www.carnet.aon.it Open in urlscan Pro
213.156.48.83 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.carnet.aon.it/
Submission: On June 26 via api (June 26th 2024, 4:50:37 pm UTC) from US — Scanned from IT

Summary HTTP 52 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 52 HTTP transactions. The main IP is 213.156.48.83, located in Lodi, Italy and belongs to FASTWEB, IT. The main domain is www.carnet.aon.it.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 26th 2024. Valid for: 9 months.

This is the only time www.carnet.aon.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	213.156.48.83 213.156.48.83	12874 (FASTWEB) (FASTWEB)
11	104.19.177.52 104.19.177.52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.32.137 104.18.32.137	13335 (CLOUDFLAR...) (CLOUDFLARENET)
52	3

40 213.156.48.83 (Lodi, Italy)

ASN12874 (FASTWEB, IT)
PTR: 213-156-48-83.ip.fastwebnet.it

www.carnet.aon.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.19.177.52 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.32.137 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	aon.it www.carnet.aon.it	1 MB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 378	165 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 653	306 B
52	3

	Domain	Requested by
40	www.carnet.aon.it	www.carnet.aon.it
11	cdn.cookielaw.org	www.carnet.aon.it cdn.cookielaw.org
1	geolocation.onetrust.com	cdn.cookielaw.org
52	3

This site contains links to these domains. Also see Links.

Domain
www.aon.com
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
aon.it DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-26` - `2025-03-29`	9 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.carnet.aon.it/
Frame ID: 7F671670F8367A35235A6D14DDE5282F
Requests: 52 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Lodash (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

lodash.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

52
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1582 kB
Transfer

5759 kB
Size

6
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.aon.com/about-aon/cookies.jsp
Title: Cookie Notice

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
200 Primary Request / Show response
www.carnet.aon.it/ 55 KB
20 KB 332ms
185ms Document
text/html 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

e113865df621f8559f4868e3893d4f9e3d499d28a4e495f2d65f69635bc264b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 15827
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Type: text/html;charset=UTF-8
Date: Wed, 26 Jun 2024 16:50:32 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=85
Liferay-Portal: Liferay Digital Experience Platform 7.1.10 GA1 (Judson / Build 7110 / July 2, 2018)
Pragma: no-cache
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 159ms
55ms Script
application/javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ceCldLDyZN6bSQL6yyKLMg==
age: 63787
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Tue, 25 Jun 2024 02:35:41 GMT
server: cloudflare
etag: 0x8DC94BF8198F6A8
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 27c9e704-601e-00db-1f1a-c7375c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb26a1cca7951-PMO

GET
H/1.1 200
200 lodash.js Show response
www.carnet.aon.it/o/frontend-js-lodash-web/lodash/ 531 KB
98 KB 281ms
151ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/frontend-js-lodash-web/lodash/lodash.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

e72838b890ddb64c68b72d9c9530c122de5850ba072d9e16342e3b132d229e73

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
content-length: 96462
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 21 Oct 2021 19:40:58 GMT
Server: Apache
ETag: "2461c33d-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 util.js Show response
www.carnet.aon.it/o/frontend-js-lodash-web/lodash/ 908 B
4 KB 283ms
70ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/frontend-js-lodash-web/lodash/util.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

1f16d151c74005c1fb966aa794f1e008757cf5944721b19ece0c8d2d7906c27b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 512
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 21 Oct 2021 19:40:58 GMT
Server: Apache
ETag: "81a04b81-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=81
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 clay.css
www.carnet.aon.it/o/AON-theme/css/ 587 KB
83 KB 128ms
119ms Stylesheet
text/css 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/css/clay.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

49a2985d884294bdc192be4ae1b6e2abe7edcbc911fae042ea4d701c1b0ac093

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
content-length: 80961
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 13 May 2024 13:56:34 GMT
Server: Apache
ETag: "1ecd5cfc-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/css;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=84
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 main.css
www.carnet.aon.it/o/frontend-css-web/ 106 KB
33 KB 190ms
79ms Stylesheet
text/css 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/frontend-css-web/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1710856578337

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

7b3b06fbd007449d7d901159b87f96c0bef83ce67f23b80f06dedd6503b92419

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 29737
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:18 GMT
Server: Apache
ETag: "80531bc6-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/css;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=83
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo
www.carnet.aon.it/ 12 KB
7 KB 237ms
115ms Stylesheet
text/css 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=&themeId=Theme_AON_WAR_AONtheme&languageId=it_IT&b=7110&com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_0JoPukhMuVhW:%2Fcss%2Fmain.css&com_liferay_portal_search_web_search_bar_portlet_SearchBarPortlet_INSTANCE_templateSearch:%2Fsearch%2Fbar%2Fcss%2Fmain.css&com_liferay_product_navigation_product_menu_web_portlet_ProductMenuPortlet:%2Fcss%2Fmain.css&com_liferay_site_navigation_menu_web_portlet_SiteNavigationMenuPortlet:%2Fcss%2Fmain.css&com_liferay_staging_bar_web_portlet_StagingBarPortlet:%2Fcss%2Fmain.css&t=1715608594000

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

94e6d6668d3c6c5dbc2e03bf37af2c28ec3683a68228c1e22b029783c27cb26e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 3793
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 13 May 2024 13:56:34 GMT
Server: Apache
ETag: "242a609a-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/css;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 js_loader_modules Show response
www.carnet.aon.it/o/ 1 MB
135 KB 370ms
151ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/js_loader_modules?t=1718801610038

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

81795dd856c4f83b4839360fbf87e1439a0212e8e14f6a4b7ef8edefb8301cb9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
content-length: 134200
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Wed, 19 Jun 2024 12:53:30 GMT
Server: Apache
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=80
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 js_loader_config Show response
www.carnet.aon.it/o/ 192 B
4 KB 304ms
66ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/js_loader_config?t=1718496797231

