www.hbf.com.au Open in urlscan Pro
104.74.42.195 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://hbf.com.au/
Effective URL:
https://www.hbf.com.au/
Submission Tags: tranco_l324
Submission: On March 29 via api (March 29th 2024, 9:48:56 am UTC) from DE — Scanned from AU

Summary HTTP 28 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 28 HTTP transactions. The main IP is 104.74.42.195, located in Sydney, Australia and belongs to AKAMAI-AS, US. The main domain is www.hbf.com.au.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 31st 2023. Valid for: a year.

This is the only time www.hbf.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	203.153.232.51 203.153.232.51	4826 (VOCUS-BAC...) (VOCUS-BACKBONE-AS Vocus Connect International Backbone)
26	104.74.42.195 104.74.42.195	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.17.183.88 104.17.183.88	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	3

1 203.153.232.51 (Perth, Australia) 1 redirects

ASN4826 (VOCUS-BACKBONE-AS Vocus Connect International Backbone, AU)
PTR: hbf-extra4.amnet.net.au

hbf.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 104.74.42.195 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a104-74-42-195.deploy.static.akamaitechnologies.com

www.hbf.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.183.88 (None, )

ASN13335 (CLOUDFLARENET, US)

hbftest.report-uri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	hbf.com.au 1 redirects hbf.com.au www.hbf.com.au metrics.hbf.com.au Failed	847 KB
1	report-uri.com hbftest.report-uri.com	617 B
28	2

	Domain	Requested by
26	www.hbf.com.au	www.hbf.com.au
1	hbftest.report-uri.com	www.hbf.com.au
1	hbf.com.au	1 redirects
0	metrics.hbf.com.au Failed	www.hbf.com.au
28	4

This site contains links to these domains. Also see Links.

Domain
www.wikihow.com
www.hbfrun.com.au
itunes.apple.com
play.google.com
www.facebook.com
twitter.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
www.hbf.com.au DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-31` - `2024-08-13`	a year	crt.sh
report-uri.com E1	`2024-03-25` - `2024-06-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.hbf.com.au/
Frame ID: 0B9F3EB5749A41312D4C0EA4C9F1917D
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HBF | Health Insurance

Page URL History Show full URLs

http://hbf.com.au/ HTTP 307
https://hbf.com.au/ HTTP 301
https://www.hbf.com.au/ Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

28
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

847 kB
Transfer

1724 kB
Size

14
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.wikihow.com/Enable-Cookies-in-Your-Internet-Web-Browser
Title: this link.

Search URL Search Domain Scan URL

URL: https://www.hbfrun.com.au/
Title: Join us on Sunday 19 May plus HBF members save 20% on the entry fee

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/au/app/hbf-health/id524315196?mt=8

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.mobilenation.hbf&hl=en

Search URL Search Domain Scan URL

URL: https://www.facebook.com/hbfhealth
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/hbfhealth
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/HBFAustralia
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hbfhealth/
Title: Instagram

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://hbf.com.au/ HTTP 307
https://hbf.com.au/ HTTP 301
https://www.hbf.com.au/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.hbf.com.au/
Redirect Chain

http://hbf.com.au/
https://hbf.com.au/
https://www.hbf.com.au/

849 KB
223 KB

763ms
723ms

Document
text/html

104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

070bda60fe37663aa8e2aed86f45ee099b4c4905262e2388ebd8f0d57ff3905b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type: text/html; charset=utf-8
date: Fri, 29 Mar 2024 09:48:52 GMT
expires: -1
pragma: no-cache
server
server-timing: dtSInfo;desc="0", dtRpid;desc="-1454971885"
strict-transport-security: max-age=63072000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-oneagent-js-injection: true
x-ruxit-js-agent: true
x-xss-protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Location: https://www.hbf.com.au/
Server: BigIP

GET
H2 200 ruxitagentjs_ICANVfghqru_10285240307101407.js Show response
www.hbf.com.au/ 207 KB
83 KB 4ms
3ms Script
text/javascript 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10285240307101407.js

