connect.werally.com Open in urlscan Pro
149.126.77.254 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://connect.werally.com/
Effective URL:
https://connect.werally.com/
Submission: On January 20 via api (January 20th 2024, 2:13:52 am UTC) from US — Scanned from DE

Summary HTTP 64 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 18 IPs in 4 countries across 16 domains to perform 64 HTTP transactions. The main IP is 149.126.77.254, located in Frankfurt am Main, Germany and belongs to INCAPSULA, US. The main domain is connect.werally.com. The Cisco Umbrella rank of the primary domain is 141265.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 28th 2023. Valid for: a year.

This is the only time connect.werally.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	149.126.77.254 149.126.77.254	19551 (INCAPSULA) (INCAPSULA)
1	2001:4860:480... 2001:4860:4802:32::15	15169 (GOOGLE) (GOOGLE)
1	2600:9000:249... 2600:9000:2491:b400:13:f7f9:9540:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.120.21.7 34.120.21.7	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:223... 2600:9000:223c:8c00:1d:be51:5240:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:1f18:24e... 2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0	14618 (AMAZON-AES) (AMAZON-AES)
3	2a02:26f0:350... 2a02:26f0:3500:587::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2600:1f18:24e... 2600:1f18:24e6:b900:19f6:bc8f:374:9e55	14618 (AMAZON-AES) (AMAZON-AES)
4	54.74.57.193 54.74.57.193	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1 1	52.19.115.173 52.19.115.173	16509 (AMAZON-02) (AMAZON-02)
1	66.235.152.221 66.235.152.221	16509 (AMAZON-02) (AMAZON-02)
6	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 1	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	63.140.62.164 63.140.62.164	15224 (OMNITURE) (OMNITURE)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	69.169.86.38 69.169.86.38	29838 (AMC) (AMC)
64	18

26 149.126.77.254 (Frankfurt am Main, Germany)

ASN19551 (INCAPSULA, US)
PTR: 149.126.77.254.ip.incapdns.net

connect.werally.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
accounts.werally.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::15 (United States)

ASN15169 (GOOGLE, US)

content.zeronaught.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2491:b400:13:f7f9:9540:93a1 (United States)

ASN16509 (AMAZON-02, US)

lagoon-psx.uhc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.21.7 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 7.21.120.34.bc.googleusercontent.com

us.gimp.zeronaught.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:8c00:1d:be51:5240:93a1 (United States)

ASN16509 (AMAZON-02, US)

maelstrom-dmz.uhc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

session-replay.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:24e6:b900:19f6:bc8f:374:9e55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

rum.browser-intake-datadoghq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.74.57.193 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-57-193.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
unitedhealthgroup.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.115.173 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-115-173.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.221 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-66-235-152-221.data.adobedc.net

unitedhealthgroup.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.2 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.164 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-164.data.adobedc.net

smetrics.optum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.169.86.38 (Commack, United States)

ASN29838 (AMC, US)

global.ib-ibi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	werally.com connect.werally.com — Cisco Umbrella Rank: 141265 accounts.werally.com — Cisco Umbrella Rank: 72703	2 MB
6	qualtrics.com zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com — Cisco Umbrella Rank: 30680 siteintercept.qualtrics.com — Cisco Umbrella Rank: 911	70 KB
5	browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com — Cisco Umbrella Rank: 7586 rum.browser-intake-datadoghq.com — Cisco Umbrella Rank: 1960	2 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 239 unitedhealthgroup.demdex.net — Cisco Umbrella Rank: 18521	6 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	217 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 460	169 KB
3	zeronaught.com content.zeronaught.com — Cisco Umbrella Rank: 56953 us.gimp.zeronaught.com — Cisco Umbrella Rank: 13424	59 KB
2	google.com www.google.com — Cisco Umbrella Rank: 2	563 B
2	uhc.com lagoon-psx.uhc.com — Cisco Umbrella Rank: 139161 maelstrom-dmz.uhc.com — Cisco Umbrella Rank: 30143	140 KB
1	ib-ibi.com global.ib-ibi.com — Cisco Umbrella Rank: 2008	72 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	149 B
1	optum.com smetrics.optum.com — Cisco Umbrella Rank: 17286	372 B
1	omtrdc.net unitedhealthgroup.tt.omtrdc.net — Cisco Umbrella Rank: 18453	852 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1278	517 B
0	google.de Failed www.google.de Failed
64	16

	Domain	Requested by
23	connect.werally.com	connect.werally.com
5	siteintercept.qualtrics.com	zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com connect.werally.com siteintercept.qualtrics.com
3	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com
3	dpm.demdex.net	connect.werally.com
3	rum.browser-intake-datadoghq.com	connect.werally.com
3	assets.adobedtm.com	connect.werally.com assets.adobedtm.com
3	accounts.werally.com	connect.werally.com accounts.werally.com
2	www.google.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	session-replay.browser-intake-datadoghq.com	connect.werally.com
2	us.gimp.zeronaught.com	connect.werally.com
1	global.ib-ibi.com
1	match.adsrvr.org
1	smetrics.optum.com
1	cm.g.doubleclick.net	1 redirects
1	zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com	connect.werally.com
1	unitedhealthgroup.tt.omtrdc.net	connect.werally.com
1	cm.everesttech.net	1 redirects
1	unitedhealthgroup.demdex.net	assets.adobedtm.com
1	maelstrom-dmz.uhc.com	connect.werally.com
1	lagoon-psx.uhc.com	connect.werally.com
1	content.zeronaught.com	connect.werally.com
0	www.google.de Failed
64	23

This site contains links to these domains. Also see Links.

Domain
www.uhc.com
myuhc.com
www.myuhc.com
www.rallyhealth.com
myoptum.optum.com

Subject Issuer	Validity	Valid
*.werally.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-28` - `2024-07-28`	a year	crt.sh
content.zeronaught.com GTS CA 1D4	`2024-01-15` - `2024-04-14`	3 months	crt.sh
findcare.uhc.com COMODO RSA Organization Validation Secure Server CA	`2023-09-04` - `2024-09-03`	a year	crt.sh
*.gimp.zeronaught.com Entrust Certification Authority - L1K	`2023-08-31` - `2024-09-30`	a year	crt.sh
maelstrom-dmz.optum.com COMODO RSA Organization Validation Secure Server CA	`2023-08-12` - `2024-08-11`	a year	crt.sh
*.browser-intake-datadoghq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-17` - `2024-06-18`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
*.qualtrics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-27` - `2024-03-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
smetrics.optum.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-22` - `2024-04-21`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.ib-ibi.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-21` - `2024-04-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://connect.werally.com/
Frame ID: DC0E6FC7C519F6EADA25C023F67109EF
Requests: 61 HTTP requests in this frame

Frame: https://unitedhealthgroup.demdex.net/dest5.html?d_nsid=0
Frame ID: 9CAC4E7B8A3E03B2F9D17023B197CE80
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log In | Find Care

Page URL History Show full URLs

http://connect.werally.com/ HTTP 307
https://connect.werally.com/ Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Page Statistics

64
Requests

91 %
HTTPS

47 %
IPv6

16
Domains

23
Subdomains

18
IPs

4
Countries

2897 kB
Transfer

11611 kB
Size

24
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.uhc.com/legal/legal-entities
Title: Legal Entities

Search URL Search Domain Scan URL

URL: https://www.uhc.com/legal/provider
Title: Provider Data Information

Search URL Search Domain Scan URL

URL: https://myuhc.com/
Title: myuhc.com

Search URL Search Domain Scan URL

URL: http://www.myuhc.com/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.rallyhealth.com/
Title: About Rally

Search URL Search Domain Scan URL

URL: https://myoptum.optum.com/content/optum-dashboard/en/footer/uhc/terms.html
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://myoptum.optum.com/content/optum-dashboard/en/footer/uhc/privacy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://connect.werally.com/ HTTP 307
https://connect.werally.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://cm.everesttech.net/cm/dd?d_uuid=22516785206125053232851403975003811461 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZassXgAAAHisPgOV

Request Chain 48

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MjI1MTY3ODUyMDYxMjUwNTMyMzI4NTE0MDM5NzUwMDM4MTE0NjE= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEF7wU8RQ4YwHpyPeTzgxUmY&google_cver=1?gdpr=0&gdpr_consent=

