urlscan.io logo urlscan.io
SecurityTrails logo

travelinsurance.bluecross.ca Open in urlscan Pro
13.107.246.67  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://b2c2b.useblue.com/
Effective URL: https://travelinsurance.bluecross.ca/
Submission: On April 18 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 2 countries across 10 domains to perform 50 HTTP transactions. The main IP is 13.107.246.67, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is travelinsurance.bluecross.ca.
TLS certificate: Issued by R3 on April 2nd 2024. Valid for: 3 months.
This is the only time travelinsurance.bluecross.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 2620:1ec:bdf::64 8075 (MICROSOFT...)
3 13.107.246.67 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.6.183.199 14618 (AMAZON-AES)
2 2600:9000:225... 16509 (AMAZON-02)
1 18.66.192.23 16509 (AMAZON-02)
1 13.107.213.45 8075 (MICROSOFT...)
1 2600:1f18:24e... 14618 (AMAZON-AES)
14 2620:1ec:46::64 8075 (MICROSOFT...)
9 2600:1f18:24e... 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
50 12
15    2620:1ec:bdf::64 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
b2c2b.useblue.com
travelquote.on.bluecross.ca
3    13.107.246.67 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
travelinsurance.bluecross.ca
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    52.6.183.199 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-183-199.compute-1.amazonaws.com
chase.hostedpaymentservice.net
2    2600:9000:225b:c000:5:b7cc:d3c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
sdk.privacy-center.org
1    18.66.192.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-23.muc50.r.cloudfront.net
sdk.privacy-center.org
1    13.107.213.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
qc.croixbleue.ca
1    2600:1f18:24e6:b901:cce7:c7d7:c9dc:2ed8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
logs.browser-intake-datadoghq.com
14    2620:1ec:46::64 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
magnolia-edge-api-prod.svc.canassurance.com
client-travel-b2c-edge-api-prod.svc.canassurance.com
9    2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
browser-intake-datadoghq.com
2    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
Domain Requested by
14 travelquote.on.bluecross.ca travelinsurance.bluecross.ca
travelquote.on.bluecross.ca
12 magnolia-edge-api-prod.svc.canassurance.com travelquote.on.bluecross.ca
9 browser-intake-datadoghq.com travelquote.on.bluecross.ca
3 sdk.privacy-center.org travelinsurance.bluecross.ca
sdk.privacy-center.org
3 travelinsurance.bluecross.ca travelinsurance.bluecross.ca
2 client-travel-b2c-edge-api-prod.svc.canassurance.com travelquote.on.bluecross.ca
2 fonts.gstatic.com fonts.googleapis.com
1 www.googletagmanager.com travelinsurance.bluecross.ca
1 logs.browser-intake-datadoghq.com travelquote.on.bluecross.ca
1 qc.croixbleue.ca travelinsurance.bluecross.ca
1 chase.hostedpaymentservice.net travelinsurance.bluecross.ca
1 fonts.googleapis.com travelinsurance.bluecross.ca
1 b2c2b.useblue.com 1 redirects
50 13

This site contains links to these domains. Also see Links.

Domain
qc.bluecross.ca
Subject Issuer Validity Valid
*.travelinsurance.bluecross.ca
R3		 2024-04-02 -
2024-07-01		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
chase.hostedpaymentservice.net
Viking Cloud Domain Validation CA, Level 1		 2023-10-15 -
2024-10-14		 a year crt.sh
*.on.bluecross.ca
R3		 2024-04-13 -
2024-07-12		 3 months crt.sh
*.privacy-center.org
Amazon RSA 2048 M03		 2024-03-10 -
2025-04-07		 a year crt.sh
*.qc.croixbleue.ca
R3		 2024-04-16 -
2024-07-15		 3 months crt.sh
*.browser-intake-datadoghq.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-17 -
2024-06-18		 a year crt.sh
*.svc.canassurance.com
R3		 2024-04-18 -
2024-07-17		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://travelinsurance.bluecross.ca/
Frame ID: F9823AA14BE018A0B3F955CE1516E46A
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Blue Cross Travel Insurance Quote

Page URL History Show full URLs

  1. https://b2c2b.useblue.com/ HTTP 301
    https://travelinsurance.bluecross.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • sdk\.privacy-center\.org/.*/loader\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