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

60ebbb64f613b643162e669be634348fcd92750a658e4c56309d3bbc5e196323

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
last-modified: Wed, 03 Mar 2010 07:01:40 GMT
server
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=30329659
content-length: 82010
x-xss-protection: 1; mode=block
expires: Sat, 15 Mar 2025 10:43:11 GMT

GET
H2 200 VisitorIdentification.js Show response
www.hbf.com.au/layouts/system/ 2 KB
4 KB 2ms
2ms Script
application/javascript 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/layouts/system/VisitorIdentification.js

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

126b381f32f601d12e517bff52589bd007f815ec05a422e22c118f6497a2abfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 740
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Dec 2017 06:40:58 GMT
server
etag: "079b77fa674d31:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=492693
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:40:25 GMT

POST
H3 201 reportOnly
hbftest.report-uri.com/r/d/csp/ 0
617 B 27ms
13ms Other
text/plain 104.17.183.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hbftest.report-uri.com/r/d/csp/reportOnly

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.183.88 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 29 Mar 2024 09:48:52 GMT
strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server: cloudflare
vary: Accept-Encoding
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type: text/plain;charset=UTF-8
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cf-ray: 86bef25a28565723-SYD
alt-svc: h3=":443"; ma=86400
content-length: 0

GET gtm.js
metrics.hbf.com.au/ 0
0

GET
H2 200 icons-global.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 105 KB
35 KB 3ms
3ms Other
image/svg+xml 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/icons-global.svg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

7e908c6f63e11a32f61976b089e3e4e6304de32685441b68b5c8197ca2310cc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 32799
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:25:02 GMT
server
etag: "02bcf52d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=492820
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:32 GMT

GET
H2 200 hbf-logo-primary.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 3 KB
4 KB 5ms
5ms Image
image/svg+xml 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/hbf-logo-primary.svg?v=1.0.2.116

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

c366a8d99c394ba19f44fb439273e2b92fea3e344987b76f5c6c05fbe6863d68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 1490
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=492825
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:37 GMT

GET
H2 200 myhbflogin-mini_module-c7ead445ea.min.js Show response
www.hbf.com.au/Resources/HBF.Modules.myHBF/scripts/submodule/ 4 KB
4 KB 4ms
4ms Script
application/javascript 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/HBF.Modules.myHBF/scripts/submodule/myhbflogin-mini_module-c7ead445ea.min.js

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

5622fc3ad3311a018d775241213d8e1a62974695d4ab41378bafe5d7c3d4ff1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 1152
x-xss-protection: 1; mode=block
last-modified: Thu, 21 Sep 2023 05:14:38 GMT
server
etag: "07391844aecd91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=492731
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:41:03 GMT

GET
H2 200 myhbf-login-60ff54e052.css
www.hbf.com.au/Resources/HBF.Modules.myHBF/css/ 2 KB
3 KB 6ms
4ms Stylesheet
text/css 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.603

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

c517be8f970a887f083d2766a5da6b37da8330e67c0556e5552bfb4789ca2974

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 668
x-xss-protection: 1; mode=block
last-modified: Thu, 21 Sep 2023 05:14:38 GMT
server
etag: "07391844aecd91:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=492802
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:14 GMT

GET
H2 200 hbf-logo-2020.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 1 KB
4 KB 7ms
5ms Image
image/svg+xml 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/hbf-logo-2020.svg?v=1.0.2.116

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

3826cab7a1d8668a2f60bf342e4a2466d70f0aa24e72b52b2f6f02531c67cc32

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 805
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=492915
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:44:07 GMT

GET
H2 200 notification-bar.css
www.hbf.com.au/Resources/hbf.com.au/css/ 4 KB
4 KB 8ms
6ms Stylesheet
text/css 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/css/notification-bar.css?v=1.0.5.1041