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

d47240e31be2ad55a762b437c25acef4bdcd22a5cd9620abc418bba08a3c4a19

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 154
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Sun, 16 Jun 2024 00:13:17 GMT
Server: Apache
ETag: "b98b4290-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=99
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo Show response
www.carnet.aon.it/ 550 KB
145 KB 374ms
120ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=js&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/jquery/jquery.js&/o/frontend-js-web/clay/popper.js&/o/frontend-js-web/clay/bootstrap.js&/o/frontend-js-web/aui/aui/aui.js&/o/frontend-js-web/aui/aui-base-html5-shiv/aui-base-html5-shiv.js&/o/frontend-js-web/liferay/browser_selectors.js&/o/frontend-js-web/liferay/modules.js&/o/frontend-js-web/liferay/aui_sandbox.js&/o/frontend-js-web/clay/collapsible-search.js&/o/frontend-js-web/clay/side-navigation.js&/o/frontend-js-web/jquery/fm.js&/o/frontend-js-web/jquery/form.js&/o/frontend-js-web/misc/svg4everybody.js&/o/frontend-js-web/aui/arraylist-add/arraylist-add.js&/o/frontend-js-web/aui/arraylist-filter/arraylist-filter.js&/o/frontend-js-web/aui/arraylist/arraylist.js&/o/frontend-js-web/aui/array-extras/array-extras.js&/o/frontend-js-web/aui/array-invoke/array-invoke.js&/o/frontend-js-web/aui/attribute-base/attribute-base.js&/o/frontend-js-web/aui/attribute-complex/attribute-complex.js&/o/frontend-js-web/aui/attribute-core/attribute-core.js&/o/frontend-js-web/aui/attribute-observable/attribute-observable.js&/o/frontend-js-web/aui/attribute-extras/attribute-extras.js&/o/frontend-js-web/aui/base-base/base-base.js&/o/frontend-js-web/aui/base-pluginhost/base-pluginhost.js&/o/frontend-js-web/aui/classnamemanager/classnamemanager.js&/o/frontend-js-web/aui/datatype-xml-format/datatype-xml-format.js&/o/frontend-js-web/aui/datatype-xml-parse/datatype-xml-parse.js&/o/frontend-js-web/aui/dom-base/dom-base.js&/o/frontend-js-web/aui/dom-core/dom-core.js&/o/frontend-js-web/aui/dom-screen/dom-screen.js&/o/frontend-js-web/aui/dom-style/dom-style.js&/o/frontend-js-web/aui/event-base/event-base.js&/o/frontend-js-web/aui/event-custom-base/event-custom-base.js&/o/frontend-js-web/aui/event-custom-complex/event-custom-complex.js&/o/frontend-js-web/aui/event-delegate/event-delegate.js&/o/frontend-js-web/aui/event-focus/event-focus.js&/o/frontend-js-web/aui/event-hover/event-hover.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

f1793efad94a2b1d087579b6b0692fa9a07015493a9b444586c9aa91b5c84482

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
content-length: 145373
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "1f171fbe-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=99
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo Show response
www.carnet.aon.it/ 106 KB
45 KB 368ms
84ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=js&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/aui/event-key/event-key.js&/o/frontend-js-web/aui/event-mouseenter/event-mouseenter.js&/o/frontend-js-web/aui/event-mousewheel/event-mousewheel.js&/o/frontend-js-web/aui/event-outside/event-outside.js&/o/frontend-js-web/aui/event-resize/event-resize.js&/o/frontend-js-web/aui/event-simulate/event-simulate.js&/o/frontend-js-web/aui/event-synthetic/event-synthetic.js&/o/frontend-js-web/aui/intl/intl.js&/o/frontend-js-web/aui/io-base/io-base.js&/o/frontend-js-web/aui/io-form/io-form.js&/o/frontend-js-web/aui/io-queue/io-queue.js&/o/frontend-js-web/aui/io-upload-iframe/io-upload-iframe.js&/o/frontend-js-web/aui/io-xdr/io-xdr.js&/o/frontend-js-web/aui/json-parse/json-parse.js&/o/frontend-js-web/aui/json-stringify/json-stringify.js&/o/frontend-js-web/aui/node-base/node-base.js&/o/frontend-js-web/aui/node-core/node-core.js&/o/frontend-js-web/aui/node-event-delegate/node-event-delegate.js&/o/frontend-js-web/aui/node-event-simulate/node-event-simulate.js&/o/frontend-js-web/aui/node-focusmanager/node-focusmanager.js&/o/frontend-js-web/aui/node-pluginhost/node-pluginhost.js&/o/frontend-js-web/aui/node-screen/node-screen.js&/o/frontend-js-web/aui/node-style/node-style.js&/o/frontend-js-web/aui/oop/oop.js&/o/frontend-js-web/aui/plugin/plugin.js&/o/frontend-js-web/aui/pluginhost-base/pluginhost-base.js&/o/frontend-js-web/aui/pluginhost-config/pluginhost-config.js&/o/frontend-js-web/aui/querystring-stringify-simple/querystring-stringify-simple.js&/o/frontend-js-web/aui/queue-promote/queue-promote.js&/o/frontend-js-web/aui/selector-css2/selector-css2.js&/o/frontend-js-web/aui/selector-css3/selector-css3.js&/o/frontend-js-web/aui/selector-native/selector-native.js&/o/frontend-js-web/aui/selector/selector.js&/o/frontend-js-web/aui/widget-base/widget-base.js&/o/frontend-js-web/aui/widget-htmlparser/widget-htmlparser.js&/o/frontend-js-web/aui/widget-skin/widget-skin.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

295503e00e72cc9e3ce4c2d698550db14041dd59dc2f69e284629cec2b4d0271

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 42989
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "446f2b7e-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo Show response
www.carnet.aon.it/ 273 KB
108 KB 409ms
103ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=js&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/aui/widget-uievents/widget-uievents.js&/o/frontend-js-web/aui/yui-throttle/yui-throttle.js&/o/frontend-js-web/aui/aui-base-core/aui-base-core.js&/o/frontend-js-web/aui/aui-base-lang/aui-base-lang.js&/o/frontend-js-web/aui/aui-classnamemanager/aui-classnamemanager.js&/o/frontend-js-web/aui/aui-component/aui-component.js&/o/frontend-js-web/aui/aui-debounce/aui-debounce.js&/o/frontend-js-web/aui/aui-delayed-task-deprecated/aui-delayed-task-deprecated.js&/o/frontend-js-web/aui/aui-event-base/aui-event-base.js&/o/frontend-js-web/aui/aui-event-input/aui-event-input.js&/o/frontend-js-web/aui/aui-form-validator/aui-form-validator.js&/o/frontend-js-web/aui/aui-node-base/aui-node-base.js&/o/frontend-js-web/aui/aui-node-html5/aui-node-html5.js&/o/frontend-js-web/aui/aui-selector/aui-selector.js&/o/frontend-js-web/aui/aui-timer/aui-timer.js&/o/frontend-js-web/liferay/dependency.js&/o/frontend-js-web/liferay/dom_task_runner.js&/o/frontend-js-web/liferay/events.js&/o/frontend-js-web/liferay/language.js&/o/frontend-js-web/liferay/lazy_load.js&/o/frontend-js-web/liferay/liferay.js&/o/frontend-js-web/liferay/util.js&/o/frontend-js-web/liferay/global.bundle.js&/o/frontend-js-web/liferay/portal.js&/o/frontend-js-web/liferay/portlet.js&/o/frontend-js-web/liferay/workflow.js&/o/frontend-js-web/liferay/address.js&/o/frontend-js-web/liferay/form.js&/o/frontend-js-web/liferay/form_placeholders.js&/o/frontend-js-web/liferay/icon.js&/o/frontend-js-web/liferay/menu.js&/o/frontend-js-web/liferay/notice.js&/o/frontend-js-web/liferay/poller.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