50
Requests

100 %
HTTPS

67 %
IPv6

10
Domains

13
Subdomains

12
IPs

2
Countries

1637 kB
Transfer

3795 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://b2c2b.useblue.com/ HTTP 301
    https://travelinsurance.bluecross.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
travelinsurance.bluecross.ca/
Redirect Chain
  • https://b2c2b.useblue.com/
  • https://travelinsurance.bluecross.ca/
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7d19638cf73540624a203c9db0dc35ef6933ec2e16d421491d856952ad5ee802
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html
date
Thu, 18 Apr 2024 20:45:18 GMT
last-modified
Thu, 04 Apr 2024 13:04:04 GMT
strict-transport-security
max-age=31536000;
vary
Accept-Encoding
x-azure-ref
20240418T204518Z-17b6b6476d5bpfzg2s8h58n90w00000001gg000000003um3
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1

Redirect headers

content-length
0
content-type
text/html
date
Thu, 18 Apr 2024 20:45:18 GMT
location
https://travelinsurance.bluecross.ca/
x-azure-ref
20240418T204518Z-17b6b6476d5p2c8n44zpp3mur400000004n000000000kq9t
x-cache
CONFIG_NOCACHE
css2
fonts.googleapis.com/ 		17 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
851699a18b631a7bd68efc99598701293a6065b463fced7b68d8d6d9227bd8e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 18 Apr 2024 20:45:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 18 Apr 2024 20:25:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 18 Apr 2024 20:45:18 GMT
hpfParent.min.js
chase.hostedpaymentservice.net/includes/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chase.hostedpaymentservice.net/includes/hpfParent.min.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.6.183.199 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-6-183-199.compute-1.amazonaws.com
Software
Apache / PHP/7.4.27
Resource Hash
fa82875d597ff3c88a38711a0fa3aa7a6518dd91eabac06c8e1e9b4471bbfcee

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 18 Apr 2024 20:45:19 GMT
content-encoding
gzip
last-modified
Thu, 18 Apr 2024 20:45:19 GMT
server
Apache
x-powered-by
PHP/7.4.27
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires
Thu, 18 Apr 2024 20:45:19 GMT
styles.0920665bcd9dd353.css
travelquote.on.bluecross.ca/ 		633 B
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/styles.0920665bcd9dd353.css
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
659c266d8c541788f662615909f4a3f13451db5644c1539e0a6405c2a9dc0718
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
text/css
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5psq2bttgeey96u400000005t000000000bkd9
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
main.633e4bc6873b85dc.css
travelquote.on.bluecross.ca/ 		92 B
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/main.633e4bc6873b85dc.css
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1cbf2e1261bd3a32b08e208fa106c484212a1a6334029ba5b183a9a5749b7f08
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
26
content-length
92
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
etag
"660d9db6-5c"
x-azure-ref
20240418T204519Z-17b6b6476d5psq2bttgeey96u400000005t000000000bkd8
access-control-allow-methods
GET,OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
browser-detection.js
travelinsurance.bluecross.ca/assets/scripts/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelinsurance.bluecross.ca/assets/scripts/browser-detection.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ef7bff8d127c90fb9ba6e578f2aa7dc3b8965757cd58fb58fc6d2169827b4c5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000;
content-encoding
gzip
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
x-azure-ref
20240418T204518Z-17b6b6476d5bpfzg2s8h58n90w00000001gg000000003umg
x-envoy-upstream-service-time
2
runtime.830bf7a5e0247666.js
travelquote.on.bluecross.ca/ 		4 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
63fb78cfa38eb5088a70c05c140499193db0889d52f4e5f8b90a0a70089154d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
3
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 13:03:24 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8rz
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
polyfills.4c3075b1e30e689b.js
travelquote.on.bluecross.ca/ 		17 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/polyfills.4c3075b1e30e689b.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ef629c2a6debc49530a121c215d96e3ed650b16be9847ad8d8408ce074284250
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
3
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8s3
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
styles.2c86a7f3db00e69e.js
travelquote.on.bluecross.ca/ 		110 B
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/styles.2c86a7f3db00e69e.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2296fd9226bb6a11247114732af86944ab1e37c168631c5d1fef68c1e7724e5f
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
0
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8s2
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
vendor.0461bdbcd3c10ea2.js
travelquote.on.bluecross.ca/ 		1 MB
666 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9c4c4286d7409befe71ca5ad11df49c1730705467dd4ab395f0ecb82ce3560a4
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8s0
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
main.ac6ace150602e11f.js
travelquote.on.bluecross.ca/ 		302 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/main.ac6ace150602e11f.js
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c563ff75d35982d6bc4a3d6feeca2fb4173998d10d053904eb57129937f99586
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
9
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 13:04:04 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8s1
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
loader.js
sdk.privacy-center.org/1580d241-d244-4274-981d-a7f26466701e/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/1580d241-d244-4274-981d-a7f26466701e/loader.js?target_type=notice&target=pq2gDV6b
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:c000:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4291cb95122cbaf29e94a8864dbcee2845afe08f9bc6ab7abc4f0bf89c294a53