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

aadd7bdd77d040996bf325fad42b7937fb2deb875f29e633771c8c34f528c833

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="0", dtRpid;desc="-222696967"
content-length: 874
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:24:42 GMT
server
etag: "06920e92d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=1836780
accept-ranges: bytes
expires: Fri, 19 Apr 2024 16:01:52 GMT

GET
H2 200 hero-standard.css
www.hbf.com.au/Resources/hbf.com.au/css/ 2 KB
3 KB 9ms
7ms Stylesheet
text/css 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/css/hero-standard.css?v=1.0.5.1041

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

dafe830772c603fe9336f3507fda5851388a25234be038066df4f92fd40bb02f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 618
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:24:44 GMT
server
etag: "09651ea2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=492836
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:48 GMT

GET
H2 200 hero-box-list.css
www.hbf.com.au/Resources/hbf.com.au/css/ 2 KB
4 KB 9ms
8ms Stylesheet
text/css 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/css/hero-box-list.css?v=1.0.5.1041

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

4432776d811fd53dbefc1c3aa183914349fd7c6d57a605c32fa40eedc7e09fc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length: 735
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:24:46 GMT
server
etag: "0c382eb2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=492790
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:02 GMT

GET
H2 200 phi-exp.css
www.hbf.com.au/Resources/hbf.com.au/css/ 6 KB
4 KB 10ms
9ms Stylesheet
text/css 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/css/phi-exp.css?v=1.0.5.1041

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

485c538e127375752f83e43598e1852a0b21ce8fd094af85511ff4b0f254e6d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 1269
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:25:00 GMT
server
etag: "0fedaf32d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=492807
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:19 GMT

GET
H2 200 footer-logo-app-store.svg
www.hbf.com.au/Resources/hbf.com.au/images/global/ 6 KB
5 KB 11ms
10ms Image
image/svg+xml 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer-logo-app-store.svg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

bd72b31f37207cec5da3dcbdb28021bb7913c4c53ab863e88c2b5ce35ea074d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 2379
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=492751
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:41:23 GMT

GET
H2 200 footer-logo-play-store.svg
www.hbf.com.au/Resources/hbf.com.au/images/global/ 11 KB
6 KB 12ms
11ms Image
image/svg+xml 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer-logo-play-store.svg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

f1e2f9746163a355386bdc879d1bbe3eff37829e0bca044a59d38ed8efd1a60f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="0", dtRpid;desc="25191093"
content-length: 3633
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=492868
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:43:20 GMT

GET
H2 200 icons-lifestages.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 23 KB
8 KB 3ms
3ms Other
image/svg+xml 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/icons-lifestages.svg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

fdf2e207fd7454d1b690d1a6cefe214c7056979df0d6a11be6ff72b60f7208cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 5417
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:24:46 GMT
server
etag: "0c382eb2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=492836
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:42:48 GMT

GET
H2 200 my_logo_small.png
www.hbf.com.au/Resources/hbf.com.au/images/global/ 664 B
3 KB 4ms
4ms Image
image/png 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/global/my_logo_small.png

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.603

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

36c892ed0f3984edc6b7f72cc13ef87e6ced849e60b434ca9b7f62b5487f87b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.603
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=492825
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 664
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:42:37 GMT

GET
DATA 200
OK truncated
/ 301 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1241114ef793919ce5616c035f031dc79262697abe666df83a73e3ecd343f26b

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
DATA 200
OK truncated
/ 303 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23b900ba3978824ea16bbbb2e217af8d59c04d1420dac46198bf8fa431a4e27e

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H2 200 how-to-guide2.jpg
www.hbf.com.au/-/media/images/hbf/navigation/ 88 KB
91 KB 6ms
5ms Image
image/jpeg 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/-/media/images/hbf/navigation/how-to-guide2.jpg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

208f60d350ad338397cf51522aff076f426bb9771f6942f2c56a1c3922d9e950

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Mar 2024 04:09:26 GMT
server
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=498102
content-disposition: inline; filename="how-to-guide2.jpg"
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 90047
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 04:10:34 GMT