64 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
connect.werally.com/
Redirect Chain

http://connect.werally.com/
https://connect.werally.com/

28 KB
11 KB

539ms
428ms

Document
text/html

149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

3370cdbc567ce1c33462300d6132042bde3f193b814712dc61e5da9bc5d39848

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com .rally-dev.com .werally.com .werally.in myoptum-stage.akamaized.net .optum.com .liveandworkwell.akamaized.net .prod-laww.akamaized.net .sr-smsc-stg-liveandworkwell.akamaized.net .sr-smsc-stg.liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net .qualtrics.com .doubleclick.net https://.qualtrics.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' .liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com .doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com .uhc.com .myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' .lpsnmedia.net .liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com .doubleclick.net .liveperson.net .lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net .iperceptions.com .zeronaught.com api.mapbox.com events.mapbox.com .doubleclick.net www.google-analytics.com smetrics.optum.com .qualtrics.com .sendbird.com wss://.sendbird.com unitedhealthgroup.tt.omtrdc.net https://.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com .rally-dev.com .werally.com .werally.in .uhc.com .datadoghq.com .optum.com .liveandworkwell.com .sr-smsc-stg-liveandworkwell.akamaized.net .lpsnmedia.net .liveperson.net .msg.liveperson.net wss://.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://.werally.in https://.werally.com https://.rally-dev.com https://.optum.com https://.uhc.com https://.myuhc.com https://.rallyhealth.com https://.iperceptions.com https://.doubleclick.net https://.lpsnmedia.net https://.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=60
content-encoding: gzip
content-security-policy: base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com *.rally-dev.com *.werally.com *.werally.in myoptum-stage.akamaized.net *.optum.com *.liveandworkwell.akamaized.net *.prod-laww.akamaized.net *.sr-smsc-stg-liveandworkwell.akamaized.net *.sr-smsc-stg.liveandworkwell.com *.lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://*.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net *.qualtrics.com *.doubleclick.net https://*.qualtrics.com *.liveandworkwell.com *.lpsnmedia.net *.liveperson.net *.optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' *.liveandworkwell.com *.lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com *.doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://*.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com *.liveandworkwell.com *.lpsnmedia.net *.liveperson.net *.myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com *.uhc.com *.myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' *.lpsnmedia.net *.liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com *.doubleclick.net *.liveperson.net *.lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net *.iperceptions.com *.zeronaught.com api.mapbox.com events.mapbox.com *.doubleclick.net www.google-analytics.com smetrics.optum.com *.qualtrics.com *.sendbird.com wss://*.sendbird.com unitedhealthgroup.tt.omtrdc.net https://*.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com *.rally-dev.com *.werally.com *.werally.in *.uhc.com *.datadoghq.com *.optum.com *.liveandworkwell.com *.sr-smsc-stg-liveandworkwell.akamaized.net *.lpsnmedia.net *.liveperson.net *.msg.liveperson.net wss://*.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://*.werally.in https://*.werally.com https://*.rally-dev.com https://*.optum.com https://*.uhc.com https://*.myuhc.com https://*.rallyhealth.com https://*.iperceptions.com https://*.doubleclick.net https://*.lpsnmedia.net https://*.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
content-type: text/html
date: Sat, 20 Jan 2024 02:13:45 GMT
etag: "65923d06-6fb8"
last-modified: Mon, 01 Jan 2024 04:18:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
x-frame-options: DENY
x-iinfo: 7-52792670-52792672 NNYN CT(96 193 0) RT(1705716824529 42) q(0 0 3 0) r(4 4) U12
x-xss-protection: 1; mode=block

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://connect.werally.com/
Non-Authoritative-Reason: HSTS

GET
H2 200 rally_common.js Show response
connect.werally.com/scripts/ 298 KB
170 KB 410ms
407ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/scripts/rally_common.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

c4187477aeb422193bef634ca7f3137a7c99d583ce950c7ce4d953acbf7e1d35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
x-cdn: Imperva
content-type: application/javascript; charset=UTF-8
x-ion-hop: 1
x-iinfo: 7-52792670-52792693 NNNN CT(86 177 0) RT(1705716824529 577) q(0 0 2 -1) r(3 3) U9
cache-control: no-cache, no-store, must-revalidate
expires: 0

GET
H2 200 main-d148573a.css
connect.werally.com/static/css/ 672 B
487 B 418ms
416ms Stylesheet
text/css 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/css/main-d148573a.css

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

17ae3ae4c56e2cf933fa55219a4cfc50224a98f8bf953e1af98ffcd3f362fb65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-2a0"
content-type: text/css
x-iinfo: 7-52792670-52787353 2VNN RT(1705716824529 569) q(0 1 1 -1) r(4 4)
cache-control: max-age=15778463, public
content-length: 281
expires: Sat, 20 Jul 2024 17:08:08 GMT

GET
H2 200 united-d148573a.css
connect.werally.com/static/css/ 6 KB
2 KB 438ms
436ms Stylesheet
text/css 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/css/united-d148573a.css

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

ae1b7bdead4963d3017a5ef0072d8d64a0829d633a82160ed80ceed535e22b31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-19e0"
content-type: text/css
x-iinfo: 7-52792670-52755371 2VNN RT(1705716824529 573) q(0 0 0 -1) r(3 3)
cache-control: max-age=15778463, public
content-length: 1460
expires: Sat, 20 Jul 2024 17:08:08 GMT

GET
H2 200 main-d148573a.js Show response
connect.werally.com/static/js/ 8 MB
2 MB 438ms
437ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/main-d148573a.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

50a7682a83eef4aed86a50af2e78352a6a73ca8a6bb05a5201d6eb64b97272f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-1c6c2a"
content-type: application/javascript
x-iinfo: 7-52792670-52792628 2VNN RT(1705716824529 575) q(0 0 0 -1) r(3 3)
cache-control: max-age=15778463, public
content-length: 1862698
expires: Sat, 20 Jul 2024 17:08:08 GMT

GET
H2 200 united-d148573a.js Show response
connect.werally.com/static/js/ 3 KB
2 KB 435ms
435ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/united-d148573a.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

8276e1230ccc0efb37cfbf576a27b17c750b31901070dfbd1f8b8fc4b2bc3534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-ced"
content-type: application/javascript
x-iinfo: 7-52792670-52792691 2VNN RT(1705716824529 576) q(0 0 0 -1) r(0 3)
cache-control: max-age=15778463, public
content-length: 1434
expires: Sat, 20 Jul 2024 17:08:08 GMT

GET
H2 200 _Incapsula_Resource Show response
connect.werally.com/ 145 KB
21 KB 46ms
45ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1176048065

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

26d799748824312df646b20ab1a2a4f634f397cb764f24495605d80cf45bf4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 20927
content-type: application/javascript

GET
H2 200 rally_health.js Show response
content.zeronaught.com/js/ 107 KB
59 KB 781ms
603ms Script
application/javascript 2001:4860:4802:32::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://content.zeronaught.com/js/rally_health.js
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: nginx/1.21.5 /
Resource Hash: 3cc71dbee28027aa344d5f5a344266125ad87ceedfe716303072aec89e3d008b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:47 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Wed, 15 Sep 2021 17:32:21 GMT
server: nginx/1.21.5
etag: W/"61422e25-1acfd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
expires: Sat, 20 Jan 2024 03:13:47 GMT

GET
H2 200 en.json Show response
lagoon-psx.uhc.com/prod/en/ 138 KB
139 KB 586ms
467ms Fetch
application/json 2600:9000:2491:b400:13:f7f9:9540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lagoon-psx.uhc.com/prod/en/en.json
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2491:b400:13:f7f9:9540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c5d6a2d7c87da954dd6bf38817189887f0ec2f5fdaf068aa23485ef5722af250

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:48 GMT
x-amz-meta-cache-control: max-age=0,no-cache,no-store,must-revalidate
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
x-amz-version-id: ZKUUxmmpl_uBGfHRYUT0ztD0hMLu1_6u
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 141371
last-modified: Fri, 19 Jan 2024 17:22:11 GMT
server: AmazonS3
etag: "1aee6ff80bd0edc57614c3f010e41cc8"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: P1PMglKd6OZnFuwsGsF5jE1BOKdK0iVVX150VkgholKWcQ5tN-kJZw==

GET
H2 200 huginn Show response
accounts.werally.com/ 553 B
780 B 450ms
421ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.werally.com/huginn

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

5f3e342371d3d479550f5f98d28f75ecbf50d20dc6961d45fce78a2700e73de4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:47 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Thu, 08 Jun 2023 01:55:33 GMT
x-cdn: Imperva
etag: "64813515-229"
content-type: application/javascript
x-iinfo: 7-52792670-52792718 NNYN CT(93 192 0) RT(1705716824529 2210) q(0 0 3 0) r(4 4) U2
cache-control: no-store, max-age=0
x-incap-sess-cookie-hdr: 0VwqOeBsKycLEELBdVWJBlssq2UAAAAAamodbKSj1J+ualT3S0yYkQ==
accept-ranges: bytes

GET
H2 200 _Incapsula_Resource
connect.werally.com/ 1 B
36 B 39ms
39ms Image
text/plain 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://connect.werally.com/_Incapsula_Resource?SWKMTFSR=1&e=0.24519540409086304

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
BLOB 200
OK 10d89144-b953-4fb4-9360-0c32c58f1801
https://connect.werally.com/ 25 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://connect.werally.com/10d89144-b953-4fb4-9360-0c32c58f1801
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 528c2ff0c35d20492e8e8cd79eb0b81f479e5f827f613cf693fc6cd7a4e21033

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length: 25814
Content-Type

GET
BLOB 200
OK eef86c19-8ce5-45c0-84f2-6cfaa29edf29
https://connect.werally.com/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://connect.werally.com/eef86c19-8ce5-45c0-84f2-6cfaa29edf29
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length: 2479
Content-Type: text/javascript

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 huginn-1.7.0.js Show response
accounts.werally.com/huginn/ 11 KB
4 KB 429ms
429ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.werally.com/huginn/huginn-1.7.0.js

Requested by

Host: accounts.werally.com
URL: https://accounts.werally.com/huginn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