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
x-didomi-configs-version
101
x-didomi-remote-config-metadata
multiReg:true;legacyGlobalGdpr:true
content-encoding
br
via
1.1 af1bbc213b3a9ee2f125be77ca3609a0.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
x-amzn-requestid
05c68701-29f0-453d-9346-1ced377d478f
etag
W/"d27f3145685f84165045a25488b6556c"
vary
Accept-Encoding
x-amzn-trace-id
root=1-6621865e-04ca7c3372ebc35629c09c66;parent=72dca2b46cda1c92;sampled=0;lineage=eaae1266:0
content-type
application/javascript; charset=utf-8
x-cache
Miss from cloudfront
cache-control
max-age=7200, public
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
_Ht-SxgwTY1oGWQ6VvCmLSTMJ3OteGzOyBhGTJjk8s_WE5RcnltYSw==
sdk.5e29e52c79d43ac796ca076e1011763fab4870a7.js
sdk.privacy-center.org/sdk/5e29e52c79d43ac796ca076e1011763fab4870a7/modern/ 		339 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/5e29e52c79d43ac796ca076e1011763fab4870a7/modern/sdk.5e29e52c79d43ac796ca076e1011763fab4870a7.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/1580d241-d244-4274-981d-a7f26466701e/loader.js?target_type=notice&target=pq2gDV6b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:c000:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
02594800bda1a17f7b8fcf768e9c7bc35d94d88df4e4f8806025628dbf1464c7

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 12:17:09 GMT
content-encoding
br
via
1.1 af1bbc213b3a9ee2f125be77ca3609a0.cloudfront.net (CloudFront)
last-modified
Thu, 18 Apr 2024 12:16:41 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P1
age
30491
etag
W/"569d2a6137731631becbb1ff266dca4d-1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
lA_P0YQR7K9K5PKr9CCvVj0wAbRs1el6i6xYs91QO0mM9qIecdNOXQ==
ui-gdpr-en-web.5e29e52c79d43ac796ca076e1011763fab4870a7.js
sdk.privacy-center.org/sdk/5e29e52c79d43ac796ca076e1011763fab4870a7/modern/ 		264 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.privacy-center.org/sdk/5e29e52c79d43ac796ca076e1011763fab4870a7/modern/ui-gdpr-en-web.5e29e52c79d43ac796ca076e1011763fab4870a7.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/sdk/5e29e52c79d43ac796ca076e1011763fab4870a7/modern/sdk.5e29e52c79d43ac796ca076e1011763fab4870a7.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.66.192.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-23.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f590b05f7060b6814bf60ac20ea212daba7528047c62526df47c62fad0d496ab

