www.nationwide.co.uk Open in urlscan Pro
155.131.144.68 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nationwide.co.uk/
Effective URL:
https://www.nationwide.co.uk/
Submission: On January 28 via manual (January 28th 2020, 10:26:11 am UTC) from GB

Summary HTTP 40 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 11 IPs in 7 countries across 8 domains to perform 40 HTTP transactions. The main IP is 155.131.144.68, located in United Kingdom and belongs to Nationwide Building Society, GB. The main domain is www.nationwide.co.uk.
TLS certificate: Issued by DigiCert Global CA G2 on September 10th 2019. Valid for: 2 years.

This is the only time www.nationwide.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	155.131.44.69 155.131.44.69	8698 (Nationwid...) (Nationwide Building Society)
20	155.131.144.68 155.131.144.68	8698 (Nationwid...) (Nationwide Building Society)
1 4	52.30.78.155 52.30.78.155	16509 (AMAZON-02) (AMAZON-02)
1	23.61.220.204 23.61.220.204	16625 (AKAMAI-AS) (AKAMAI-AS)
3	15.188.31.119 15.188.31.119	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	66.117.29.11 66.117.29.11	15224 (OMNITURE) (OMNITURE)
1	18.196.73.164 18.196.73.164	16509 (AMAZON-02) (AMAZON-02)
3	34.248.236.142 34.248.236.142	16509 (AMAZON-02) (AMAZON-02)
1	52.18.60.121 52.18.60.121	16509 (AMAZON-02) (AMAZON-02)
3	51.140.72.164 51.140.72.164	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 5	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
40	11

1 155.131.44.69 (United Kingdom) 1 redirects

ASN8698 (Nationwide Building Society, GB)

nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 155.131.144.68 (United Kingdom)

ASN8698 (Nationwide Building Society, GB)

www.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.30.78.155 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.61.220.204 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-61-220-204.deploy.static.akamaitechnologies.com

cdn.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.188.31.119 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

smetrics.nationwide.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.11 (United States)

ASN15224 (OMNITURE, US)

nationwidebuildingso.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.73.164 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-73-164.eu-central-1.compute.amazonaws.com

cdn.decibelinsight.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.248.236.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-236-142.eu-west-1.compute.amazonaws.com

analytics.analytics-egain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cloud-emea.analytics-egain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.60.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-60-121.eu-west-1.compute.amazonaws.com

nationwide.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.140.72.164 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

nationwide.egain.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.233.201 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	nationwide.co.uk 1 redirects nationwide.co.uk www.nationwide.co.uk smetrics.nationwide.co.uk	616 KB
5	mathtag.com 1 redirects pixel.mathtag.com	4 KB
5	demdex.net 1 redirects dpm.demdex.net nationwide.demdex.net	3 KB
3	egain.cloud nationwide.egain.cloud	15 KB
3	analytics-egain.com analytics.analytics-egain.com cloud-emea.analytics-egain.com	6 KB
2	omtrdc.net cdn.tt.omtrdc.net nationwidebuildingso.tt.omtrdc.net	16 KB
1	decibelinsight.net cdn.decibelinsight.net	63 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
40	8

	Domain	Requested by
20	www.nationwide.co.uk	www.nationwide.co.uk
5	pixel.mathtag.com	1 redirects pixel.mathtag.com
4	dpm.demdex.net	1 redirects www.nationwide.co.uk
3	nationwide.egain.cloud	analytics.analytics-egain.com nationwide.egain.cloud
3	smetrics.nationwide.co.uk	www.nationwide.co.uk
2	analytics.analytics-egain.com	www.nationwide.co.uk analytics.analytics-egain.com
1	cloud-emea.analytics-egain.com	analytics.analytics-egain.com
1	nationwide.demdex.net	www.nationwide.co.uk
1	cdn.decibelinsight.net	www.nationwide.co.uk
1	nationwidebuildingso.tt.omtrdc.net	www.nationwide.co.uk
1	cm.everesttech.net	1 redirects
1	cdn.tt.omtrdc.net	www.nationwide.co.uk
1	nationwide.co.uk	1 redirects
40	13

This site contains links to these domains. Also see Links.

Domain
onlinebanking.nationwide.co.uk
locations.nationwidebranches.co.uk
nationwide.aegon.co.uk
nationwide.landg.com
www.nationwidecommercial.co.uk
nationwidedemo.co.uk
www.nhs.uk
www.nationwide-jobs.co.uk
www.fca.org.uk
twitter.com
www.facebook.com
www.youtube.com
www.linkedin.com
www.medallia.com
www.kantar.com