c2963965166b35602ee2aad22b93fdd03ed266923e28a5f1b1c9bde144e5e2d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
content-length: 106877
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "9e992e68-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=98
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 config.js Show response
www.carnet.aon.it/o/frontend-js-web/loader/ 799 B
4 KB 399ms
67ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/frontend-js-web/loader/config.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

969ab328c9474f7fadd4b80001f129e06d2a629e91cb3346db325b565e549879

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 507
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 21 Oct 2021 19:41:02 GMT
Server: Apache
ETag: "289c8aa2-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=98
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 loader.3.js Show response
www.carnet.aon.it/o/frontend-js-web/loader/ 120 KB
43 KB 494ms
94ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/frontend-js-web/loader/loader.3.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

56fad50dad5e249375f1ab7c0724774b4ed32d637ed897e434723cc5573b7015

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 40557
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Thu, 21 Oct 2021 19:41:02 GMT
Server: Apache
ETag: "4044c969-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=97
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 js_bundle_config Show response
www.carnet.aon.it/o/ 35 KB
11 KB 499ms
82ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/js_bundle_config?t=1718496870439

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

3c79dafdb77f5889618d5a73c485fd542e37d35f2582582d3fa773d284cbf7c7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 7768
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Sun, 16 Jun 2024 00:14:30 GMT
Server: Apache
ETag: "d7544394-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=99
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo Show response
www.carnet.aon.it/ 5 KB
6 KB 504ms
86ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=&themeId=Theme_AON_WAR_AONtheme&languageId=it_IT&b=7110&com_liferay_staging_bar_web_portlet_StagingBarPortlet:%2Fjs%2Fstaging.js&com_liferay_staging_bar_web_portlet_StagingBarPortlet:%2Fjs%2Fstaging_branch.js&com_liferay_staging_bar_web_portlet_StagingBarPortlet:%2Fjs%2Fstaging_version.js&t=1715608594000

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

ddcad3728d1931774fa6deeb1d1d8b118f5a22b352cbf908c14d0a2b6e5bb21b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 2162
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 13 May 2024 13:56:34 GMT
Server: Apache
ETag: "293f2f70-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=79
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 main.css
www.carnet.aon.it/o/AON-theme/css/ 203 KB
60 KB 222ms
96ms Stylesheet
text/css 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

e8750ed1b723f9d844edec2f24b1b2a6db8e20f971fdf6c2bd6d7da688fecafa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 58091
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 13 May 2024 13:56:34 GMT
Server: Apache
ETag: "ef2dc4a3-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/css;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=82
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo
www.carnet.aon.it/ 22 KB
9 KB 209ms
81ms Stylesheet
text/css 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=css&languageId=it_IT&b=7110&t=1710856590162&/o/product-navigation-simulation-theme-contributor/css/simulation_panel.css&/o/product-navigation-product-menu-theme-contributor/product_navigation_product_menu.css&/o/product-navigation-control-menu-theme-contributor/product_navigation_control_menu.css

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

89a95837e913a3e05d1cd361d5821195999b021b59b381da29dea5e8f56568b3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 5850
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:30 GMT
Server: Apache
ETag: "4ee2299-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/css;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=100
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 combo Show response
www.carnet.aon.it/ 763 B
4 KB 495ms
68ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo?browserId=other&minifierType=js&languageId=it_IT&b=7110&t=1710856590162&/o/product-navigation-control-menu-theme-contributor/product_navigation_control_menu.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

5caefbb5b5f102fa061bec87248080cc36b15677830fb40c32d1da0507e0295e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 428
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:30 GMT
Server: Apache
ETag: "8d7e37f3-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=96
Expires: Sat, 24 Jun 2034 16:50:32 +0000

GET
H/1.1 200
200 layout_set_logo
www.carnet.aon.it/image/ 1 KB
5 KB 69ms
69ms Image
image/png 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carnet.aon.it/image/layout_set_logo?img_id=11296665&t=1719102769015

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

dcdc1ce6c2896fce043fb81ffd079730c1e5886b553226f552f02eaad8291ccf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 1127
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Wed, 03 Mar 2021 15:53:01 GMT
Server: Apache
ETag: "6ce3e986"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=78
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 main.js Show response
www.carnet.aon.it/o/AON-theme/js/ 138 B
4 KB 72ms
71ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/main.js?browserId=other&minifierType=js&languageId=it_IT&b=7110&t=1715608594000

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

23a75923ec587c4834deda57d4e8f2ad253a3c03eaf23e0929536e54a87b3fbf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 111
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 13 May 2024 13:56:34 GMT
Server: Apache
ETag: "85c69ee2-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=77
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 swiper.js Show response
www.carnet.aon.it/o/AON-theme/js/ 236 KB
63 KB 116ms
115ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/swiper.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

18f127ce3dedb79044526a40c139d4bb5b713caf430ec31238a0ddb489de6711

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 60554
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:51:12 GMT
Server: Apache
ETag: "7bf7173-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=97
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 extra.js Show response
www.carnet.aon.it/o/AON-theme/js/ 4 KB
5 KB 68ms
67ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/extra.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

85440cf13c5fd4ac92e3c3f2909bbdb5bb8f8d7d2d4e266fbf362476de24a2fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 1527
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 11 Sep 2023 11:17:52 GMT
Server: Apache
ETag: "2b665589-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=76
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 app.js Show response
www.carnet.aon.it/o/AON-theme/js/ 10 KB
7 KB 70ms
69ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/app.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

9e6e029d58b473be1f89514958b1393935507ffa5d2167ca5ada1775229211aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 3577
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:51:12 GMT
Server: Apache
ETag: "1b72408c-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=95
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 jquery-ui.js Show response
www.carnet.aon.it/o/AON-theme/js/ 552 KB
129 KB 170ms
170ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/jquery-ui.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