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 12:17:28 GMT
content-encoding
br
via
1.1 a4a80ac7ffee78c042728f52e3f729e0.cloudfront.net (CloudFront)
last-modified
Thu, 18 Apr 2024 12:16:36 GMT
server
AmazonS3
age
30472
x-amz-cf-pop
MUC50-P1
etag
W/"7622882db8dcf8417f19cdf422bd601b-1"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
e1gNYdqcM7ek3VdXrpLuBG4U6goxj4Hm7dAOA5qi6symRDTnWI_QfA==
cb-logo-en-fr.svg
qc.croixbleue.ca/dam/jcr:bf0ef4c8-2c7b-4be7-8d79-303699da3db9/ 		8 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qc.croixbleue.ca/dam/jcr:bf0ef4c8-2c7b-4be7-8d79-303699da3db9/cb-logo-en-fr.svg
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.213.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d0d6d605087c6b87f0848da8b30d0d5ed1b86f08c542e21378d81ecede261f2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
x-xss-protection
0
x-magnolia-registration
Registered
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 13 Sep 2023 18:45:18 GMT
vary
Accept-Encoding
x-azure-ref
20240418T204519Z-17b6b6476d5t9bkzfnxeyrp1yn00000004ng00000001cc82
content-type
image/svg+xml;charset=UTF-8
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
expires
Thu, 18 Apr 2024 20:55:19 GMT
822.ef5f0ebd5d63852b.js
travelquote.on.bluecross.ca/ 		74 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/822.ef5f0ebd5d63852b.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8adb752d60a883a780f8e98fe04498a86439a474dcb3e6f290ecba5ea2dd5357
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8t1
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
687.156b07df08eefe95.js
travelquote.on.bluecross.ca/ 		6 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/687.156b07df08eefe95.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
61b698eb2d713c35e3155b4130220c8528ccc316797c3a7529ae95095185ce8a
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8t2
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
287.a05afd7eef63509d.js
travelquote.on.bluecross.ca/ 		7 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/287.a05afd7eef63509d.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
affb0b8ed24a6d69d828ebb9a5c402d74ddc967565c1e4005106358907f04d12
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8t3
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
10.6bd78ee94c871383.js
travelquote.on.bluecross.ca/ 		472 B
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/10.6bd78ee94c871383.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
02a0d875b89fbb0ad1f012efff8ae1f82a3204e0d759c6fc015afac356f6deb8
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
3
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8tc
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
267.44d8f743a8b78ac7.js
travelquote.on.bluecross.ca/ 		38 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/267.44d8f743a8b78ac7.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d67c8a73ac6429dda5a0071f89080e98e504dae2f8600d42032254f0b0c02eb5
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8td
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
963.748510738092194f.js
travelquote.on.bluecross.ca/ 		38 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/963.748510738092194f.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90121f5b881b3ae1c60e5ab2b6fc94b3657998327ae2fe3d201854c4af3758a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8tp
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
517.12a0883fc98f0772.js
travelquote.on.bluecross.ca/ 		497 B
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://travelquote.on.bluecross.ca/517.12a0883fc98f0772.js
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/runtime.830bf7a5e0247666.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1482a73795481ac202468980d7f72edd1e529caa17f7073d9dc073cb763c9fb8
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
1
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
x-azure-ref
20240418T204519Z-17b6b6476d5stqhf380h8afb0w00000004bg00000000n8tq
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
logs
logs.browser-intake-datadoghq.com/api/v2/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://logs.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7371515a099d7251c967f5fe002f01ba
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/main.ac6ace150602e11f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b901:cce7:c7d7:c9dc:2ed8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers
favicon.ico
travelinsurance.bluecross.ca/assets/images/favicon/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://travelinsurance.bluecross.ca/assets/images/favicon/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44ad36bdad21db83559935d30af8f2db871b16c109dda6e4ca44062c138c2422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:20 GMT
strict-transport-security
max-age=31536000;
last-modified
Wed, 03 Apr 2024 18:19:34 GMT
etag
"660d9db6-3aee"
x-azure-ref
20240418T204520Z-17b6b6476d5bpfzg2s8h58n90w00000001gg000000003upp
access-control-allow-methods
GET,OPTIONS
content-type
image/x-icon
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
2
accept-ranges
bytes
content-length
15086
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		1 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=cbfn/v1/get-site-path/client-travel?lang=en
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f28c993198256b3f3bda98ed6557a5c859742836473c1a65c178ea26496e6e96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
14
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204520Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001da
expires
0
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		410 KB
102 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=delivery/wording/data?lang=en
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2a2e9e7aa0d2abda529fdd55c8409cae91d3c48793f48748ba9e54e920856961
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
522
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204520Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001d8
expires
0
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		35 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=delivery/offers/travel?lang=fr
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b99c74200d2394b4b873b29167c6fc6c918ef27c256ff79834b1cf31bbd5854e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
19
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204520Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001d9
expires
0
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		5 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=delivery/pages/v1/client-travel/vous?lang=en
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90c7e42023cde523f197f5ab644663cd4d7156159a62160da472a21a2148c948
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
21
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204520Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001e0
expires
0
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
344 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=b104095e-1e28-46b2-b1b3-f02c43c3b532