6d5181d1bb025f833c37756f4b828fbd8f80239706c317cf934b60c379c5701a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 08 Jun 2023 01:55:33 GMT
x-cdn: Imperva
etag: "64813515-2ad2"
content-type: application/javascript
x-iinfo: 7-52792670-52792628 2VNN RT(1705716824529 2774) q(0 0 0 -1) r(3 3)
cache-control: max-age=1209600, public, must-revalidate
x-incap-sess-cookie-hdr: yb2KOofXNwYLEELBdVWJBlssq2UAAAAAEd/8hhoh8nhyHpufHlvtiQ==
content-length: 3970
expires: Sat, 03 Feb 2024 02:13:47 GMT

GET
H2 200 location Show response
connect.werally.com/rest/geolocation/v1/user/guest/ 206 B
519 B 427ms
427ms XHR
application/json 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/rest/geolocation/v1/user/guest/location

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

77627505ed017c20486b472ed2679efa7157fb0690a7ac5cc82e2d24211df448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Context-Config-PartnerId: uhc
accept-language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-datadog-sampling-priority: 1
Accept: application/json, text/plain, */*
Context-Config-ConsumerSource: connect-web
Referer: https://connect.werally.com/
x-datadog-parent-id: 5866333172204148301
x-datadog-trace-id: 1380906517870473373
Current-Connect-Session-Type: none

Response headers

x-rally-correlationid: NzxjjA6WDmAFcS-csedge
date: Sat, 20 Jan 2024 02:13:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding: gzip
x-cdn: Imperva
vary: Origin
content-type: application/json
x-iinfo: 7-52792670-52792754 NNYN CT(91 185 0) RT(1705716824529 3519) q(0 0 3 -1) r(4 4) U9
cache-control: no-cache
server-timing: geolocation-strict, geolocation-total;dur=9, csedge-streamed, csedge-ttfb;dur=12
x-xss-protection: 1; mode=block

POST
H2 200 rallyhealth Show response
us.gimp.zeronaught.com/__imp_apg__/api/dc/ 2 B
194 B 254ms
155ms XHR
application/json 34.120.21.7
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://us.gimp.zeronaught.com/__imp_apg__/api/dc/rallyhealth?key=AIzaSyBSNSqUBneAZSfuYeWzovo86EyOLTgPuZA
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.21.7 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 7.21.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
x-envoy-decorator-operation: ingress DeviceCategoryPost3
via: 1.1 google
server: envoy
vary: Origin
content-type: application/json
access-control-allow-origin: https://connect.werally.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 400 user Show response
accounts.werally.com/protected/account/v1/ 195 B
874 B 145ms
144ms XHR
application/json 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.werally.com/protected/account/v1/user

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

f46153cb34861a584debfcc291105f474445c46e7b0349540575021565e6402a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
x-permitted-cross-domain-policies: master-only
x-cdn: Imperva
x-iinfo: 7-52792670-52792718 PNYN RT(1705716824529 3967) q(0 0 0 -1) r(2 2) U2
x-xss-protection: 1; mode=block
x-rally-correlationid: 9UwVY9xgcNX1uC-authn
access-control-max-age: 86400
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: https://connect.werally.com
access-control-allow-methods: POST,OPTIONS,GET,PUT
access-control-expose-headers: Content-Type,Set-Cookie,X-Rally-Locale,X-Rally-Correlationid
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-incap-sess-cookie-hdr: iFQ8OaCbyAcLEELBdVWJBlwsq2UAAAAABKmUg0BTrM3kU18VmWj18Q==
access-control-allow-headers: x-datadog-origin,x-datadog-parent-id,x-datadog-sampled,x-datadog-sampling-priority,x-datadog-trace-id,Origin,X-Requested-With,Content-Type,Cookie,Accept,Referer,User-Agent,X-Rally-Correlationid,X-Rally-SortingHat-Env,X-Rally-Auth-Token,XSRF-Token,X-Rally-Locale,Norn-Meta,X-Rally-User-Timezone,x0lgueyvqm-a,x0lgueyvqm-b,x0lgueyvqm-c,x0lgueyvqm-d,x0lgueyvqm-f,x0lgueyvqm-z

POST
H2 200 rallyhealth Show response
us.gimp.zeronaught.com/__imp_apg__/api/dc/ 2 B
54 B 155ms
154ms XHR
application/json 34.120.21.7
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://us.gimp.zeronaught.com/__imp_apg__/api/dc/rallyhealth?key=AIzaSyBSNSqUBneAZSfuYeWzovo86EyOLTgPuZA
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.21.7 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 7.21.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
x-envoy-decorator-operation: ingress DeviceCategoryPost3
via: 1.1 google
server: envoy
vary: Origin
content-type: application/json
access-control-allow-origin: https://connect.werally.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 prod Show response
maelstrom-dmz.uhc.com/app/lagoon/global-provider-cost-experience-web/env/ 2 KB
2 KB 595ms
478ms Fetch
application/json 2600:9000:223c:8c00:1d:be51:5240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://maelstrom-dmz.uhc.com/app/lagoon/global-provider-cost-experience-web/env/prod
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:8c00:1d:be51:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 50bd331eab80095e93645a81ab304dba4c494dbae25ad6545dd368da2176bdf7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
x-amz-meta-cache-control: max-age=0,no-cache,no-store,must-revalidate
content-encoding: gzip
last-modified: Mon, 27 Nov 2023 20:54:40 GMT
server: AmazonS3
via: 1.1 44b457512f742b4e48fc7f0c87d8ed92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/"7c9d1365c1eb25aa3bbc4326a3c27127"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amz-cf-id: ECrjo5_E9k2oNlhD6vARQqn9KqXDp1eRjFrixO5PFsJMzt-dKRRWqg==

POST
H2 202 replay Show response
session-replay.browser-intake-datadoghq.com/api/v2/ 53 B
344 B 665ms
369ms Fetch
application/json 2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Achopshop-ui%2Cversion%3A7.22.5&dd-api-key=pubb9d400b66085801fda89470302d2eeb6&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=fa0bf2b6-a753-4723-bca3-c298ae6139a5

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

78e27f864b591f116bede52a5c41d5563360c6231ef1267337c2b82e7ca54bb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryZkqWTZVNAA1Cgw13

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: fa0bf2b6-a753-4723-bca3-c298ae6139a5

GET
H2 200 83-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 30 KB
10 KB 423ms
423ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/83-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

f211c52e01ad6f01fc89ac5e6cfca59882aa2058330f6af35962c10e2c7099ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-2732"
content-type: application/javascript
x-iinfo: 7-52792670-52791554 2VNN RT(1705716824529 4152) q(0 0 0 -1) r(4 4)
cache-control: max-age=15778463, public
content-length: 10034
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 launch-e6edd8af55ce.min.js Show response
assets.adobedtm.com/512027f42d3c/a42495d21182/ 675 KB
156 KB 137ms
40ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/512027f42d3c/a42495d21182/launch-e6edd8af55ce.min.js
Requested by: Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 95fd31ff48f0f9c99d480c2a50be52ccd3a2a311408cfbd40371c753038bd3cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
last-modified: Wed, 03 Jan 2024 09:03:53 GMT
server: AkamaiNetStorage
etag: "d653e87717d0e2e2470ece8c1d8b6a6d:1704272633.494932"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://connect.werally.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 159198
expires: Sat, 20 Jan 2024 03:13:49 GMT

GET
H2 200 uhc Show response
connect.werally.com/rest/partner/v3/content/ 13 KB
3 KB 431ms
430ms XHR
application/json 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/rest/partner/v3/content/uhc?policyId=&coverageTypes=medical

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

aa60d1373b6ec955a20f32f8dc323b70de10f11745e8d4ff84545c3f3444c96c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Context-Config-PartnerId: uhc
Accept-Language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-datadog-sampling-priority: 1
Accept: application/json, text/plain, */*
Context-Config-ConsumerSource: connect-web
Referer: https://connect.werally.com/partner-login
X-Rally-Locale: en-US
x-datadog-parent-id: 4133066980165880045
x-datadog-trace-id: 4636772236012298711
Current-Connect-Session-Type: none

Response headers

x-rally-correlationid: sjfbXDyaQiww7Z-csedge
date: Sat, 20 Jan 2024 02:13:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
content-encoding: gzip
x-cdn: Imperva
vary: Origin
content-type: application/json
x-iinfo: 7-52792670-52792768 NNYN CT(96 193 0) RT(1705716824529 4157) q(0 0 3 -1) r(4 4) U9
cache-control: no-cache, no-store, must-revalidate
server-timing: partner-strict, partner-total;dur=0, csedge-streamed, csedge-ttfb;dur=3
x-xss-protection: 1; mode=block

GET
H2 200 78-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 33 KB
8 KB 141ms
140ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/78-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

579616edf59dc318dca1ec95f0feeb9229122874a08478bcb0e884645bdc369f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-20c6"
content-type: application/javascript
x-iinfo: 7-52792670-52755371 2VNN RT(1705716824529 4370) q(0 1 1 -1) r(2 2)
cache-control: max-age=15778463, public
content-length: 8390
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 3-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 464 KB
106 KB 141ms
139ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/3-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