GET
H2 200 aff50-1920x600.jpg
www.hbf.com.au/-/media/images/hbf/banners/hero-banners/2022/ 170 KB
173 KB 8ms
7ms Image
image/jpeg 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/-/media/images/hbf/banners/hero-banners/2022/aff50-1920x600.jpg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

b2845a589fde5ad084f46980e781f2ff1663a91b08aabc59d267e44c1ec9c647

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 28 Jun 2022 02:55:54 GMT
server
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=492951
content-disposition: inline; filename="AFF50-1920x600.jpg"
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 173768
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:44:43 GMT

GET
H2 200 young-couple-researching.jpg
www.hbf.com.au/-/media/images/hbf/articles/thumbnails/ 34 KB
37 KB 2ms
2ms Image
image/jpeg 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/-/media/images/hbf/articles/thumbnails/young-couple-researching.jpg

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

eae90f1241d79313d015130627a7e4bfe5a7b50b03e9e3bd8ef4d1f2dd116747

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jun 2020 07:40:39 GMT
server
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=492848
content-disposition: inline; filename="young couple researching.jpg"
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 34835
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:43:00 GMT

GET
DATA 200
OK truncated
/ 284 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 234e5b495b6340239b025103bdde1ebdcf13d1c1cbdc3e69acd062ead6f33ab2

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H2 200 footer_social.png
www.hbf.com.au/Resources/hbf.com.au/images/global/ 1 KB
4 KB 5ms
3ms Image
image/png 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer_social.png

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

f3a3a9a22cc2feeee816992d5b31a6757308c9badd626fca1b2dc7be8d2b864f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=492719
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 1531
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:40:51 GMT

GET
H2 200 hbf.css
www.hbf.com.au/Resources/hbf.com.au/css/ 82 KB
17 KB 3ms
3ms Stylesheet
text/css 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

13ebfb6715df8697c788b07202b0aeedda684552df5b35f79ce64a2142d21801

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="0", dtRpid;desc="1612524334"
content-length: 14148
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:25:00 GMT
server
etag: "0fedaf32d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=492856
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:43:08 GMT

GET
H2 200 exclamation_functionality_missing.png
www.hbf.com.au/Resources/hbf.com.au/images/icons/ 882 B
4 KB 5ms
5ms Image
image/png 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/images/icons/exclamation_functionality_missing.png

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

4dcab93a5283f441441ee1e00001c09b30c55c06a8580f4d748a328eb9bf8c9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=492825
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 882
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:42:37 GMT

GET
H2 200 browser-update2.js Show response
www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/ 9 KB
6 KB 3ms
3ms Script
application/javascript 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/browser-update2.js

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

22adfe14c7c2fd4bef80affabeab68931048c70e03d66108eb8538110ee651f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 29 Mar 2024 09:48:52 GMT
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing: dtSInfo;desc="1"
content-length: 3620
x-xss-protection: 1; mode=block
last-modified: Thu, 22 Feb 2024 01:18:30 GMT
server
etag: "0b765b2d65da1:0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=492708
accept-ranges: bytes
expires: Thu, 04 Apr 2024 02:40:40 GMT

GET
DATA 200
OK truncated
/ 250 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f69f6e6240becaf47a6a1c7b5c8e48ff55d1a7e5fa047a8efcb1d9b9f07f8c4

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H2 200 FSMeWeb-Regular.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 21 KB
23 KB 4ms
4ms Font
application/font-woff2 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Regular.woff2

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

7e4cc6e5e28d810f888a5b05d3568e3fd01b26d274a62ccf2511666c2960ba1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin: https://www.hbf.com.au
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 01:18:29 GMT
server
etag: "0b765b2d65da1:0:dtagent102832401171522148dsr"
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: application/font-woff2
cache-control: max-age=492904
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 21060
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:43:56 GMT

GET
H2 200 FSMeWeb-Bold.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 44 KB
47 KB 5ms
5ms Font
application/font-woff2 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Bold.woff2