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
0839bbee72f9914d5b9bcbd94952887e1d1bec62d9c61a4a2edbdaa5cc9a70a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
b104095e-1e28-46b2-b1b3-f02c43c3b532
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Axhr%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=03b436c1-7427-4f2b-a4a0-c4c16bf52cfd
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
b61383f9e557423b0b869da8daacfc3285447449c5f53ab70ba89e6edbee5dc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
03b436c1-7427-4f2b-a4a0-c4c16bf52cfd
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		29 KB
18 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=delivery/offers/travel?lang=en
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d311aaa3df83f8afaa8fe6ce8afb6304fc360e9411d5c1992bda0623150592fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
28
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204520Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001e3
expires
0
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=delivery/pages/v1/client-travel?lang=en
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0548afa66d17c084498717d10244e6397e826f2cc09e483c18e8df998bf3614c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
11
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204521Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001e4
expires
0
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
344 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=3d67189d-3569-4b6d-9aa7-6fe3d3f4c687
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
f431e0bf31dba5ba83a1356c989816fb9e397277946fee9b0b8e184f14bfacf0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
3d67189d-3569-4b6d-9aa7-6fe3d3f4c687
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Axhr%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=6e0c1fae-5b41-4cf2-87b4-5c7e1b817f5a
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
79c9b5ee6c445476b931d94af5bc3306457f43f4e798628d8edfa7045a1515d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
6e0c1fae-5b41-4cf2-87b4-5c7e1b817f5a
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		93 B
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=cbfn/v1/language-switcher-link/client-travel/vous?lang=en
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
00f09fb5bf3218a9c7b23f3f9c6b5704ba26ca135ed7ce7d1919e22e22a0cb33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
11
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204521Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001e8
expires
0
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 12 Apr 2024 22:45:56 GMT
x-content-type-options
nosniff
age
511165
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 12 Apr 2025 22:45:56 GMT
find
client-travel-b2c-edge-api-prod.svc.canassurance.com/api/client/travel/ 		286 B
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-travel-b2c-edge-api-prod.svc.canassurance.com/api/client/travel/find?sessionId=44ab818b-f3b6-4d92-bc3f-036d5f594dd4&shouldCreate=true&pageId=you
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2a5ee20212e60a41f4a9011e8787b9384a782db3dfe2fc467f81779397345145
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
87
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204521Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001ef
expires
0
getresource
magnolia-edge-api-prod.svc.canassurance.com/api/ 		13 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getresource?resourcePath=/dam/jcr:1985c682-bcf5-4eb4-94f8-93a6831386f4/blue-cross-shield-blue--95x40.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
dc82b2434904f1fe636b06df54ff6d221c2321cfb099ebf776a9221c5d164fbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
7
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml;charset=UTF-8
x-azure-ref
20240418T204521Z-17b6b6476d5qfn2fb3zcaxphs400000001f000000000m2fu
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
expires
0
getresource
magnolia-edge-api-prod.svc.canassurance.com/api/ 		69 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getresource?resourcePath=/dam/jcr:6084beab-89ac-4977-92c1-da932cb1b06b/canada-bc-jasper-tree-OPTIMISE.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f583026ef08505b48314a8f231565d7f325d8f2563fd9d62db74c121981409eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
21
content-length
71103
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/jpeg;charset=UTF-8
x-azure-ref
20240418T204521Z-17b6b6476d5qfn2fb3zcaxphs400000001f000000000m2fv
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
0
distributor
client-travel-b2c-edge-api-prod.svc.canassurance.com/api/client/travel/ 		314 B
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://client-travel-b2c-edge-api-prod.svc.canassurance.com/api/client/travel/distributor?distributorId=10000&provinceOfResidence=CAN_PQ&sessionId=44ab818b-f3b6-4d92-bc3f-036d5f594dd4
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
945e30063bbb73dbbe0454e08e9688825632d5fd5fb3335e57c826f985cafea6
Security Headers
Name Value
Content-Security-Policy default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:;frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com;connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com;frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:;script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval';style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline';style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
309
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204521Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001en
expires
0
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=2afe0a78-6684-4c67-b813-008ec5264300
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
f5a9d3cd1874d183e068a26c53a9a80153088e7a03fac5dbad43efb955a559b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
2afe0a78-6684-4c67-b813-008ec5264300
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Axhr%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=85e0f15e-25fa-4460-bbb9-0970c589915f
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e1295edd465d8412999ae72706ab69cce15d9b94bb8b116ac9575df4084b4eb5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
85e0f15e-25fa-4460-bbb9-0970c589915f
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		31 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=vitrines/v1/travel/10000-QC?lang=fr&divisionCode=QBC
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
93d91622dfde88c3f3764c120d75185e53c2099fcc9373adcf76c840b5c635ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
22
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204522Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001ex
expires
0
getdata
magnolia-edge-api-prod.svc.canassurance.com/api/ 		24 KB
14 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getdata?magnoliaPath=vitrines/v1/travel/10000-QC?lang=en&divisionCode=QBC