Subject Issuer	Validity	Valid
nationwide.co.uk DigiCert Global CA G2	`2019-09-10` - `2021-10-17`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-26` - `2020-11-25`	3 years	crt.sh
smetrics.nationwide.co.uk DigiCert Global CA G2	`2019-03-15` - `2021-03-15`	2 years	crt.sh
*.decibelinsight.net RapidSSL TLS RSA CA G1	`2019-12-16` - `2021-02-13`	a year	crt.sh
*.analytics-egain.com Go Daddy Secure Certificate Authority - G2	`2017-09-07` - `2020-09-07`	3 years	crt.sh
*.egain.cloud Go Daddy Secure Certificate Authority - G2	`2019-02-08` - `2021-02-08`	2 years	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2019-01-25` - `2020-04-25`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.nationwide.co.uk/
Frame ID: 40CE59F68DE166B364DAD26929A1774D
Requests: 38 HTTP requests in this frame

Frame: https://analytics.analytics-egain.com/onetag/EG90342921
Frame ID: DB2CD88E9DF0341819FD151D2842CEE1
Requests: 2 HTTP requests in this frame

Frame: https://nationwide.demdex.net/dest5.html?d_nsid=0
Frame ID: 092246E36256A73A77C2E854029D7AEE
Requests: 1 HTTP requests in this frame

Frame: https://analytics.analytics-egain.com/iframe/EG90342921
Frame ID: B61645F1D56B0E1FD72441AAFE1FE4F6
Requests: 1 HTTP requests in this frame

Frame: https://nationwide.egain.cloud/system/templates/chat/egain-docked-chat.js
Frame ID: F6D7CE9E976D8C732DD321F05A0BA16F
Requests: 1 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=ac575e30-078f-4d00-9e5c-06dc8ac067cb&no_iframe=1&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mt_exid=10068
Frame ID: 26A6853D58B51149BA49E2F9B6F22CE3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nationwide.co.uk/ HTTP 301
https://www.nationwide.co.uk/ Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

html /<input[^>]+name="__VIEWSTATE/i

Page Statistics

40
Requests

100 %
HTTPS

0 %
IPv6

8
Domains

13
Subdomains

11
IPs

7
Countries

729 kB
Transfer

1427 kB
Size

17
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://onlinebanking.nationwide.co.uk/AccessManagement/Login
Title: Login to Internet Banking

Search URL Search Domain Scan URL

URL: https://locations.nationwidebranches.co.uk/search
Title: Branch finder

Search URL Search Domain Scan URL

URL: https://onlinebanking.nationwide.co.uk/AccessManagement/IdentifyCustomer/IdentifyCustomer
Title: Log in menu - reveals log in & registration links for Internet Banking

Search URL Search Domain Scan URL

URL: https://onlinebanking.nationwide.co.uk/Registration/CustomerSelfRegistration/SelectAccountType
Title: Register

Search URL Search Domain Scan URL

URL: https://nationwide.aegon.co.uk/login
Title: Aegon Customer Dashboard

Search URL Search Domain Scan URL

URL: https://nationwide.landg.com/portalserver/my-l-and-g-syndicated/index
Title: Legal and General MyAccount

Search URL Search Domain Scan URL

URL: http://www.nationwidecommercial.co.uk/savings
Title: Business savings

Search URL Search Domain Scan URL

URL: http://www.nationwidecommercial.co.uk/
Title: Business customers

Search URL Search Domain Scan URL

URL: https://nationwidedemo.co.uk/en/registered/course/step/digital-lost-or-stolen-cards
Title: View our demo (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.nhs.uk/oneyou/every-mind-matters
Title: Get started today (This link will open in a new window)

Search URL Search Domain Scan URL

URL: http://www.nationwide-jobs.co.uk/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.fca.org.uk/
Title: FCA's website (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://twitter.com/AskNationwide
Title: Follow us on Twitter (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/NationwideBuildingSociety
Title: Like us on Facebook (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/nationwidebsocietyuk
Title: YouTube (This link will open in a new window)

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/nationwide-building-society
Title: LinkedIn (This link will open in a new window)

Search URL Search Domain Scan URL

URL: http://www.medallia.com/privacy/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.kantar.com/
Title:

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nationwide.co.uk/ HTTP 301
https://www.nationwide.co.uk/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://dpm.demdex.net/id?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784

Request Chain 17

https://cm.everesttech.net/cm/dd?d_uuid=83853064744454227200194874683721351244 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XjAMMwAAAQ7hkBTJ

Request Chain 39

https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1 HTTP 302
https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct&UUID=ac575e30-078f-4d00-9e5c-06dc8ac067cb