740b42f9df56d506de3371125ba4011fe8685f8160a7e28d1f4e3970c1ba887a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
content-length: 128121
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 07 May 2024 07:11:58 GMT
Server: Apache
ETag: "4fe48f2b-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=98
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 jquery.validate.1.16.0.min.js Show response
www.carnet.aon.it/o/AON-theme/js/ 23 KB
14 KB 64ms
64ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/jquery.validate.1.16.0.min.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

5b34a9b93c0b0d470c6c0b2c3136771bd736e2f96f3c557a97da058e204d2fc9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 10544
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:51:12 GMT
Server: Apache
ETag: "7587a363-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=94
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 jquery.fittext.aon.js Show response
www.carnet.aon.it/o/AON-theme/js/ 886 B
4 KB 70ms
70ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/js/jquery.fittext.aon.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

9c3e0751534e00ad7e58219dd0a2ac02d94dc70d5e019ac83a25e3da2bb393e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 623
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:51:12 GMT
Server: Apache
ETag: "f0e392bd-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=93
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H2 200 55e28d76-2f38-4b6b-a303-0f143d46756b.json Show response
cdn.cookielaw.org/consent/55e28d76-2f38-4b6b-a303-0f143d46756b/ 11 KB
3 KB 209ms
114ms XHR
application/x-javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/55e28d76-2f38-4b6b-a303-0f143d46756b/55e28d76-2f38-4b6b-a303-0f143d46756b.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c587e07e741b2f15e1f14c9bf076888ef2d0199377cee6cfa449a5d5c1fa3c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: vJ6oc+JZc2XuAMLITjDiSA==
content-length: 2514
x-ms-lease-status: unlocked
last-modified: Tue, 19 Dec 2023 16:52:06 GMT
server: cloudflare
etag: 0x8DC00B2D5B046B8
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9d7b93c1-501e-001f-0677-c7489a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb26b18b5794c-PMO
expires: Thu, 27 Jun 2024 16:50:32 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 67 B
306 B 153ms
59ms XHR
application/json 104.18.32.137
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e087627b0a3f163baafcc45636fd6e4b889cc47cf6a801725daeff3de69906cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
accept: application/json
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 26 Jun 2024 16:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 899eb26c6fd474da-PMO
access-control-allow-headers: Content-Type

GET
H/1.1 200
200 layout_set_logo
www.carnet.aon.it/image/ 1 KB
5 KB 70ms
70ms Image
image/png 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carnet.aon.it/image/layout_set_logo?img_id=11296665&t=1719102769015

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

dcdc1ce6c2896fce043fb81ffd079730c1e5886b553226f552f02eaad8291ccf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 1127
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Wed, 03 Mar 2021 15:53:01 GMT
Server: Apache
ETag: "6ce3e986"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=96
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 / Show response
www.carnet.aon.it/combo/ 5 KB
6 KB 75ms
69ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/aui/event-touch/event-touch-min.js&/o/frontend-js-web/aui/event-move/event-move-min.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/combo?browserId=other&minifierType=js&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/jquery/jquery.js&/o/frontend-js-web/clay/popper.js&/o/frontend-js-web/clay/bootstrap.js&/o/frontend-js-web/aui/aui/aui.js&/o/frontend-js-web/aui/aui-base-html5-shiv/aui-base-html5-shiv.js&/o/frontend-js-web/liferay/browser_selectors.js&/o/frontend-js-web/liferay/modules.js&/o/frontend-js-web/liferay/aui_sandbox.js&/o/frontend-js-web/clay/collapsible-search.js&/o/frontend-js-web/clay/side-navigation.js&/o/frontend-js-web/jquery/fm.js&/o/frontend-js-web/jquery/form.js&/o/frontend-js-web/misc/svg4everybody.js&/o/frontend-js-web/aui/arraylist-add/arraylist-add.js&/o/frontend-js-web/aui/arraylist-filter/arraylist-filter.js&/o/frontend-js-web/aui/arraylist/arraylist.js&/o/frontend-js-web/aui/array-extras/array-extras.js&/o/frontend-js-web/aui/array-invoke/array-invoke.js&/o/frontend-js-web/aui/attribute-base/attribute-base.js&/o/frontend-js-web/aui/attribute-complex/attribute-complex.js&/o/frontend-js-web/aui/attribute-core/attribute-core.js&/o/frontend-js-web/aui/attribute-observable/attribute-observable.js&/o/frontend-js-web/aui/attribute-extras/attribute-extras.js&/o/frontend-js-web/aui/base-base/base-base.js&/o/frontend-js-web/aui/base-pluginhost/base-pluginhost.js&/o/frontend-js-web/aui/classnamemanager/classnamemanager.js&/o/frontend-js-web/aui/datatype-xml-format/datatype-xml-format.js&/o/frontend-js-web/aui/datatype-xml-parse/datatype-xml-parse.js&/o/frontend-js-web/aui/dom-base/dom-base.js&/o/frontend-js-web/aui/dom-core/dom-core.js&/o/frontend-js-web/aui/dom-screen/dom-screen.js&/o/frontend-js-web/aui/dom-style/dom-style.js&/o/frontend-js-web/aui/event-base/event-base.js&/o/frontend-js-web/aui/event-custom-base/event-custom-base.js&/o/frontend-js-web/aui/event-custom-complex/event-custom-complex.js&/o/frontend-js-web/aui/event-delegate/event-delegate.js&/o/frontend-js-web/aui/event-focus/event-focus.js&/o/frontend-js-web/aui/event-hover/event-hover.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

80dd5f25e24a55242790b3a316601845cd1a6a49cc8a86b3c484dfb8112495d1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 2691
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "d7ac1832-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=72
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 / Show response
www.carnet.aon.it/combo/ 64 KB
20 KB 75ms
75ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/coreNamed.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/core.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/array/array.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/async/async.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/disposable/Disposable.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/object/object.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/string/string.js&/o/js/resolved-module/frontend-js-metal-web$metal@2.16.8/lib/metal.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/events/events.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/sync/sync.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/domData.js&/o/js/resolved-module/frontend-js-metal-web$metal-events@2.16.8/lib/EventHandle.js&/o/js/resolved-module/frontend-js-metal-web$metal-events@2.16.8/lib/EventEmitter.js&/o/js/resolved-module/frontend-js-metal-web$metal-events@2.16.8/lib/EventEmitterProxy.js&/o/js/resolved-module/frontend-js-metal-web$metal-events@2.16.8/lib/EventHandler.js&/o/js/resolved-module/frontend-js-metal-web$metal-events@2.16.8/lib/events.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/DomDelegatedEventHandle.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/DomEventHandle.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/domNamed.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/dom.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/DomEventEmitterProxy.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/features.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/globalEval.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/frontend-js-web/loader/loader.3.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