098b691e9e36aa474d65dbfaa1e487392ccbc5acfc8d71f16f157da75dabc4b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-1a887"
content-type: application/javascript
x-iinfo: 7-52792670-52792691 2VNN RT(1705716824529 4414) q(0 0 0 -1) r(1 1)
cache-control: max-age=15778463, public
content-length: 108679
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 2-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 74 KB
20 KB 431ms
430ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/2-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

d7b48514e920e866c1890f4a0ca9a1f8d3895d9c7a5979ee524ae07d2def8800

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-4f4e"
content-type: application/javascript
x-iinfo: 7-52792670-52792628 2VNN RT(1705716824529 4416) q(0 0 0 -1) r(4 4)
cache-control: max-age=15778463, public
content-length: 20302
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 66-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 11 KB
4 KB 144ms
143ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/66-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

0b400e0a1d7b30f1a94a1d425c3d2757c8f6b1aaad1ad99e3ca0da195ffc09a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-d9b"
content-type: application/javascript
x-iinfo: 7-52792670-52787353 2VNN RT(1705716824529 4417) q(0 0 0 -1) r(1 1)
cache-control: max-age=15778463, public
content-length: 3483
expires: Sat, 20 Jul 2024 17:08:12 GMT

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
344 B 706ms
252ms Fetch
application/json 2600:1f18:24e6:b900:19f6:bc8f:374:9e55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Achopshop-ui%2Cversion%3A7.22.5&dd-api-key=pubb9d400b66085801fda89470302d2eeb6&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=c6c2d474-d199-415a-971f-dff212b8e817&batch_time=1705716829722

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b900:19f6:bc8f:374:9e55 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

56869391e9a9b0afbeb3de0dc3fc9504edc41e5ce303a11539cc3cabaf044e05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: c6c2d474-d199-415a-971f-dff212b8e817

GET
H2 200 id Show response
dpm.demdex.net/ 974 B
1 KB 206ms
57ms XHR
application/json 54.74.57.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=8E391C8B533058250A490D4D%40AdobeOrg&d_nsid=0&ts=1705716829735

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.74.57.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-74-57-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3a58d026b86c5b9543ac1445efb02bb53b87536f59333bce7c504bd5fd66debf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-2-v054-09a33b2f9.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Sat, 20 Jan 2024 02:13:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: unjiHbmpQbg=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://connect.werally.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 561
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPef068a8d6dd34a43866d9a80cc98baab/ 34 KB
13 KB 40ms
39ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPef068a8d6dd34a43866d9a80cc98baab/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/512027f42d3c/a42495d21182/launch-e6edd8af55ce.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
last-modified: Tue, 12 Sep 2023 05:33:26 GMT
server: AkamaiNetStorage
etag: "208eb534ea01036a4fca64e6715ccf3f:1694496806.451282"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://connect.werally.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12687
expires: Sat, 20 Jan 2024 03:13:49 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 182 KB
66 KB 142ms
54ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8584968

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/512027f42d3c/a42495d21182/launch-e6edd8af55ce.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

99d612005b71316a66562741b3e8d647cc9817bbb0d3d2fef38f4fb590604117

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67577
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 00:07:44 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 20 Jan 2024 02:13:49 GMT

GET
H2 200 RC677313e9249940d589449a826cea5bb3-source.min.js Show response
assets.adobedtm.com/512027f42d3c/a42495d21182/56df3bb623f0/ 577 B
591 B 40ms
39ms Script
application/x-javascript 2a02:26f0:3500:587::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/512027f42d3c/a42495d21182/56df3bb623f0/RC677313e9249940d589449a826cea5bb3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/512027f42d3c/a42495d21182/launch-e6edd8af55ce.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fb772385fff8d33b77ce09aec248858fda70f8e4728e4a2858954fdb0e86fc32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
last-modified: Wed, 03 Jan 2024 09:03:54 GMT
server: AkamaiNetStorage
etag: "6a7479365fbc6625ebafb506234a9d87:1704272634.993372"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://connect.werally.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 331
expires: Sat, 20 Jan 2024 03:13:49 GMT

GET
H2 200 dest5.html Show response
unitedhealthgroup.demdex.net/ Frame 9CAC 7 KB
3 KB 66ms
56ms Document
text/html 54.74.57.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://unitedhealthgroup.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/512027f42d3c/a42495d21182/launch-e6edd8af55ce.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.74.57.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-74-57-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://connect.werally.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 20 Jan 2024 02:13:49 GMT
dcs: dcs-prod-irl1-2-v054-0d41b9f76.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Nov 2023 17:04:14 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: IT/ZlDqESnU=

GET
H2

200

ibs:dpid=411&dpuuid=ZassXgAAAHisPgOV
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=22516785206125053232851403975003811461
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZassXgAAAHisPgOV

42 B
716 B

58ms
58ms

Image
image/gif

54.74.57.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZassXgAAAHisPgOV

Protocol

Server

54.74.57.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-74-57-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-083ffdefc.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: +4J9uKgIRiQ=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZassXgAAAHisPgOV
Date: Sat, 20 Jan 2024 02:13:50 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
unitedhealthgroup.tt.omtrdc.net/rest/v1/ 360 B
852 B 292ms
70ms XHR
application/json 66.235.152.221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://unitedhealthgroup.tt.omtrdc.net/rest/v1/delivery?client=unitedhealthgroup&sessionId=640b40780309493b8aa1304031cda4ac&version=2.10.2

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.221 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-221.data.adobedc.net

Software

jag /

Resource Hash

649c860cb51c50eba726c0fcf8df31b34753ad9b817e4a121b044d8c0e0e37e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://connect.werally.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 3796589f-5fb9-4ead-b8ad-ded20c550481

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
77 KB 61ms
59ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-801669703&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8584968

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

843b240b1d51633991dd2045f30c48553e898f3b1b6dc6380a6544fa1877ceae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78305
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 00:07:44 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 20 Jan 2024 02:13:50 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 207 KB
74 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-801664645&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8584968

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

820b21bc9dffead24f617709423b3e73414324e0e8bbc1db6e9ce43d89eeb5f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75713
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 00:07:44 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 20 Jan 2024 02:13:50 GMT

GET
H2 200 / Show response
zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com/SIE/ 8 KB
4 KB 227ms
43ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0Neqx1dGGrrlV4y

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0a560f46cd4bb48dc684ab663c6cf83e6ff45cd658e0e29120fa625a7c361e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 448930
cf-polished: origSize=9155
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"23c3-3eTqKY0oBcpH+bT7Qt7NS03j+SQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8483ccecae046a74-TXL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

POST
H2 202 replay Show response
session-replay.browser-intake-datadoghq.com/api/v2/ 53 B
343 B 564ms
446ms XHR
application/json 2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://session-replay.browser-intake-datadoghq.com/api/v2/replay?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Axhr%2Cenv%3Aprod%2Cservice%3Achopshop-ui%2Cversion%3A7.22.5&dd-api-key=pubb9d400b66085801fda89470302d2eeb6&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=1340a256-edc7-49dd-9b17-0d084d785d16

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

8565e63d3b2298411c62c5659d6953acb3512f45eb7fe183f07b03122caa1f00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykscqF6q3L98tp4jv

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: 1340a256-edc7-49dd-9b17-0d084d785d16

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/801664645/ 3 KB
2 KB 140ms
52ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/801664645/?random=1705716830121&cv=11&fst=1705716830121&bg=ffffff&guid=ON&async=1&gtm=45be41h0&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&hn=www.googleadservices.com&frm=0&auid=2044282044.1705716830&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-801664645&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

566bbda792c8d786f2fdc0ebacb8ffc2046afedf88c275ad96b091ca1b31df69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1222
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/801669703/ 3 KB
1 KB 135ms
86ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/801669703/?random=1705716830159&cv=11&fst=1705716830159&bg=ffffff&guid=ON&async=1&gtm=45be41h0v886616604&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&hn=www.googleadservices.com&frm=0&auid=2044282044.1705716830&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-801669703&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9f6a35834cabab6321e332b94c19b5433dd70587df3def3f82179b65729c98c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 82-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 4 KB
2 KB 142ms
141ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/82-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

e93408fb55f799353dcdd6cb6d47815857d2e52bcff6ec09db11ec9bbc28ad9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-107a"
content-type: application/javascript
x-iinfo: 7-52792670-52787353 2VNN RT(1705716824529 5033) q(0 0 0 -1) r(1 1)
cache-control: max-age=15778463, public
content-length: 1685
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 116-d148573a.chunk.js Show response
connect.werally.com/static/js/chunks/ 418 B
450 B 141ms
140ms Script
application/javascript 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/js/chunks/116-d148573a.chunk.js

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/js/main-d148573a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

26759d34d5e594fd2a687426cecd03c43b3a9ea714317fb20a9a05d5387add0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:16:00 GMT
x-cdn: Imperva
etag: "658e01b0-1a2"
content-type: application/javascript
x-iinfo: 7-52792670-52792628 2VNN RT(1705716824529 5047) q(0 0 0 -1) r(1 1) U18
cache-control: max-age=15778463, public
content-length: 313
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 logo-e6567e5c.svg
connect.werally.com/static/media/ 7 KB
2 KB 139ms
138ms Image
image/svg+xml 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://connect.werally.com/static/media/logo-e6567e5c.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

a232d397087067853daa9a8df775d85b961dc3e9eb91211bb10e4bfb75c3e597

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:15:59 GMT
x-cdn: Imperva
etag: "658e01af-1ad8"
content-type: image/svg+xml
x-iinfo: 7-52792670-52791554 2VNN RT(1705716824529 5053) q(0 0 0 -1) r(1 1)
cache-control: max-age=15778463, public
content-length: 2342
expires: Sat, 20 Jul 2024 17:08:12 GMT