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3894d09e9482798b90765f701c41f62c0f659640546f7d474ac3dd024613550b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
29
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
x-frame-options
DENY
content-type
application/json
access-control-allow-origin
https://travelinsurance.bluecross.ca
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
x-azure-ref
20240418T204522Z-17b6b6476d54vvb9a0w2dc0n58000000047g0000000001f1
expires
0
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Afetch%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=83edc7d9-8dc3-4ce9-9797-92b418ed05f7
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
d92a7a101d1a9eefba4d35c0690f6f3e667d9f60789f117b2f99a952476efa73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
83edc7d9-8dc3-4ce9-9797-92b418ed05f7
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Axhr%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=b84abf6b-02ff-4404-8e99-c7c460894797
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a383201e7392407842c35d66fe4b9518502dbb8121d4d177986db61e0ef4edca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
b84abf6b-02ff-4404-8e99-c7c460894797
logs
browser-intake-datadoghq.com/api/v2/ 		53 B
343 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://browser-intake-datadoghq.com/api/v2/logs?ddsource=browser&ddtags=sdk_version%3A5.9.0%2Capi%3Axhr%2Cenv%3Aprod%2Cservice%3Aclient-travel-frontend-web%2Cversion%3Ano-proxy&dd-api-key=pub7371515a099d7251c967f5fe002f01ba&dd-evp-origin-version=5.9.0&dd-evp-origin=browser&dd-request-id=4b3adcad-fa0b-479b-86a4-0ba7e7ad5c73
Requested by
Host: travelquote.on.bluecross.ca
URL: https://travelquote.on.bluecross.ca/vendor.0461bdbcd3c10ea2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
ce2bc9c4bb179d55d0e367c2a35945c29683ce3828ebb237ad9f08ebd3618048
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
53
dd-request-id
4b3adcad-fa0b-479b-86a4-0ba7e7ad5c73
gtm.js
www.googletagmanager.com/ 		378 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5RQWKXK&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: travelinsurance.bluecross.ca
URL: https://travelinsurance.bluecross.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9ce504f4c9abadb59d67342381ef4fd6a5660b21d545168c1db4f66271361af5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120553
x-xss-protection
0
last-modified
Thu, 18 Apr 2024 18:50:13 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 18 Apr 2024 20:45:22 GMT
getresource
magnolia-edge-api-prod.svc.canassurance.com/api/ 		11 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://magnolia-edge-api-prod.svc.canassurance.com/api/getresource?resourcePath=/dam/jcr:385dac86-ef2c-441c-bd3f-4d0c5a8124da/logo-square-blue-cross-qc-en.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9183c7811eebabb641f6f1843de57f3426107e7bf3663fb45e2840c2aeb50a26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://travelinsurance.bluecross.ca/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 20:45:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy-report-only
report-uri https://csp-report.qc.croixbleue.ca/api/csp-reporter;default-src 'self' blob:;object-src 'none';base-uri 'self';media-src data:;worker-src 'self' blob:;font-src 'self' https://fonts.gstatic.com https://*.hotjar.com data:;img-src 'self' https: data: blob:; frame-ancestors 'self' https://*.canassurance.com https://*.svc.canassurance.com https://document-manager-canassistance-frontend-web-prod.svc.canassurance.com/ https://document-manager-frontend-web-prod.svc.canassurance.com/ https://*.bluecross.ca https://*.croixbleue.ca https://canassistance.lightning.force.com; connect-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://*.croixbleuevoyage.ca https://*.croixbleue.ca https://login.windows.net https://stats.addtoany.com https://ssr.marker.io https://*.browser-intake-datadoghq.com https://api.cac1.pure.cloud https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://*.google.com https://*.google.ca https://chatbot-relance-prod-qna-service.azurewebsites.net https://chatbot-relance-prod-token.azurewebsites.net https://directline.botframework.com wss://directline.botframework.com https://*.privacy-center.org https://*.googlesyndication.com https://fonts.googleapis.com https://bat.bing.com https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.woopra.com https://*.google-analytics.com https://api.marker.io https://*.browser-intake-datadoghq.com https://atlas.microsoft.com https://fonts.gstatic.com; frame-src 'self' https://*.canassurance.com https://*.svc.canassurance.com https://*.canassistance.com https://www.pages08.net https://static.addtoany.com https://www.youtube.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://apps.cac1.pure.cloud https://*.doubleclick.net https://*.googlesyndication.com https://*.hotjar.com https://*.facebook.com https://*.google.com https://app.marker.io https://www.googletagmanager.com https://canassistance.jotform.com https://*.canassistance.jotform.com https//cbq.jotform.com https//*.cbq.jotform.com blob:; script-src 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://*.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://*.canassurance.com https://*.svc.canassurance.com https://*.croixbleue.ca https://*.bluecross.ca https://*.microsoft.com https://*.microsoftonline.com https://*.google.com https://*.google.ca https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.chasepaymentechhostedpay.com https://chase.hostedpaymentservice.net https://www.google-analytics.com/analytics.js https://*.privacy-center.org https://www.google-analytics.com/plugins/ua/ec.js https://apps.cac1.pure.cloud https://static.addtoany.com https://*.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtag/ https://www.googleadservices.com https://*.googlesyndication.com https://*.googleoptimize.com https://*.doubleclick.net https://*.facebook.net https://api.segment.io https://cdn.segment.com https://bat.bing.com https://*.woopra.com https://*.hotjar.com https://*.hotjar.io https://edge.marker.io https://www.sc.pages08.net/lp/static/js/iMAWebCookie.js https://s.yimg.com/wi/ytc.js https://www.googletagmanager.com/debug/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'; style-src-elem 'self' https://*.croixbleue.ca https://*.bluecross.ca https://fonts.googleapis.com https://*.canassurance.com https://*.svc.canassurance.com https://www.googletagmanager.com 'unsafe-inline'
x-cache
CONFIG_NOCACHE
x-envoy-upstream-service-time
7
content-length
10935
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
DENY
content-type
image/png;charset=UTF-8
x-azure-ref
20240418T204522Z-17b6b6476d5qfn2fb3zcaxphs400000001f000000000m2gu
cache-control
max-age:300, private
permissions-policy
microphone=(), camera=()
accept-ranges
bytes
expires
0
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://travelinsurance.bluecross.ca
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 06:19:06 GMT
x-content-type-options
nosniff
age
224776
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35328
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Apr 2025 06:19:06 GMT