3032601fde3e4c707f26d70df55d5a9508bc6ff7e3da0f172ec6c32284548a89

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 17359
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "8ca26b03-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=71
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 / Show response
www.carnet.aon.it/combo/ 85 KB
32 KB 107ms
106ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/globalEvalStyles.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/events.js&/o/js/resolved-module/frontend-js-metal-web$metal-dom@2.16.8/lib/all/dom.js&/o/js/resolved-module/frontend-js-metal-web$metal-state@2.16.8/lib/validators.js&/o/js/resolved-module/frontend-js-metal-web$metal-state@2.16.8/lib/Config.js&/o/js/resolved-module/frontend-js-metal-web$metal-state@2.16.8/lib/State.js&/o/js/resolved-module/frontend-js-metal-web$metal-state@2.16.8/lib/all/state.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/ComponentDataManager.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/ComponentRenderer.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/Component.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/ComponentRegistry.js&/o/js/resolved-module/frontend-js-metal-web$metal-component@2.16.8/lib/all/component.js&/o/js/resolved-module/frontend-taglib-clay$clay-component@2.22.4/lib/ClayComponent.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/html/HTMLParser.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/html/unescape.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/html/HTML2IncDom.js&/o/js/resolved-module/frontend-js-metal-web$incremental-dom@0.5.1/dist/incremental-dom-cjs.js&/o/js/resolved-module/frontend-js-metal-web$incremental-dom-string@0.0.3/lib/incremental-dom-string.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/incremental-dom.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/data.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/changes.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/frontend-js-web/loader/loader.3.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

b2a1ae91eb8a04c548fcf21a9996baee53ea2c2b5350b6a913f3a6b77c364ae2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 29203
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "3ca80e30-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=91
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 / Show response
www.carnet.aon.it/combo/ 112 KB
39 KB 88ms
88ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/callArgs.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/incremental-dom-aop.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/children/children.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/render/attributes.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/cleanup/unused.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/render/render.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/render/patch.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/IncrementalDomRenderer.js&/o/js/resolved-module/frontend-js-metal-web$metal-incremental-dom@2.16.8/lib/all/incremental-dom.js&/o/js/resolved-module/frontend-js-metal-web$metal-soy-bundle@2.16.8/lib/bundle.js&/o/js/resolved-module/frontend-js-metal-web$metal-soy@2.16.8/lib/SoyAop.js&/o/js/resolved-module/frontend-js-metal-web$metal-soy@2.16.8/lib/Soy.js&/o/js/resolved-module/frontend-js-metal-web$metal-position@2.1.2/lib/Geometry.js&/o/js/resolved-module/frontend-js-metal-web$metal-position@2.1.2/lib/Position.js&/o/js/resolved-module/frontend-js-metal-web$metal-position@2.1.2/lib/Align.js&/o/js/resolved-module/frontend-js-metal-web$metal-position@2.1.2/lib/all/position.js&/o/js/resolved-module/frontend-taglib-clay$clay-tooltip@2.22.4/lib/ClayTooltip.soy.js&/o/js/resolved-module/frontend-taglib-clay$clay-tooltip@2.22.4/lib/ClayTooltip.js&/o/js/resolved-module/frontend-taglib-clay@1.4.18/bridge/clay-tooltip/src/ClayTooltip.js

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/frontend-js-web/loader/loader.3.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

26132502b6c99c6dbe550d18afc0b27c3da5156b45f2881afb910f26b13c98e6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 36708
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "a0cf85a-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=95
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 AON.ttf
www.carnet.aon.it/o/AON-theme/fonts/iconFont/ 5 KB
9 KB 99ms
68ms Font
font/ttf 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/fonts/iconFont/AON.ttf?1nn1ff

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

3c319f7e4f39dd49882d3d994abc7320beb418d0480162725dcb7b370ac01a81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000
Origin: https://www.carnet.aon.it
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 5232
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:46:48 GMT
Server: Apache
ETag: W/"5232-1659340008000"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: font/ttf
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=92

GET
H/1.1 200
200 Prelo-ExtraLight.otf
www.carnet.aon.it/o/AON-theme/fonts/font/PreloSlab/ 60 KB
63 KB 101ms
70ms Font
font/otf 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/fonts/font/PreloSlab/Prelo-ExtraLight.otf

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

8e7f0fb3dc00ccc9bea388d292bfff108c19ac0bf9406711efb1648f1c395a63

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000
Origin: https://www.carnet.aon.it
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 61428
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:46:48 GMT
Server: Apache
ETag: W/"61428-1659340008000"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: font/otf
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=75

GET
H/1.1 200
200 Prelo-Bold.otf
www.carnet.aon.it/o/AON-theme/fonts/font/PreloSlab/ 61 KB
65 KB 102ms
63ms Font
font/otf 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/fonts/font/PreloSlab/Prelo-Bold.otf

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

e644ab1aba0906bb79004d3a666f33dd0f23258369cab24498b65461c28f598d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000
Origin: https://www.carnet.aon.it
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 62852
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:46:48 GMT
Server: Apache
ETag: W/"62852-1659340008000"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: font/otf
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=74

GET
H/1.1 200
200 Prelo-Medium.otf
www.carnet.aon.it/o/AON-theme/fonts/font/PreloSlab/ 60 KB
64 KB 144ms
75ms Font
font/otf 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/fonts/font/PreloSlab/Prelo-Medium.otf

Requested by

Host: www.carnet.aon.it
URL: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

548ebd775bd52096ff18bc5184211ec28a5420022f0ce52739def04df18d7768

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/o/AON-theme/css/main.css?browserId=other&themeId=Theme_AON_WAR_AONtheme&minifierType=css&languageId=it_IT&b=7110&t=1715608594000
Origin: https://www.carnet.aon.it
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 61888
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 01 Aug 2022 07:46:48 GMT
Server: Apache
ETag: W/"61888-1659340008000"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: font/otf
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=73