GET
H2 200 rally_footer-b3841f4d.svg
connect.werally.com/static/media/ 2 KB
3 KB 142ms
142ms Image
image/svg+xml 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://connect.werally.com/static/media/rally_footer-b3841f4d.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

940efd0e484c110b53e2118e1bcdcf8760f04df2d8032416dd63a461fc3e950a

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com .rally-dev.com .werally.com .werally.in myoptum-stage.akamaized.net .optum.com .liveandworkwell.akamaized.net .prod-laww.akamaized.net .sr-smsc-stg-liveandworkwell.akamaized.net .sr-smsc-stg.liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net .qualtrics.com .doubleclick.net https://.qualtrics.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' .liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com .doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com .uhc.com .myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' .lpsnmedia.net .liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com .doubleclick.net .liveperson.net .lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net .iperceptions.com .zeronaught.com api.mapbox.com events.mapbox.com .doubleclick.net www.google-analytics.com smetrics.optum.com .qualtrics.com .sendbird.com wss://.sendbird.com unitedhealthgroup.tt.omtrdc.net https://.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com .rally-dev.com .werally.com .werally.in .uhc.com .datadoghq.com .optum.com .liveandworkwell.com .sr-smsc-stg-liveandworkwell.akamaized.net .lpsnmedia.net .liveperson.net .msg.liveperson.net wss://.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://.werally.in https://.werally.com https://.rally-dev.com https://.optum.com https://.uhc.com https://.myuhc.com https://.rallyhealth.com https://.iperceptions.com https://.doubleclick.net https://.lpsnmedia.net https://.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
content-security-policy: base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com *.rally-dev.com *.werally.com *.werally.in myoptum-stage.akamaized.net *.optum.com *.liveandworkwell.akamaized.net *.prod-laww.akamaized.net *.sr-smsc-stg-liveandworkwell.akamaized.net *.sr-smsc-stg.liveandworkwell.com *.lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://*.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net *.qualtrics.com *.doubleclick.net https://*.qualtrics.com *.liveandworkwell.com *.lpsnmedia.net *.liveperson.net *.optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' *.liveandworkwell.com *.lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com *.doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://*.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com *.liveandworkwell.com *.lpsnmedia.net *.liveperson.net *.myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com *.uhc.com *.myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' *.lpsnmedia.net *.liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com *.doubleclick.net *.liveperson.net *.lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net *.iperceptions.com *.zeronaught.com api.mapbox.com events.mapbox.com *.doubleclick.net www.google-analytics.com smetrics.optum.com *.qualtrics.com *.sendbird.com wss://*.sendbird.com unitedhealthgroup.tt.omtrdc.net https://*.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com *.rally-dev.com *.werally.com *.werally.in *.uhc.com *.datadoghq.com *.optum.com *.liveandworkwell.com *.sr-smsc-stg-liveandworkwell.akamaized.net *.lpsnmedia.net *.liveperson.net *.msg.liveperson.net wss://*.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://*.werally.in https://*.werally.com https://*.rally-dev.com https://*.optum.com https://*.uhc.com https://*.myuhc.com https://*.rallyhealth.com https://*.iperceptions.com https://*.doubleclick.net https://*.lpsnmedia.net https://*.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:15:59 GMT
x-cdn: Imperva
etag: "658e01af-88a"
x-frame-options: DENY
content-type: image/svg+xml
x-iinfo: 7-52792670-52792691 2NYN RT(1705716824529 5056) q(0 0 0 -1) r(1 1)
cache-control: public, max-age=15778463
accept-ranges: bytes
x-xss-protection: 1; mode=block

POST
H2 401 events Show response
connect.werally.com/rest/tracking/v1/ 15 B
292 B 141ms
141ms XHR
text/plain 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/rest/tracking/v1/events

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

b51d0a1178453d5deda9c42db26ff1bac2d43c5e0e23492fb7397cc260d41610

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Context-Config-PartnerId: uhc
Accept-Language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-datadog-sampling-priority: 1
Content-Type: application/json
Accept: application/json, text/plain, */*
Context-Config-ConsumerSource: connect-web
Referer: https://connect.werally.com/partner-login
X-Rally-Locale: en-US
x-datadog-parent-id: 7525629533830476431
x-datadog-trace-id: 1305015314204895780
Current-Connect-Session-Type: none

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-cdn: Imperva
x-iinfo: 7-52792670-52792754 PNYN RT(1705716824529 5100) q(0 0 0 -1) r(1 1) U6
server-timing: cstrack-strict, cstrack-total;dur=0, csedge-streamed, csedge-ttfb;dur=3
x-xss-protection: 1; mode=block
x-rally-correlationid: LTKWjVAaXKERb9-csedge
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
vary: Origin
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://connect.werally.com
access-control-expose-headers: X-Rally-CorrelationId
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-incap-sess-cookie-hdr: 5BExXqoFo2HtC0LBdVWJBl0sq2UAAAAAERJW0Aednshv8GjGjuwYPw==

POST
H2 401 events Show response
connect.werally.com/rest/tracking/v3/ 15 B
318 B 148ms
148ms XHR
text/plain 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/rest/tracking/v3/events

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

b51d0a1178453d5deda9c42db26ff1bac2d43c5e0e23492fb7397cc260d41610

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Context-Config-PartnerId: uhc
Accept-Language: de-DE,de;q=0.9
x-datadog-origin: rum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
x-datadog-sampling-priority: 1
Content-Type: application/json
Accept: application/json, text/plain, */*
Context-Config-ConsumerSource: connect-web
Referer: https://connect.werally.com/partner-login
X-Rally-Locale: en-US
x-datadog-parent-id: 6587976058848105929
x-datadog-trace-id: 7901404988484464339
Current-Connect-Session-Type: none

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-cdn: Imperva
x-iinfo: 7-52792670-52792768 PNYN RT(1705716824529 5107) q(0 0 0 -1) r(1 1) U6
server-timing: cstrack-strict, cstrack-total;dur=1, csedge-streamed, csedge-ttfb;dur=4
x-xss-protection: 1; mode=block
x-rally-correlationid: AAYWRi82KU9smr-csedge
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
vary: Origin
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://connect.werally.com
access-control-expose-headers: X-Rally-CorrelationId
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-incap-sess-cookie-hdr: ALXsZmtGJH3tC0LBdVWJBl0sq2UAAAAAd3UX4U9/qlqvTvGFHbizjA==

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
343 B 130ms
129ms Fetch
application/json 2600:1f18:24e6:b900:19f6:bc8f:374:9e55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Achopshop-ui%2Cversion%3A7.22.5&dd-api-key=pubb9d400b66085801fda89470302d2eeb6&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=d433e990-cac0-4046-b7c1-75518f5f68fc&batch_time=1705716830421

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b900:19f6:bc8f:374:9e55 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

8d243abcd0ad5657bfb109e4b4315cbd3495ea82c7d8225c11fdb5201f14f244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: d433e990-cac0-4046-b7c1-75518f5f68fc

GET
H2

200

ibs:dpid=771&dpuuid=CAESEF7wU8RQ4YwHpyPeTzgxUmY&google_cver=1
dpm.demdex.net/ Frame 9CAC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MjI1MTY3ODUyMDYxMjUwNTMyMzI4NTE0MDM5NzUwMDM4MTE0NjE=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEF7wU8RQ4YwHpyPeTzgxUmY&google_cver=1?gdpr=0&gdpr_consent=

42 B
715 B

58ms
57ms

Image
image/gif

54.74.57.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEF7wU8RQ4YwHpyPeTzgxUmY&google_cver=1?gdpr=0&gdpr_consent=

Protocol

Server

54.74.57.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-74-57-193.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unitedhealthgroup.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-0b71ea9a0.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: j9mT95yqTmE=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEF7wU8RQ4YwHpyPeTzgxUmY&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 12.8285009719db95e12baa.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 73 KB
22 KB 47ms
44ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.8285009719db95e12baa.chunk.js?Q_CLIENTVERSION=1.105.0&Q_CLIENTTYPE=web&Q_BRANDID=connect.werally.com

Requested by

Host: zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com
URL: https://zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0Neqx1dGGrrlV4y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da5e199dab14ebe86bfc678580fae3f235d6e06aed3e5f3598948613e4298730

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 275730
cf-polished: origSize=75119
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 08 Jan 2024 18:18:21 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1256f-18cea4c09c8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8483ccee6f596a74-TXL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/801664645/ 42 B
108 B 140ms
50ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/801664645/?random=1705716830121&cv=11&fst=1705716000000&bg=ffffff&guid=ON&async=1&gtm=45be41h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_QJfLob1fxUwSwEwvpCKpm5oR7Ow8yQ&random=110406598&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/801664645/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/801669703/ 42 B
455 B 137ms
49ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/801669703/?random=1705716830159&cv=11&fst=1705716000000&bg=ffffff&guid=ON&async=1&gtm=45be41h0v886616604&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_OCcNTUTchWydsDfZTSgpj_pblokPwQ&random=3777083137&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET /
www.google.de/pagead/1p-user-list/801669703/ 0
0

