cb01::c8
2a05:d014:275:cb02::c8
35.190.70.79
03bc60d3b1909b453d5316c27d1734d4184927f4194d8d5b990a39556ef2a39b
040277d2451f6f18868fdb4166845b9147932e78a77930ac6803d9aad32be436
046c3c41fe2e3ba004656d7a7fa6c4a3849b48bb48e8d4bb2d398fa1d73eae37
094611b3749d83fe497e01da54fc5d914b6500800804a81c0fd5ef109396bc1e
09c550fc987d217ab0e181a511674f13e603c173b3ff4b77871186913499bb4e
0d567a699074f1ab39d8ef5a32df09d977f7f42e3a4d8504d0abba87a9cee7ff
1845f86b49d7119fdfeb3f3c425ee28abd05223f3b17b78324012b6aa3bfecb2
1a1dc2ed68bd3fa0920d0e05824e13610df9adf157950fb093c5ddf566c0038b
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
253ddbd9b7c021d9f50f6f6c057fe1a923a49c2ef0027cde945da8d66eca05bc
2694d44a57e37d44ccd37aec759bad2cc513b4cc24216af71a1c5efd291f8e15
2e159c2db328d6579e04bbf7b754803f452a6d8aff7e1c1adba8f0ef9ebd593e
32e38c849079c7587a006252fe708ce999ae28124711f729104f0f857d470311
3d2c36880f578a20f30f1060cb88941fc37d4d6b1c132d0cd147e4a4969e07a2
40dbba9af0b0a5cbc5fdabec1cfa1e2a21668ed6206a8eb93f3b77c64f55188e
4a1b7bebb319366f509c3759f416c9b647661e98f129511bf5ace287dd20d91e
511e6739f9ec2ee804e5f9e8200f07b5db48a5957f72e4e14ed8d2d53e45bf4f
5b1aa6939b032aa5e2ccec7195a6e95ee8fc8ab5703cf55d18cf2ef0a5b58ad7
6655574feb80f1c2a7f82dfcb12fd6159494aa418db3c8fe479e83c575251e36
6d81767ca3576b3f2deaefbfc48bb93b010ef2d2c83b3707a98ff0e1d9cdfe8b
6deb3f8af51a41f7b2cf2a6c59c5987d5355be68a9e99db33795006ff53fe011
70a3aea11036ccd8bcb3cc6b3bc3fd298287c3112b310faf40d3f3979fa7712a
7d56b1e910fa02de5b0b88eabec2e9cbf695588161722563ebca845692a3f53c
7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa
845e542a5974623b6e76fbcdc2e9c9aa0c21dd8ec22f428d7fb2a294e60ea536
84c604f8e7e91c9819e29b26d1164ceb1b0b9bcd5980881f2363a01d457884bd
95788cd5ba3f9b4b9098470ed76ba6d4c59e38ea235854fe8524fd50df00a1fe
989050cfaca9cef4642cfb414bfc3add16858a6048e8fc9115296f40aac9128f
99a386ffa17a62717932c6c5d7e2f97fbea6aedfc1b7dbd121e21f126a5bd99c
9d8e62dd6e765a1121ce98d904aaa1377d28b816f8b59a92501ae2f8daf59d7d
9fcb1a76ad4d31169b1665a20cf9f9d278d42ee48d926fac27a47d4463e9eb90
a401d46f51a6b7d06a99bd81be9e79581a46da53f0cf6512e22fdafff0294bd0
a58c98161fd5c090f4fc8feb30e5be2e45ed10cc30727f83bb7b091ea9a64222
a7948de91cfbd587f8027addb2aae0dda9f2c558ff7194a9d47c31586b952a30
b2760dc672c9f896b7b2cbd19036cc581a073729d484c8d64b1223e6afdfaf66
b37c4e94805388fff93176114bf473524ae4f64368d00c77f4a0f8dc9ababa1f
b856ee7ed9e3ed295042dfc20ce312d19ad3ff5daf6d33842d9a29f0d8ca7bb6
bd5c76ddcdf181af38e09b59a27df573290d63c0be0b6d197a8e51bb978395c1
be36ec35d7650ee060cffa286baaeee29298c3ab45d9352b9d8d4b823be630ff
c1cc238b889b5c92f9b0b230bb2c3e0180c08cdb65379424a7760bbc48de57b7
c34c3269293b9a7df8be25166f869922b56c0578d0666950f99495c2ca3eab3a
c965770d3fc2c2d576a8ae873a2da0f0bd6ed0470c4777d98cafc69091112477
c9cacab6be80b747899b60a8feb4e60b3171c46b5664f136662e69b7c73430f5
ccb0c581669d43e5ef5dba553a8029bde655fb9b1de57248383f2968753c41f0
d3c4e76f9fe44b68c7a2c39f2650e981ca1456557dbebea8b41da78d385040fa
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e06fe31967801119931f906ddd7295e809f9e8d56f29ee722a5c8005a23487bc
e32073461c090a3f51d1d055ee56890c4eef5af592443d16c52222e484d1984c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74c121f11a2e37e7bc3a50c485f5864750b950e103ec0b35b37138fa0e40505
ec36f8fe22f65191c1d36146ebb9123c9ada2a143137d6b0628b4b7653f5e074
eeb1ef7dcacb53823edebb4c5a5b31a0e0cdb0b10526ff8bd919989f9fe3b2c2
ff5358fadf010c2dc7ca30f235395ae11ed5797a0ed1dd4d955594f9099987af

www.cliniko.com Open in urlscan Pro 2a05:d014:275:cb02::c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

88 Requests

100 %HTTPS

70 %IPv6

7 Domains

9 Subdomains

10 IPs

2 Countries

2360 kBTransfer

3433 kBSize

3 Cookies

8 Outgoing links

Page URL History

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 18 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cliniko.com Open in urlscan Pro
2a05:d014:275:cb02::c8 Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

100 %
HTTPS

70 %
IPv6

7
Domains

9
Subdomains

10
IPs

2
Countries

2360 kB
Transfer

3433 kB
Size

3
Cookies

88 HTTP transactions
18 data transactions