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/ 429 KB
104 KB 59ms
56ms Script
application/javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68a8ca1ebf10a53e893706799708e1f5978ad07ca9e2ae7c2fb22da7d09891a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: XKJEbi7L7XNGND1Y8WkfuQ==
age: 960
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106388
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 08:59:21 GMT
server: cloudflare
etag: 0x8DC3E84E17FBCBF
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c55fcc1c-e01e-0018-7908-7ce6e4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb26d08b67951-PMO

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/55e28d76-2f38-4b6b-a303-0f143d46756b/79f956e5-b642-47d3-98dd-8478679d6a55/ 45 KB
13 KB 109ms
108ms Fetch
application/x-javascript 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/55e28d76-2f38-4b6b-a303-0f143d46756b/79f956e5-b642-47d3-98dd-8478679d6a55/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d771a974bb534321a9e77551db60ee117d7f8fe1c11534b1236003e08c540be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: ZAe651R/yv1aC8IXpimqkQ==
content-length: 12684
x-ms-lease-status: unlocked
last-modified: Tue, 19 Dec 2023 16:52:29 GMT
server: cloudflare
etag: 0x8DC00B2E30AC1A4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7fa4a8e9-701e-0047-7c8c-c74ce1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb26e3c60794c-PMO
expires: Thu, 27 Jun 2024 16:50:33 GMT

GET
H/1.1 200
200 /
www.carnet.aon.it/combo/ 774 B
4 KB 68ms
68ms Stylesheet
text/css 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/aui/widget-base/assets/skins/sam/widget-base.css&/o/frontend-js-web/aui/widget-stack/assets/skins/sam/widget-stack.css&/o/frontend-js-web/aui/aui-tooltip-base/assets/skins/sam/aui-tooltip-base.css&/o/frontend-js-web/aui/aui-alert/assets/skins/sam/aui-alert.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

1c80204f7c49c991aa8a94267030cdc117ba5aa7fa7f7a96a43e257fa58f1e65

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 408
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "56c9bd37-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/css;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=90
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 available_languages.jsp Show response
www.carnet.aon.it/o/frontend-js-web/liferay/ 415 B
4 KB 70ms
69ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/frontend-js-web/liferay/available_languages.jsp?browserId=other&themeId=Theme_AON_WAR_AONtheme&colorSchemeId=01&minifierType=js&languageId=it_IT&b=7110&t=1719414967035

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

f31f985f5ac0b131fa2209c84439db41e1c6c6e6899f4002bf2c6847c9524207

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 256
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Wed, 26 Jun 2024 15:16:07 GMT
Server: Apache
ETag: "4f8c3a59-gzip"
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=70
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 / Show response
www.carnet.aon.it/combo/ 37 KB
20 KB 72ms
72ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/aui/base-core/base-core-min.js&/o/frontend-js-web/aui/base-observable/base-observable-min.js&/o/frontend-js-web/aui/aui-widget-cssclass/aui-widget-cssclass-min.js&/o/frontend-js-web/aui/aui-widget-toggle/aui-widget-toggle-min.js&/o/frontend-js-web/aui/base-build/base-build-min.js&/o/frontend-js-web/aui/aui-aria/aui-aria-min.js&/o/frontend-js-web/aui/transition/transition-min.js&/o/frontend-js-web/aui/aui-widget-transition/aui-widget-transition-min.js&/o/frontend-js-web/aui/aui-widget-trigger/aui-widget-trigger-min.js&/o/frontend-js-web/aui/widget-position/widget-position-min.js&/o/frontend-js-web/aui/widget-position-align/widget-position-align-min.js&/o/frontend-js-web/aui/widget-stdmod/widget-stdmod-min.js&/o/frontend-js-web/aui/aui-widget-position-align-suggestion/aui-widget-position-align-suggestion-min.js&/o/frontend-js-web/aui/escape/escape-min.js&/o/frontend-js-web/aui/widget-autohide/widget-autohide-min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

bc4603a311d58f04eaa91d77466c2b97a79745b63b9c2c13c4e36cdfc426b384

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 17122
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "91fef112-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=94
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H/1.1 200
200 / Show response
www.carnet.aon.it/combo/ 40 KB
21 KB 85ms
85ms Script
text/javascript 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/combo/?browserId=other&minifierType=&languageId=it_IT&b=7110&t=1710856579526&/o/frontend-js-web/aui/widget-position-constrain/widget-position-constrain-min.js&/o/frontend-js-web/aui/widget-stack/widget-stack-min.js&/o/frontend-js-web/aui/aui-tooltip-base/aui-tooltip-base-min.js&/o/frontend-js-web/aui/aui-tooltip-delegate/aui-tooltip-delegate-min.js&/o/frontend-js-web/liferay/language.js&/o/frontend-js-web/aui/querystring-stringify/querystring-stringify-min.js&/o/frontend-js-web/aui/aui-io-request/aui-io-request-min.js&/o/frontend-js-web/aui/cookie/cookie-min.js&/o/frontend-js-web/aui/timers/timers-min.js&/o/frontend-js-web/aui/aui-alert/aui-alert-min.js&/o/frontend-js-web/liferay/node.js&/o/frontend-js-web/liferay/portlet_base.js&/o/frontend-js-web/liferay/alert.js&/o/frontend-js-web/liferay/notification.js&/o/frontend-js-web/liferay/session.js&/o/frontend-js-web/aui/querystring-parse/querystring-parse-min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

83c77605ce05e32dab2cc739a4231b61a3e5c4c2f84167c02ecfbc59e0743026

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Content-Encoding: gzip
Connection: Keep-Alive
Content-Length: 17635
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 19 Mar 2024 13:56:19 GMT
Server: Apache
ETag: "8a58c499-gzip"
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=89
Expires: Sat, 24 Jun 2034 16:50:33 +0000

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/ 13 KB
3 KB 107ms
106ms Fetch
application/json 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BTZbeL2C0rgC8oY0plS4zQ==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3017
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 08:59:13 GMT
server: cloudflare
etag: 0x8DC3E84DCC0509D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 277603c0-b01e-009d-5677-c7e9ca000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb26f1d72794c-PMO

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/v2/ 63 KB
13 KB 117ms
117ms Fetch
application/json 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bc6a125d698416498cdf5ef60cd959aef01db95a6e3e0d74a95f9b6d3d78feb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: rNgKP70KBmVzwZWxaMOeUw==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13588
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 08:59:16 GMT
server: cloudflare
etag: 0x8DC3E84DE43D101
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 06468b4c-b01e-0037-2f77-c73f25000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb26f1d74794c-PMO