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 64 KB
6 KB 84ms
83ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_0Neqx1dGGrrlV4y&Q_CLIENTVERSION=1.105.0&Q_CLIENTTYPE=web

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dba6addce5a223e66d94b9f567c16d61fe3e10798329989154af3d556784dddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://connect.werally.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: 19938a1af12764d9
cf-ray: 8483cceebf906a74-TXL
timing-allow-origin: *

GET
H2 200 s63210977869040
smetrics.optum.com/b/ss/uhguhcmemberstdprod,uhgenterprisecoreprod/1/JS-2.25.0-LDQM/ 43 B
372 B 183ms
53ms Image
image/gif 63.140.62.164
OMNITURE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.optum.com/b/ss/uhguhcmemberstdprod,uhgenterprisecoreprod/1/JS-2.25.0-LDQM/s63210977869040?AQB=1&ndh=1&pf=1&t=20%2F0%2F2024%203%3A13%3A50%206%20-60&sdid=067983CE2B5BA756-076790DB384F73B9&mid=12132794043991882262917143235799527788&aamlh=6&ce=UTF-8&pageName=uhc%3Amyuhc%3Apublic%3Afpc%3Apartnerlogin&g=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&c.&apl=4.0&inList=3.0&getPreviousValue=3.0.1&manageVars=3.0&lowerCaseVars=1.0&pt=3.0&getPercentPageViewed=5.0.2&handlePPVevents=4.0&p_fo=3.0&.c&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=2.25.0%7Eproduction%7E2024-01-03t09%3A01%3A29z&c2=initialpercent%3D%20%7C%20highestpercent%3D&c3=connect.werally.com&v139=pagenavevent&v140=uhc&v141=myuhc&v142=myuhc&v143=website&v145=uhc%3Amyuhc%3Apublic%3Afpc%3Apartnerlogin&v149=1705716830&v150=mozilla%2F5.0%20%28windows%20nt%2010.0%3B%20win64%3B%20x64%29%20applewebkit%2F537.36%20%28khtml%2C%20like%20gecko%29%20chrome%2F120.0.6099.224%20safari%2F537.36&v152=D%3Dmid&v153=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&v154=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&v157=ce%20%7C%20acdl%20-%20all%20pages%20-%20page%20load%20-%20aa%20-%20send%20beacon%28%20specific%20%3A%20fpc%29&v162=not%20logged%20in&v169=guest&v181=public&v182=fpc&v184=uhc%3Amyuhc%3Apublic%3Afpc&v191=member%3Eguest&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=8E391C8B533058250A490D4D%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.164 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-164.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Sun, 21 Jan 2024 02:13:50 GMT
server: jag
etag: 3662999000750620672-4617514341312338771
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 19 Jan 2024 02:13:50 GMT

GET
H2 200 login-a2fb43a4.svg
connect.werally.com/static/media/ 2 KB
3 KB 141ms
141ms Image
image/svg+xml 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://connect.werally.com/static/media/login-a2fb43a4.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

6438504bff067c45eaf09441f9f5daaefd97caff542e57badcced52dce8c06cc

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com .rally-dev.com .werally.com .werally.in myoptum-stage.akamaized.net .optum.com .liveandworkwell.akamaized.net .prod-laww.akamaized.net .sr-smsc-stg-liveandworkwell.akamaized.net .sr-smsc-stg.liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net .qualtrics.com .doubleclick.net https://.qualtrics.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' .liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com .doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com .uhc.com .myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' .lpsnmedia.net .liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com .doubleclick.net .liveperson.net .lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net .iperceptions.com .zeronaught.com api.mapbox.com events.mapbox.com .doubleclick.net www.google-analytics.com smetrics.optum.com .qualtrics.com .sendbird.com wss://.sendbird.com unitedhealthgroup.tt.omtrdc.net https://.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com .rally-dev.com .werally.com .werally.in .uhc.com .datadoghq.com .optum.com .liveandworkwell.com .sr-smsc-stg-liveandworkwell.akamaized.net .lpsnmedia.net .liveperson.net .msg.liveperson.net wss://.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://.werally.in https://.werally.com https://.rally-dev.com https://.optum.com https://.uhc.com https://.myuhc.com https://.rallyhealth.com https://.iperceptions.com https://.doubleclick.net https://.lpsnmedia.net https://.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/partner-login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
content-security-policy: base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com *.rally-dev.com *.werally.com *.werally.in myoptum-stage.akamaized.net *.optum.com *.liveandworkwell.akamaized.net *.prod-laww.akamaized.net *.sr-smsc-stg-liveandworkwell.akamaized.net *.sr-smsc-stg.liveandworkwell.com *.lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://*.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net *.qualtrics.com *.doubleclick.net https://*.qualtrics.com *.liveandworkwell.com *.lpsnmedia.net *.liveperson.net *.optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' *.liveandworkwell.com *.lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com *.doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://*.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com *.liveandworkwell.com *.lpsnmedia.net *.liveperson.net *.myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com *.uhc.com *.myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' *.lpsnmedia.net *.liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com *.doubleclick.net *.liveperson.net *.lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net *.iperceptions.com *.zeronaught.com api.mapbox.com events.mapbox.com *.doubleclick.net www.google-analytics.com smetrics.optum.com *.qualtrics.com *.sendbird.com wss://*.sendbird.com unitedhealthgroup.tt.omtrdc.net https://*.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com *.rally-dev.com *.werally.com *.werally.in *.uhc.com *.datadoghq.com *.optum.com *.liveandworkwell.com *.sr-smsc-stg-liveandworkwell.akamaized.net *.lpsnmedia.net *.liveperson.net *.msg.liveperson.net wss://*.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://*.werally.in https://*.werally.com https://*.rally-dev.com https://*.optum.com https://*.uhc.com https://*.myuhc.com https://*.rallyhealth.com https://*.iperceptions.com https://*.doubleclick.net https://*.lpsnmedia.net https://*.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:15:59 GMT
x-cdn: Imperva
etag: "658e01af-66f"
x-frame-options: DENY
content-type: image/svg+xml
x-iinfo: 7-52792670-52792628 2NYN RT(1705716824529 5249) q(0 0 0 -1) r(1 1)
cache-control: public, max-age=15778463
accept-ranges: bytes
x-xss-protection: 1; mode=block

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 9CAC 70 B
149 B 179ms
57ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=connect.werally.com&ttd_tpi=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unitedhealthgroup.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 UHCSerifHeadline-Semibold-1ba3c397.woff
connect.werally.com/static/media/ 34 KB
35 KB 431ms
430ms Font
font/woff 149.126.77.254
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.werally.com/static/media/UHCSerifHeadline-Semibold-1ba3c397.woff

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/static/css/united-d148573a.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

149.126.77.254 Frankfurt am Main, Germany, ASN19551 (INCAPSULA, US),

Reverse DNS

149.126.77.254.ip.incapdns.net

Software

Resource Hash

56032c4940c60d28fde373f46ffa13481b908a6a3edeecabddad239547755150

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://connect.werally.com/static/css/united-d148573a.css
Origin: https://connect.werally.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 28 Dec 2023 23:15:59 GMT
x-cdn: Imperva
etag: "658e01af-89c8"
content-type: font/woff
x-iinfo: 7-52792670-52792801 2VNN RT(1705716824529 5253) q(0 0 0 -1) r(0 4)
cache-control: max-age=15778463, public
x-incap-sess-cookie-hdr: 6RzrC+G4HmftC0LBdVWJBl4sq2UAAAAAA92bxqUUmEeAKQ+Waq6HrQ==
content-length: 35272
expires: Sat, 20 Jul 2024 17:08:13 GMT

POST
H2 202 rum Show response
rum.browser-intake-datadoghq.com/api/v2/ 53 B
343 B 162ms
162ms Fetch
application/json 2600:1f18:24e6:b900:19f6:bc8f:374:9e55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rum.browser-intake-datadoghq.com/api/v2/rum?ddsource=browser&ddtags=sdk_version%3A4.50.1%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Achopshop-ui%2Cversion%3A7.22.5&dd-api-key=pubb9d400b66085801fda89470302d2eeb6&dd-evp-origin-version=4.50.1&dd-evp-origin=browser&dd-request-id=a4e2a48d-65d9-49b5-8e36-7eb356d1730a&batch_time=1705716830545

Requested by

Host: connect.werally.com
URL: https://connect.werally.com/scripts/rally_common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:24e6:b900:19f6:bc8f:374:9e55 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

8a67f870c3ffdfddbf5581a7cdcff6d6842bb28b011277a0269529fac70553eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://connect.werally.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
accept-encoding: identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type: application/json
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 53
dd-request-id: a4e2a48d-65d9-49b5-8e36-7eb356d1730a

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 101 KB
31 KB 45ms
45ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.105.0&Q_CLIENTTYPE=web&Q_BRANDID=uhgenterprise