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

6cb037948167b19b7b593a8b268023cf3f9db51ae5f5f20c2f4d33a51acdbd8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin: https://www.hbf.com.au
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 01:18:29 GMT
server
etag: "0b765b2d65da1:0:dtagent102832401171522148dsr"
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: application/font-woff2
cache-control: max-age=492783
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 45188
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:41:55 GMT

GET
H2 200 FSMeWeb-Light.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 44 KB
47 KB 3ms
3ms Font
application/font-woff2 104.74.42.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Light.woff2

Requested by

Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.74.42.195 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-74-42-195.deploy.static.akamaitechnologies.com

Software

Resource Hash

c0e1b82c4eae6c29292f6dc53ff355c918c83de935c78218579879ac8f9412a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin: https://www.hbf.com.au
accept-language: en-AU,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=63072000
date: Fri, 29 Mar 2024 09:48:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 01:18:29 GMT
server
etag: "0b765b2d65da1:0:dtagent102832401171522148dsr"
content-security-policy-report-only: connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options: SAMEORIGIN
content-type: application/font-woff2
cache-control: max-age=492785
server-timing: dtSInfo;desc="1"
accept-ranges: bytes
content-length: 45220
x-xss-protection: 1; mode=block
expires: Thu, 04 Apr 2024 02:41:57 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.hbf.com.au/	1969-12-31 23:59:59	Name: sc_device Value: Desktop
www.hbf.com.au/	1969-12-31 23:59:59	Name: sc_loc Value: NSW
www.hbf.com.au/	1969-12-31 23:59:59	Name: sc_locp Value: NSW
www.hbf.com.au/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: qaaeou025xzb4tn1e1eb4laa
www.hbf.com.au/	1970-01-21 05:04:25	Name: SC_ANALYTICS_GLOBAL_COOKIE Value: 58d95883a3aa4955b965a36f2da8a633\|False
www.hbf.com.au/	1970-01-20 20:54:49	Name: quote Value: quoteid=bjAD7N8jyEKC/kTvgjHcMg==&quote=lxbINwMPwndH88S7BynRDrXzSqrYGq3G+uGaOHdjmJuFFmskBtd3GEGFTjVOKatql/gP0PIsUsXCjo705OvT6CixPNpO3Fb0G5EfZOOoAOJc+gBLona/A/EmbNnvq9rDQrlJgIbnkK6jaaTL0Miqk9AV3jsjoxxvbd7TF3p8T1ccibW1bXOWJaiojTO7ldio
www.hbf.com.au/	1969-12-31 23:59:59	Name: Bootstrap Value: 1
www.hbf.com.au/	1969-12-31 23:59:59	Name: __RequestVerificationToken Value: IRysOoGhA3oQp_LhOqT_fpgsqbjuAzUValJ6KTN5E60q_WS2S5P8OLPW7Kp3D5A7B14sxQhBZGdeYqDY776B7XJEiNmz9tULDOBMA9HlTsY1
.hbf.com.au/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_6_sn_B583CD46E64AC31FE758B8CD855BBEFB_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0
www.hbf.com.au/	1970-01-20 19:28:26	Name: HBFCOMAU Value: 1493834156.20480.0000
.hbf.com.au/	1969-12-31 23:59:59	Name: rxVisitor Value: 17117057321811Q1K6IT2EDNHO8NJ0FJO31AIC3JMHQQA
.hbf.com.au/	1969-12-31 23:59:59	Name: dtPC Value: 6$505732179_39h1vPFIKBORMHEFHWQKMTWPILMCMOHLNQBHA-0e0
.hbf.com.au/	1969-12-31 23:59:59	Name: dtSa Value: -
.hbf.com.au/	1969-12-31 23:59:59	Name: rxvt Value: 1711707532189\|1711705732183