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202312.1.0/assets/ 21 KB
4 KB 110ms
109ms Fetch
text/css 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202312.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 08:59:25 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: a2f03e75-f01e-007f-1377-c70db8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 899eb26f1d75794c-PMO

GET
H/1.1 200
200 favicon_aon.ico
www.carnet.aon.it/o/AON-theme/images/ 15 KB
19 KB 60ms
60ms Other
image/x-icon 213.156.48.83
FASTWEB

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carnet.aon.it/o/AON-theme/images/favicon_aon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.156.48.83 Lodi, Italy, ASN12874 (FASTWEB, IT),

Reverse DNS

213-156-48-83.ip.fastwebnet.it

Software

Apache /

Resource Hash

31f4382165347d3bbe2470c4fa4c785ded47c3f00eae1f94443ccf75bfaec280

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 26 Jun 2024 16:50:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://*.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://*.firebaseio.com; connect-src 'self' wss://*.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://*.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Connection: Keep-Alive
Content-Length: 15406
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 17 Jan 2023 13:04:54 GMT
Server: Apache
ETag: "66fdf33"
X-Frame-Options: sameorigin
Report-To: {"group":"csp-group","max_age":63072000,"endpoints":[{"url":https://www.aongate.it/rpt/csp}],"include_subdomains":true}
Content-Type: image/x-icon
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=5, max=88
Expires: Sat, 24 Jun 2034 16:50:33 +0000, Sat, 24 Jun 2034 16:50:33 +0000

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 57ms
57ms Image
image/svg+xml 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 71823
x-ms-lease-status: unlocked
last-modified: Tue, 25 Jun 2024 02:35:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 90c37d8f-101e-0090-1caf-c606c6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 899eb26fec5c7951-PMO

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
488 B 106ms
106ms Fetch
image/svg+xml 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202312.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
x-ms-lease-status: unlocked
last-modified: Wed, 26 Jun 2024 02:35:08 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: d4702ceb-d01e-0101-2d77-c7d422000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 899eb26ffee6794c-PMO

GET
H2 200 aon_logo_signature_red_rgb.png
cdn.cookielaw.org/logos/3f996699-ab81-49df-b284-e640e5fe59d5/c8acab65-fb9f-4127-aac7-6867bd482c6a/2185d97a-9d51-4ce1-81d3-2eb52b72ab70/ 14 KB
14 KB 60ms
59ms Image
image/png 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/3f996699-ab81-49df-b284-e640e5fe59d5/c8acab65-fb9f-4127-aac7-6867bd482c6a/2185d97a-9d51-4ce1-81d3-2eb52b72ab70/aon_logo_signature_red_rgb.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04aeb0ef3d0aac08d5ec07db8dc76db96eb5fddac66edddbaa4ab7494b88ba87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: /qnTnxY4JW68h85eWo7GKA==
age: 2476
content-length: 14058
x-ms-lease-status: unlocked
last-modified: Fri, 16 Jun 2023 12:47:16 GMT
server: cloudflare
etag: 0x8DB6E67D0C0166F
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 0a21aedd-201e-004a-5ab2-129a0c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 899eb2700c8f7951-PMO

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 58ms
58ms Image
image/svg+xml 104.19.177.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.carnet.aon.it/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 26 Jun 2024 16:50:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 6306
x-ms-lease-status: unlocked
last-modified: Tue, 25 Jun 2024 02:35:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 7db24059-e01e-000d-0d32-c77c86000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 899eb2700c927951-PMO

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.carnet.aon.it/	1969-12-31 23:59:59	Name: JSESSIONID Value: F7B8D2866D13610AD0F3534604E2BDFE.worker1
www.carnet.aon.it/	1970-01-21 06:22:36	Name: COOKIE_SUPPORT Value: true
www.carnet.aon.it/	1970-01-21 06:22:36	Name: GUEST_LANGUAGE_ID Value: it_IT
www.carnet.aon.it/	1969-12-31 23:59:59	Name: NSC_Wjq_PofBggjojuz_iuuqt_443 Value: ffffffff0978205a45525d5f4f58455e445a4a42378b
www.carnet.aon.it/	1970-01-21 06:22:36	Name: cookiesession1 Value: 678B287099F8E3F163F0EC5976EC13B3
www.carnet.aon.it/	1969-12-31 23:59:59	Name: LFR_SESSION_STATE_20161 Value: 1719420633492