Verdicts & Comments Add Verdict or Comment

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| gdprAppliesGlobally function| __tcfapi function| getActiveLang string| lang object| didomiConfig object| didomiRemoteConfig string| didomiCountry undefined| didomiRegion object| didomiGeoRegulations object| webpackChunkDidomi object| Didomi object| didomiOnReady object| didomiEventListeners object| dataLayer object| didomiState object| DidomiSanitizing function| bowser function| checkModuleSupport object| webpackChunk function| clearImmediate function| setImmediate object| DD_LOGS string| __reactRouterVersion object| regeneratorRuntime function| _ object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| __tcfapiBuffer function| gtag

2 Cookies

Domain/Path Name / Value
.bluecross.ca/ Name: didomi_token
Value: eyJ1c2VyX2lkIjoiMThlZjJmNGUtNDNkNi02ZGQ1LThkODYtNWQ1Y2U0NjVmODlkIiwiY3JlYXRlZCI6IjIwMjQtMDQtMThUMjA6NDU6MTkuMjkzWiIsInVwZGF0ZWQiOiIyMDI0LTA0LTE4VDIwOjQ1OjE5LjI5M1oiLCJ2ZXJzaW9uIjpudWxsfQ==
travelinsurance.bluecross.ca/ Name: _dd_s
Value: logs=1&id=ea6e6285-7665-4b62-b6a2-b310be9bd40e&created=1713473120637&expire=1713474020637