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8285009719db95e12baa.chunk.js?Q_CLIENTVERSION=1.105.0&Q_CLIENTTYPE=web&Q_BRANDID=connect.werally.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4dd246d6240a7d156830950a9bbee2121c5e62fdb76dd84d82d838fbf143cc5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 275730
cf-polished: origSize=103878
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 08 Jan 2024 18:18:21 GMT
cf-bgj: minify
server: cloudflare
etag: W/"195c6-18cea4c09c8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8483ccef5ff06a74-TXL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H/1.0 200
OK image.sbix
global.ib-ibi.com/ Frame 9CAC 0
72 B 533ms
116ms Image
text/plain 69.169.86.38
AMC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://global.ib-ibi.com/image.sbix?go=244346&pid=268&xid=22516785206125053232851403975003811461
Protocol: HTTP/1.0
Security: TLS 1.2, RSA, AES_256_CBC
Server: 69.169.86.38 Commack, United States, ASN29838 (AMC, US),
Reverse DNS
Software: BigIP /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://unitedhealthgroup.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Connection: close
Content-Length: 0
Server: BigIP

GET
H2 200 7.38a2f94f151823481abe.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
1 KB 44ms
44ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/7.38a2f94f151823481abe.chunk.js?Q_CLIENTVERSION=1.105.0&Q_CLIENTTYPE=web&Q_BRANDID=uhgenterprise

Requested by

Host: zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com
URL: https://zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0Neqx1dGGrrlV4y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8febfcdd6dafeeab0bc417da34d0a27bcc8d9e89013b8b95a4d6382c68f64a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 275730
cf-polished: origSize=2904
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 08 Jan 2024 18:18:21 GMT
cf-bgj: minify
server: cloudflare
etag: W/"b58-18cea4c09c8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8483ccefe8556a74-TXL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 1.93a2238c66d9bd29c716.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 45ms
45ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.93a2238c66d9bd29c716.chunk.js?Q_CLIENTVERSION=1.105.0&Q_CLIENTTYPE=web&Q_BRANDID=uhgenterprise

Requested by

Host: zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com
URL: https://zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_0Neqx1dGGrrlV4y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30d47629178667286cff7d73e5fd69245f4a642a95b7032075333a5ec4cf729c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://connect.werally.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 02:13:50 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 275730
cf-polished: origSize=29694
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 08 Jan 2024 18:18:21 GMT
cf-bgj: minify
server: cloudflare
etag: W/"73fe-18cea4c09c8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8483ccefe8566a74-TXL
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/801664645/?random=1705716830121&cv=11&fst=1705716000000&bg=ffffff&guid=ON&async=1&gtm=45be41h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_QJfLob1fxUwSwEwvpCKpm5oR7Ow8yQ&random=110406598&rmt_tld=1&ipr=y

Domain: www.google.de
URL: https://www.google.de/pagead/1p-user-list/801669703/?random=1705716830159&cv=11&fst=1705716000000&bg=ffffff&guid=ON&async=1&gtm=45be41h0v886616604&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_OCcNTUTchWydsDfZTSgpj_pblokPwQ&random=3777083137&rmt_tld=1&ipr=y

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
connect.werally.com/	1970-01-20 17:48:58	Name: X-Rally-Canary Value: never
connect.werally.com/	1970-01-21 02:34:03	Name: visid_incap_676033 Value: e16+k+22TxyirvtipuDItVgsq2UAAAAAQUIPAAAAAAB5K5FLtsZUmhXfsIAzKFvQ
connect.werally.com/	1969-12-31 23:59:59	Name: incap_ses_471_676033 Value: h8DrLdwrGlXtC0LBdVWJBlgsq2UAAAAArp7uNQXs4pMt3rm6ycVAdg==
.werally.com/	1970-01-21 03:24:36	Name: xGFajjParSn Value: A0dApSSNAQAASlyaOBxMD0OIhbRASdv8EKns6vMoMybZKWl9xPsfEJH4WUSWAVD_B2mucuKDwH8AAEB3AAAAAA\|1\|0\|b30eecad6d46f62910df7999c273a800c4af2c25
accounts.werally.com/	1970-01-21 02:34:03	Name: visid_incap_676022 Value: +3RYz0DZTTy81MpVTkas31osq2UAAAAAQUIPAAAAAABUhIfZ78unBbgCWPBV/dI0
accounts.werally.com/	1969-12-31 23:59:59	Name: incap_ses_471_676022 Value: w+wMTSs2AR4LEELBdVWJBlssq2UAAAAAtVJmm6tQdJ3KnyAxzkJr5A==
.werally.com/	1969-12-31 23:59:59	Name: xGFajjParSn_dc Value: %7B%7D
connect.werally.com/	1969-12-31 23:59:59	Name: language Value: en
.werally.com/	1969-12-31 23:59:59	Name: x_rally_locale Value: en-US
.werally.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 22:07:48	Name: demdex Value: 22516785206125053232851403975003811461
.werally.com/	1969-12-31 23:59:59	Name: AMCVS_8E391C8B533058250A490D4D%40AdobeOrg Value: 1
.werally.com/	1970-01-20 19:58:12	Name: _gcl_au Value: 1.1.2044282044.1705716830
.everesttech.net/	1970-01-21 02:34:12	Name: everest_g_v2 Value: g_surferid~ZassXgAAAHisPgOV
.werally.com/	1970-01-21 03:24:36	Name: mbox Value: session#640b40780309493b8aa1304031cda4ac#1705718691\|PC#640b40780309493b8aa1304031cda4ac.37_0#1768961631
.dpm.demdex.net/	1970-01-20 22:07:48	Name: dpm Value: 22516785206125053232851403975003811461
.werally.com/	1970-01-21 03:24:36	Name: AMCV_8E391C8B533058250A490D4D%40AdobeOrg Value: 179643557%7CMCIDTS%7C19743%7CMCMID%7C12132794043991882262917143235799527788%7CMCAAMLH-1706321629%7C6%7CMCAAMB-1706321629%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1705724029s%7CNONE%7CMCSYNCSOP%7C411-19750%7CvVersion%7C5.5.0
.werally.com/	1969-12-31 23:59:59	Name: s_ips Value: 1200
.werally.com/	1969-12-31 23:59:59	Name: s_tp Value: 1207
.werally.com/	1969-12-31 23:59:59	Name: s_ppv Value: uhc%253Amyuhc%253Apublic%253Afpc%253Apartnerlogin%2C99%2C99%2C1200%2C1%2C1
.werally.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.doubleclick.net/	1970-01-21 03:10:12	Name: IDE Value: AHWqTUm84tVFNjMEt3mykVoeU3qjnTy0K0J1ZGaL800YvuroPndKQufz44-4FzCSajs
.demdex.net/	1970-01-20 22:07:48	Name: dextp Value: 771-1-1705716830425\|903-1-1705716830538\|285689-1-1705716830641
connect.werally.com/	1970-01-20 17:48:37	Name: _dd_s Value: logs=1&id=f1dde965-7fc9-4e39-860c-8741adb1504f&created=1705716827448&expire=1705717727453&rum=1