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.hbf.com.au/(Line 87) Message: [Report Only] Refused to load the script 'https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com .google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net .outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com .cloudfront.net .demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com .liveperson.net .trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

hbf.com.au
hbftest.report-uri.com
metrics.hbf.com.au
www.hbf.com.au
metrics.hbf.com.au
104.17.183.88
104.74.42.195
203.153.232.51
070bda60fe37663aa8e2aed86f45ee099b4c4905262e2388ebd8f0d57ff3905b
1241114ef793919ce5616c035f031dc79262697abe666df83a73e3ecd343f26b
126b381f32f601d12e517bff52589bd007f815ec05a422e22c118f6497a2abfc
13ebfb6715df8697c788b07202b0aeedda684552df5b35f79ce64a2142d21801
1f69f6e6240becaf47a6a1c7b5c8e48ff55d1a7e5fa047a8efcb1d9b9f07f8c4
208f60d350ad338397cf51522aff076f426bb9771f6942f2c56a1c3922d9e950
22adfe14c7c2fd4bef80affabeab68931048c70e03d66108eb8538110ee651f6
234e5b495b6340239b025103bdde1ebdcf13d1c1cbdc3e69acd062ead6f33ab2
23b900ba3978824ea16bbbb2e217af8d59c04d1420dac46198bf8fa431a4e27e
36c892ed0f3984edc6b7f72cc13ef87e6ced849e60b434ca9b7f62b5487f87b0
3826cab7a1d8668a2f60bf342e4a2466d70f0aa24e72b52b2f6f02531c67cc32
4432776d811fd53dbefc1c3aa183914349fd7c6d57a605c32fa40eedc7e09fc6
485c538e127375752f83e43598e1852a0b21ce8fd094af85511ff4b0f254e6d3
4dcab93a5283f441441ee1e00001c09b30c55c06a8580f4d748a328eb9bf8c9c
5622fc3ad3311a018d775241213d8e1a62974695d4ab41378bafe5d7c3d4ff1c
60ebbb64f613b643162e669be634348fcd92750a658e4c56309d3bbc5e196323
6cb037948167b19b7b593a8b268023cf3f9db51ae5f5f20c2f4d33a51acdbd8c
7e4cc6e5e28d810f888a5b05d3568e3fd01b26d274a62ccf2511666c2960ba1d
7e908c6f63e11a32f61976b089e3e4e6304de32685441b68b5c8197ca2310cc5
aadd7bdd77d040996bf325fad42b7937fb2deb875f29e633771c8c34f528c833
b2845a589fde5ad084f46980e781f2ff1663a91b08aabc59d267e44c1ec9c647
bd72b31f37207cec5da3dcbdb28021bb7913c4c53ab863e88c2b5ce35ea074d9
c0e1b82c4eae6c29292f6dc53ff355c918c83de935c78218579879ac8f9412a9
c366a8d99c394ba19f44fb439273e2b92fea3e344987b76f5c6c05fbe6863d68
c517be8f970a887f083d2766a5da6b37da8330e67c0556e5552bfb4789ca2974
dafe830772c603fe9336f3507fda5851388a25234be038066df4f92fd40bb02f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae90f1241d79313d015130627a7e4bfe5a7b50b03e9e3bd8ef4d1f2dd116747
f1e2f9746163a355386bdc879d1bbe3eff37829e0bca044a59d38ed8efd1a60f
f3a3a9a22cc2feeee816992d5b31a6757308c9badd626fca1b2dc7be8d2b864f
fdf2e207fd7454d1b690d1a6cefe214c7056979df0d6a11be6ff72b60f7208cd

www.hbf.com.au Open in urlscan Pro 104.74.42.195 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

28 Requests

96 %HTTPS

0 %IPv6

2 Domains

4 Subdomains

3 IPs

2 Countries

847 kBTransfer

1724 kBSize

14 Cookies

8 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.hbf.com.au Open in urlscan Pro
104.74.42.195 Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

847 kB
Transfer

1724 kB
Size

14
Cookies

28 HTTP transactions
4 data transactions