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b2c2b.useblue.com
browser-intake-datadoghq.com
chase.hostedpaymentservice.net
client-travel-b2c-edge-api-prod.svc.canassurance.com
fonts.googleapis.com
fonts.gstatic.com
logs.browser-intake-datadoghq.com
magnolia-edge-api-prod.svc.canassurance.com
qc.croixbleue.ca
sdk.privacy-center.org
travelinsurance.bluecross.ca
travelquote.on.bluecross.ca
www.googletagmanager.com
13.107.213.45
13.107.246.67
18.66.192.23
2600:1f18:24e6:b901:cce7:c7d7:c9dc:2ed8
2600:1f18:24e6:b902:2864:f7b4:bcf0:a76b
2600:9000:225b:c000:5:b7cc:d3c0:93a1
2620:1ec:46::64
2620:1ec:bdf::64
2a00:1450:4001:801::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:828::200a
52.6.183.199
00f09fb5bf3218a9c7b23f3f9c6b5704ba26ca135ed7ce7d1919e22e22a0cb33
02594800bda1a17f7b8fcf768e9c7bc35d94d88df4e4f8806025628dbf1464c7
02a0d875b89fbb0ad1f012efff8ae1f82a3204e0d759c6fc015afac356f6deb8
0548afa66d17c084498717d10244e6397e826f2cc09e483c18e8df998bf3614c
0839bbee72f9914d5b9bcbd94952887e1d1bec62d9c61a4a2edbdaa5cc9a70a5
1482a73795481ac202468980d7f72edd1e529caa17f7073d9dc073cb763c9fb8
1cbf2e1261bd3a32b08e208fa106c484212a1a6334029ba5b183a9a5749b7f08
2296fd9226bb6a11247114732af86944ab1e37c168631c5d1fef68c1e7724e5f
2a2e9e7aa0d2abda529fdd55c8409cae91d3c48793f48748ba9e54e920856961
2a5ee20212e60a41f4a9011e8787b9384a782db3dfe2fc467f81779397345145
3894d09e9482798b90765f701c41f62c0f659640546f7d474ac3dd024613550b
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4291cb95122cbaf29e94a8864dbcee2845afe08f9bc6ab7abc4f0bf89c294a53
44ad36bdad21db83559935d30af8f2db871b16c109dda6e4ca44062c138c2422
61b698eb2d713c35e3155b4130220c8528ccc316797c3a7529ae95095185ce8a
63fb78cfa38eb5088a70c05c140499193db0889d52f4e5f8b90a0a70089154d8
659c266d8c541788f662615909f4a3f13451db5644c1539e0a6405c2a9dc0718
79c9b5ee6c445476b931d94af5bc3306457f43f4e798628d8edfa7045a1515d9
7d19638cf73540624a203c9db0dc35ef6933ec2e16d421491d856952ad5ee802
851699a18b631a7bd68efc99598701293a6065b463fced7b68d8d6d9227bd8e7
8adb752d60a883a780f8e98fe04498a86439a474dcb3e6f290ecba5ea2dd5357
90121f5b881b3ae1c60e5ab2b6fc94b3657998327ae2fe3d201854c4af3758a3
90c7e42023cde523f197f5ab644663cd4d7156159a62160da472a21a2148c948
9183c7811eebabb641f6f1843de57f3426107e7bf3663fb45e2840c2aeb50a26
93d91622dfde88c3f3764c120d75185e53c2099fcc9373adcf76c840b5c635ed
945e30063bbb73dbbe0454e08e9688825632d5fd5fb3335e57c826f985cafea6
9c4c4286d7409befe71ca5ad11df49c1730705467dd4ab395f0ecb82ce3560a4
9ce504f4c9abadb59d67342381ef4fd6a5660b21d545168c1db4f66271361af5
a383201e7392407842c35d66fe4b9518502dbb8121d4d177986db61e0ef4edca
adfa45260a1306cb5fefc1f17c1b5e7b61135534a82bf1b8e3d0540af7e07e3b
affb0b8ed24a6d69d828ebb9a5c402d74ddc967565c1e4005106358907f04d12
b61383f9e557423b0b869da8daacfc3285447449c5f53ab70ba89e6edbee5dc2
b99c74200d2394b4b873b29167c6fc6c918ef27c256ff79834b1cf31bbd5854e
c563ff75d35982d6bc4a3d6feeca2fb4173998d10d053904eb57129937f99586
ce2bc9c4bb179d55d0e367c2a35945c29683ce3828ebb237ad9f08ebd3618048
d0d6d605087c6b87f0848da8b30d0d5ed1b86f08c542e21378d81ecede261f2d
d311aaa3df83f8afaa8fe6ce8afb6304fc360e9411d5c1992bda0623150592fb
d67c8a73ac6429dda5a0071f89080e98e504dae2f8600d42032254f0b0c02eb5
d92a7a101d1a9eefba4d35c0690f6f3e667d9f60789f117b2f99a952476efa73
dc82b2434904f1fe636b06df54ff6d221c2321cfb099ebf776a9221c5d164fbf
e1295edd465d8412999ae72706ab69cce15d9b94bb8b116ac9575df4084b4eb5
ef629c2a6debc49530a121c215d96e3ed650b16be9847ad8d8408ce074284250
ef7bff8d127c90fb9ba6e578f2aa7dc3b8965757cd58fb58fc6d2169827b4c5f
f28c993198256b3f3bda98ed6557a5c859742836473c1a65c178ea26496e6e96
f431e0bf31dba5ba83a1356c989816fb9e397277946fee9b0b8e184f14bfacf0
f583026ef08505b48314a8f231565d7f325d8f2563fd9d62db74c121981409eb
f590b05f7060b6814bf60ac20ea212daba7528047c62526df47c62fad0d496ab
f5a9d3cd1874d183e068a26c53a9a80153088e7a03fac5dbad43efb955a559b6
fa82875d597ff3c88a38711a0fa3aa7a6518dd91eabac06c8e1e9b4471bbfcee