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://connect.werally.com/scripts/rally_common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://connect.werally.com/scripts/rally_common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://connect.werally.com/scripts/rally_common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
network	error	URL: https://accounts.werally.com/protected/account/v1/user Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://connect.werally.com/partner-login Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/801664645/?random=1705716830121&cv=11&fst=1705716000000&bg=ffffff&guid=ON&async=1&gtm=45be41h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_QJfLob1fxUwSwEwvpCKpm5oR7Ow8yQ&random=110406598&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src data: blob: 'self' smetrics.optum.com .doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com .uhc.com .myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com".
security	error	URL: https://connect.werally.com/partner-login Message: Refused to load the image 'https://www.google.de/pagead/1p-user-list/801669703/?random=1705716830159&cv=11&fst=1705716000000&bg=ffffff&guid=ON&async=1&gtm=45be41h0v886616604&u_w=1600&u_h=1200&url=https%3A%2F%2Fconnect.werally.com%2Fpartner-login&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_OCcNTUTchWydsDfZTSgpj_pblokPwQ&random=3777083137&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src data: blob: 'self' smetrics.optum.com .doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com .uhc.com .myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com".
network	error	URL: https://connect.werally.com/rest/tracking/v1/events Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://connect.werally.com/rest/tracking/v3/events Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self'; default-src data: 'self'; font-src data: 'self' collect.iperceptions.com fonts.gstatic.com .rally-dev.com .werally.com .werally.in myoptum-stage.akamaized.net .optum.com .liveandworkwell.akamaized.net .prod-laww.akamaized.net .sr-smsc-stg-liveandworkwell.akamaized.net .sr-smsc-stg.liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.werally.com https://.werally.in art.azureedge.net sd.iperceptions.com universal.iperceptions.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com assets.adobedtm.com connect.facebook.net content.zeronaught.com ips-invite.iperceptions.com unitedhealthgroup.tt.omtrdc.net .qualtrics.com .doubleclick.net https://.qualtrics.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .optum.com member.int.uhc.com member.uat.uhc.com member.uhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com cm.everesttech.net www.onelink-edge.com xapis.onelink-edge.com ; style-src 'self' 'unsafe-inline' .liveandworkwell.com .lpsnmedia.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; img-src data: blob: 'self' smetrics.optum.com .doubleclick.net s3.amazonaws.com dpm.demdex.net www.google.com www.google-analytics.com www.googletagmanager.com cm.eversttech.net cm.everesttech.net ips-img.iperceptions.com www.facebook.com rally-non-prod.s3.amazonaws.com rally-prod.s3.amazonaws.com https://.qualtrics.com carevergesurveyicons.s3.amazonaws.com rally-connect-fpc-prod.s3.amazonaws.com .liveandworkwell.com .lpsnmedia.net .liveperson.net .myoptum.com nextportal-dev.s3.amazonaws.com nextportal-prod.s3.amazonaws.com .uhc.com .myuhc.com cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; media-src data: 'self' .lpsnmedia.net .liveperson.net cloudfront.stage.federateddataservices.com cloudfront.federateddataservices.com ; child-src data: blob: myoptum.optum.com www.myoptum.com rallyhealth.com universal.iperceptions.com unitedhealthgroup.demdex.net collect.iperceptions.com .doubleclick.net .liveperson.net .lpsnmedia.net ; connect-src data: 'self' dpm.demdex.net .iperceptions.com .zeronaught.com api.mapbox.com events.mapbox.com .doubleclick.net www.google-analytics.com smetrics.optum.com .qualtrics.com .sendbird.com wss://.sendbird.com unitedhealthgroup.tt.omtrdc.net https://.qualtrics.com rum-http-intake.logs.datadoghq.com browser-http-intake.logs.datadoghq.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com .rally-dev.com .werally.com .werally.in .uhc.com .datadoghq.com .optum.com .liveandworkwell.com .sr-smsc-stg-liveandworkwell.akamaized.net .lpsnmedia.net .liveperson.net .msg.liveperson.net wss://.msg.liveperson.net www.onelink-edge.com xapis.onelink-edge.com ; frame-src https://.werally.in https://.werally.com https://.rally-dev.com https://.optum.com https://.uhc.com https://.myuhc.com https://.rallyhealth.com https://.iperceptions.com https://.doubleclick.net https://.lpsnmedia.net https://.liveperson.net https://unitedhealthgroup.demdex.net https://uhgenterprise.qualtrics.com https://uhg1.co1.qualtrics.com ; object-src data:; frame-ancestors 'self'; report-uri /rest/csp-reporter; report-to /rest/csp-reporter;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.werally.com
assets.adobedtm.com
cm.everesttech.net
cm.g.doubleclick.net
connect.werally.com
content.zeronaught.com
dpm.demdex.net
global.ib-ibi.com
googleads.g.doubleclick.net
lagoon-psx.uhc.com
maelstrom-dmz.uhc.com
match.adsrvr.org
rum.browser-intake-datadoghq.com
session-replay.browser-intake-datadoghq.com
siteintercept.qualtrics.com
smetrics.optum.com
unitedhealthgroup.demdex.net
unitedhealthgroup.tt.omtrdc.net
us.gimp.zeronaught.com
www.google.com
www.google.de
www.googletagmanager.com
zn0neqx1dggrrlv4y-uhgenterprise.siteintercept.qualtrics.com
www.google.de
104.17.208.240
149.126.77.254
172.217.18.2
2001:4860:4802:32::15
2600:1f18:24e6:b900:19f6:bc8f:374:9e55
2600:1f18:24e6:b901:9d88:bfe0:3efa:6ea0
2600:9000:223c:8c00:1d:be51:5240:93a1
2600:9000:2491:b400:13:f7f9:9540:93a1
2a00:1450:4001:80f::2004
2a00:1450:4001:828::2008
2a00:1450:4001:829::2002
2a02:26f0:3500:587::1e80
34.120.21.7
35.71.131.137
52.19.115.173
54.74.57.193
63.140.62.164
66.235.152.221
69.169.86.38
098b691e9e36aa474d65dbfaa1e487392ccbc5acfc8d71f16f157da75dabc4b2
0b400e0a1d7b30f1a94a1d425c3d2757c8f6b1aaad1ad99e3ca0da195ffc09a8
17ae3ae4c56e2cf933fa55219a4cfc50224a98f8bf953e1af98ffcd3f362fb65
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
26759d34d5e594fd2a687426cecd03c43b3a9ea714317fb20a9a05d5387add0d
26d799748824312df646b20ab1a2a4f634f397cb764f24495605d80cf45bf4a3
30d47629178667286cff7d73e5fd69245f4a642a95b7032075333a5ec4cf729c
3370cdbc567ce1c33462300d6132042bde3f193b814712dc61e5da9bc5d39848
3a58d026b86c5b9543ac1445efb02bb53b87536f59333bce7c504bd5fd66debf
3cc71dbee28027aa344d5f5a344266125ad87ceedfe716303072aec89e3d008b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4dd246d6240a7d156830950a9bbee2121c5e62fdb76dd84d82d838fbf143cc5d
50a7682a83eef4aed86a50af2e78352a6a73ca8a6bb05a5201d6eb64b97272f6
50bd331eab80095e93645a81ab304dba4c494dbae25ad6545dd368da2176bdf7
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
528c2ff0c35d20492e8e8cd79eb0b81f479e5f827f613cf693fc6cd7a4e21033
56032c4940c60d28fde373f46ffa13481b908a6a3edeecabddad239547755150
566bbda792c8d786f2fdc0ebacb8ffc2046afedf88c275ad96b091ca1b31df69
56869391e9a9b0afbeb3de0dc3fc9504edc41e5ce303a11539cc3cabaf044e05
579616edf59dc318dca1ec95f0feeb9229122874a08478bcb0e884645bdc369f
5f3e342371d3d479550f5f98d28f75ecbf50d20dc6961d45fce78a2700e73de4
6438504bff067c45eaf09441f9f5daaefd97caff542e57badcced52dce8c06cc
649c860cb51c50eba726c0fcf8df31b34753ad9b817e4a121b044d8c0e0e37e3
6c789117a5f69b39293256e6899288c8317358589e20c6d08278223f948cd2cf
6d5181d1bb025f833c37756f4b828fbd8f80239706c317cf934b60c379c5701a
77627505ed017c20486b472ed2679efa7157fb0690a7ac5cc82e2d24211df448
78e27f864b591f116bede52a5c41d5563360c6231ef1267337c2b82e7ca54bb0
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
820b21bc9dffead24f617709423b3e73414324e0e8bbc1db6e9ce43d89eeb5f9
8276e1230ccc0efb37cfbf576a27b17c750b31901070dfbd1f8b8fc4b2bc3534
843b240b1d51633991dd2045f30c48553e898f3b1b6dc6380a6544fa1877ceae
8565e63d3b2298411c62c5659d6953acb3512f45eb7fe183f07b03122caa1f00
8a67f870c3ffdfddbf5581a7cdcff6d6842bb28b011277a0269529fac70553eb
8d243abcd0ad5657bfb109e4b4315cbd3495ea82c7d8225c11fdb5201f14f244
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8febfcdd6dafeeab0bc417da34d0a27bcc8d9e89013b8b95a4d6382c68f64a2d
940efd0e484c110b53e2118e1bcdcf8760f04df2d8032416dd63a461fc3e950a
95fd31ff48f0f9c99d480c2a50be52ccd3a2a311408cfbd40371c753038bd3cf
99d612005b71316a66562741b3e8d647cc9817bbb0d3d2fef38f4fb590604117
9f6a35834cabab6321e332b94c19b5433dd70587df3def3f82179b65729c98c0
a0a560f46cd4bb48dc684ab663c6cf83e6ff45cd658e0e29120fa625a7c361e8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a232d397087067853daa9a8df775d85b961dc3e9eb91211bb10e4bfb75c3e597
aa60d1373b6ec955a20f32f8dc323b70de10f11745e8d4ff84545c3f3444c96c
ae1b7bdead4963d3017a5ef0072d8d64a0829d633a82160ed80ceed535e22b31
b51d0a1178453d5deda9c42db26ff1bac2d43c5e0e23492fb7397cc260d41610
c4187477aeb422193bef634ca7f3137a7c99d583ce950c7ce4d953acbf7e1d35
c5d6a2d7c87da954dd6bf38817189887f0ec2f5fdaf068aa23485ef5722af250
d7b48514e920e866c1890f4a0ca9a1f8d3895d9c7a5979ee524ae07d2def8800
da5e199dab14ebe86bfc678580fae3f235d6e06aed3e5f3598948613e4298730
dba6addce5a223e66d94b9f567c16d61fe3e10798329989154af3d556784dddc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e93408fb55f799353dcdd6cb6d47815857d2e52bcff6ec09db11ec9bbc28ad9b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f211c52e01ad6f01fc89ac5e6cfca59882aa2058330f6af35962c10e2c7099ed
f46153cb34861a584debfcc291105f474445c46e7b0349540575021565e6402a
fb772385fff8d33b77ce09aec248858fda70f8e4728e4a2858954fdb0e86fc32

connect.werally.com Open in urlscan Pro 149.126.77.254 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

91 %HTTPS

47 %IPv6

16 Domains

23 Subdomains

18 IPs

4 Countries

2897 kBTransfer

11611 kBSize

24 Cookies

7 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

connect.werally.com Open in urlscan Pro
149.126.77.254 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

91 %
HTTPS

47 %
IPv6

16
Domains

23
Subdomains

18
IPs

4
Countries

2897 kB
Transfer

11611 kB
Size

24
Cookies

64 HTTP transactions
1 data transactions