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://www.carnet.aon.it/ Message: [DOM] Found 2 elements with non-unique id #_com_liferay_login_web_portlet_LoginPortlet_doActionAfterLogin: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	warning	URL: https://www.carnet.aon.it/ Message: [DOM] Found 3 elements with non-unique id #_com_liferay_login_web_portlet_LoginPortlet_formDate: (More info: https://goo.gl/9p2vKq) %o %o %o
recommendation	warning	URL: https://www.carnet.aon.it/ Message: [DOM] Found 2 elements with non-unique id #_com_liferay_login_web_portlet_LoginPortlet_password: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://www.carnet.aon.it/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'unsafe-eval' 'unsafe-inline' https://bot.heres.ai https://td.doubleclick.net https://.firebaseio.com https://cdn.landbot.io https://messages.landbot.io https://securetoken.googleapis.com https://storage.googleapis.com https://geolocation.onetrust.com https://in.hotjar.com https://script.hotjar.com https://www.google.it https://vars.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net http://www.w3.org/2000/svg https://privacyportal-de.onetrust.com https://chat.aon.it https://fonts.gstatic.com https://fonts.googleapis.com/ widgets-core.min.js https://cdn.alloyui.com http://www.google-analytics.com http://www.googletagmanager.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://www.google.com https://www.gstatic.com https://privacyportalde-cdn.onetrust.com https://www.google-analytics.com https://www.google.nl https://tag.upflowadv.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://aon-privacy.my.onetrust.com https://cdn.cookielaw.org https://widget.hereschat.it/stable/heres.js https://config.hereschat.it/oneaffinity/config.json https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://oneaffinity.client.hereschat.it/ https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://raw.githubusercontent.com/SamHerbert/SVG-Loaders/master/svg-loaders/oval.svg https://storage.googleapis.com https://.firebaseio.com; connect-src 'self' wss://.firebaseio.com https://www.google-analytics.com/j/collect https://widget.heres.ai/configs/config-oneaffinity.json https://hive.oneaffinity-uat.heresbot.it https://pagead2.googlesyndication.com https://securetoken.googleapis.com https://hive.oneaffinity.heresbot.it wss://hive.oneaffinity.heresbot.it https://welcome.landbot.io https://privacyportal-de.onetrust.com https://privacyportalde-cdn.onetrust.com https://geolocation.onetrust.com https://aon-privacy.my.onetrust.com https://www.googleapis.com https://cdn.cookielaw.org https://storage.googleapis.com https://messages.landbot.io https://region1.google-analytics.com https://config.hereschat.it; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://widgetv2.heres.ai https://.firebaseio.com/ https://googleads.g.doubleclick.net https://static.landbot.io https://privacyportalde-cdn.onetrust.com https://www.gstatic.com https://www.google.com https://cdn.landbot.io https://tag.upflowadv.com https://cdn.cookielaw.org https://www.googletagmanager.com https://widget.hereschat.it; form-action 'self' https://login.fondazionecni.org https://pagamenti.unicredit.it; style-src-elem * 'unsafe-inline' 'self' blob: data:; img-src * 'self' data: https;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
geolocation.onetrust.com
www.carnet.aon.it
104.18.32.137
104.19.177.52
213.156.48.83
022e2f39deba7f332eabe69b27b31d98d4d5f2535116745957a691d1b1ec4cc5
04aeb0ef3d0aac08d5ec07db8dc76db96eb5fddac66edddbaa4ab7494b88ba87
18f127ce3dedb79044526a40c139d4bb5b713caf430ec31238a0ddb489de6711
1c80204f7c49c991aa8a94267030cdc117ba5aa7fa7f7a96a43e257fa58f1e65
1f16d151c74005c1fb966aa794f1e008757cf5944721b19ece0c8d2d7906c27b
23a75923ec587c4834deda57d4e8f2ad253a3c03eaf23e0929536e54a87b3fbf
26132502b6c99c6dbe550d18afc0b27c3da5156b45f2881afb910f26b13c98e6
295503e00e72cc9e3ce4c2d698550db14041dd59dc2f69e284629cec2b4d0271
2bc6a125d698416498cdf5ef60cd959aef01db95a6e3e0d74a95f9b6d3d78feb
3032601fde3e4c707f26d70df55d5a9508bc6ff7e3da0f172ec6c32284548a89
31f4382165347d3bbe2470c4fa4c785ded47c3f00eae1f94443ccf75bfaec280
3c319f7e4f39dd49882d3d994abc7320beb418d0480162725dcb7b370ac01a81
3c79dafdb77f5889618d5a73c485fd542e37d35f2582582d3fa773d284cbf7c7
49a2985d884294bdc192be4ae1b6e2abe7edcbc911fae042ea4d701c1b0ac093
4d771a974bb534321a9e77551db60ee117d7f8fe1c11534b1236003e08c540be
548ebd775bd52096ff18bc5184211ec28a5420022f0ce52739def04df18d7768
56fad50dad5e249375f1ab7c0724774b4ed32d637ed897e434723cc5573b7015
5b34a9b93c0b0d470c6c0b2c3136771bd736e2f96f3c557a97da058e204d2fc9
5c587e07e741b2f15e1f14c9bf076888ef2d0199377cee6cfa449a5d5c1fa3c7
5caefbb5b5f102fa061bec87248080cc36b15677830fb40c32d1da0507e0295e
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
68a8ca1ebf10a53e893706799708e1f5978ad07ca9e2ae7c2fb22da7d09891a3
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
740b42f9df56d506de3371125ba4011fe8685f8160a7e28d1f4e3970c1ba887a
7b3b06fbd007449d7d901159b87f96c0bef83ce67f23b80f06dedd6503b92419
80dd5f25e24a55242790b3a316601845cd1a6a49cc8a86b3c484dfb8112495d1
81795dd856c4f83b4839360fbf87e1439a0212e8e14f6a4b7ef8edefb8301cb9
83c77605ce05e32dab2cc739a4231b61a3e5c4c2f84167c02ecfbc59e0743026
85440cf13c5fd4ac92e3c3f2909bbdb5bb8f8d7d2d4e266fbf362476de24a2fe
89a95837e913a3e05d1cd361d5821195999b021b59b381da29dea5e8f56568b3
8e7f0fb3dc00ccc9bea388d292bfff108c19ac0bf9406711efb1648f1c395a63
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
94e6d6668d3c6c5dbc2e03bf37af2c28ec3683a68228c1e22b029783c27cb26e
969ab328c9474f7fadd4b80001f129e06d2a629e91cb3346db325b565e549879
9c3e0751534e00ad7e58219dd0a2ac02d94dc70d5e019ac83a25e3da2bb393e4
9e6e029d58b473be1f89514958b1393935507ffa5d2167ca5ada1775229211aa
b2a1ae91eb8a04c548fcf21a9996baee53ea2c2b5350b6a913f3a6b77c364ae2
bc4603a311d58f04eaa91d77466c2b97a79745b63b9c2c13c4e36cdfc426b384
c2963965166b35602ee2aad22b93fdd03ed266923e28a5f1b1c9bde144e5e2d5
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d47240e31be2ad55a762b437c25acef4bdcd22a5cd9620abc418bba08a3c4a19
dcdc1ce6c2896fce043fb81ffd079730c1e5886b553226f552f02eaad8291ccf
ddcad3728d1931774fa6deeb1d1d8b118f5a22b352cbf908c14d0a2b6e5bb21b
e087627b0a3f163baafcc45636fd6e4b889cc47cf6a801725daeff3de69906cf
e113865df621f8559f4868e3893d4f9e3d499d28a4e495f2d65f69635bc264b4
e644ab1aba0906bb79004d3a666f33dd0f23258369cab24498b65461c28f598d
e72838b890ddb64c68b72d9c9530c122de5850ba072d9e16342e3b132d229e73
e8750ed1b723f9d844edec2f24b1b2a6db8e20f971fdf6c2bd6d7da688fecafa
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
f1793efad94a2b1d087579b6b0692fa9a07015493a9b444586c9aa91b5c84482
f31f985f5ac0b131fa2209c84439db41e1c6c6e6899f4002bf2c6847c9524207

www.carnet.aon.it Open in urlscan Pro 213.156.48.83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1582 kBTransfer

5759 kBSize

6 Cookies

3 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.carnet.aon.it Open in urlscan Pro
213.156.48.83 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1582 kB
Transfer

5759 kB
Size

6
Cookies

52 HTTP transactions
0 data transactions