40 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request

Cookie set / Show response
www.nationwide.co.uk/
Redirect Chain

http://nationwide.co.uk/
https://www.nationwide.co.uk/

82 KB
24 KB

352ms
189ms

Document
text/html

155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

367c8307dc671effa86f466bed2dad7cd7495fd4cca2dce5619c3e5d6beb8bd8

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.nationwide.co.uk
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Set-Cookie: ASP.NET_SessionId=k2z3nzfkfupmxeousecisrnl; path=/; secure; HttpOnly SC_ANALYTICS_GLOBAL_COOKIE=5f06c1b31f1943378fee55fdc858e75c; expires=Mon, 28-Jan-2030 10:25:54 GMT; path=/; secure; HttpOnly SC_ANALYTICS_SESSION_COOKIE=2445489DED814D5AA2D1281849B246F2|1|k2z3nzfkfupmxeousecisrnl; path=/; secure; HttpOnly du=duNB;Path=/;Domain=www.nationwide.co.uk;Expires=Tue, 28-Jan-2020 10:45:54 GMT TS01d92654=01d658d16aca8b29ae3775c166803fa177edf26c5caa821a657821b6bba176c76a843d68f7db38a856d5626eed29f461121257a5da18fbca27bbd89d155f08fcc7414f15982f06b135c868d44a3ccfc7a26864c1bd62636ea81150254b40a079f614f70b4f; Path=/; Domain=.www.nationwide.co.uk TS01798c06=01d658d16aecb51bef384badd27c29eb27f0968788aa821a657821b6bba176c76a843d68f728cc1621ab6db954e7f1750934a4acf44c9112c5274aa21434ba3a66b7da4d5b; path=/; domain=www.nationwide.co.uk
Date: Tue, 28 Jan 2020 10:25:54 GMT
Content-Length: 19654
Strict-Transport-Security: max-age=16070400

Redirect headers

Location: https://www.nationwide.co.uk/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

GET
H/1.1 200
OK visibleOnly.min.css
www.nationwide.co.uk/assets/main-site/style/ 161 KB
34 KB 47ms
47ms Stylesheet
text/css 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/style/visibleOnly.min.css

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

73c7a7779be62b4ed0a9e3f40e3ac9158d05f032ae8afe322d9cb5f1f15c0a62

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 20 Jan 2020 11:48:24 GMT
ETag: "0f4398587cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=300
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 30740
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK nbs-essentials.min.js Show response
www.nationwide.co.uk/assets/main-site/script/bundle/ 207 KB
74 KB 121ms
57ms Script
application/x-javascript 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-essentials.min.js

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

f5ecb4cafaeeea9fcc116112989c76febbbd037aae0f8f3c8e598b7d9ddf6ddd

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 20 Jan 2020 11:48:28 GMT
ETag: "04e9c8787cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public,max-age=300
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 71042
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK meganavflyout.hotfix.css
www.nationwide.co.uk/~/media/MainSite/css/ 165 B
5 KB 143ms
81ms Stylesheet
text/css 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/~/media/MainSite/css/meganavflyout.hotfix.css

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

97606768c72e8c23be8da1f58a7cbaabc709819b8ab1790c157d6e51efc9e109

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 22 May 2019 09:15:35 GMT
ETag: df9ad4c064094f359ae5bb7ca6bf42b2
x-frame-options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public, no-cache="Set-Cookie", no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Content-Disposition: attachment; filename="meganavflyout.hotfix.css"
Strict-Transport-Security: max-age=16070400
Content-Length: 254
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK herocarousel.css
www.nationwide.co.uk/-/css/assets/main-site/generated/css/ 4 KB
5 KB 106ms
42ms Stylesheet
text/css 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/-/css/assets/main-site/generated/css/herocarousel.css?id=105EE154D48B4B5D87A51B75F7AB611D

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

574556a9c9dda19bc169685b4c976c1f644fb6498b7ce457bda41eb6e6e7ae20

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Tue, 28 Jan 2020 10:25:54 GMT
x-frame-options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Cache-Control: private
Strict-Transport-Security: max-age=16070400
Content-Length: 866
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK logo2xtrans.png
www.nationwide.co.uk/-/media/System/ 3 KB
7 KB 136ms
73ms Image
image/png 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/System/logo2xtrans.png?h=112&w=280

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

454356f4c771dd3d547ee65ea3f7c9aa7d80883833bb42159c0005f56f705d35

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Thu, 18 Aug 2016 09:09:42 GMT
ETag: 3b2826f147e04ab5a140d4bff2e97978
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, no-cache="Set-Cookie", no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 3041
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK banking-app-freeze-unfreeze-360x170.jpg
www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/07/freeze-unfreeze/ 81 KB
86 KB 655ms
592ms Image
image/jpeg 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/07/freeze-unfreeze/banking-app-freeze-unfreeze-360x170.jpg?h=170&la=en&w=360

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

fc4e3c1ab1d2f941ed4ff754900ee470065048ffa3a454f769b0e284f818018d

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Fri, 12 Jul 2019 13:06:15 GMT
ETag: 84ce7e893c574417a3b8739bd18ac11d
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, no-cache="Set-Cookie", no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 83278
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:55 GMT

GET
H/1.1 200
OK Bradley-Wiggins-with-board-360px.jpg
www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/12/every-mind-matters/ 13 KB
18 KB 58ms
57ms Image
image/jpeg 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/12/every-mind-matters/Bradley-Wiggins-with-board-360px.jpg?h=170&la=en&w=360

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

f4643fb92ab9f29080b2b0c96de3093a2bbc6d947bc8613efe9228be2d55c069

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Tue, 17 Dec 2019 10:28:19 GMT
ETag: 91cb9f39988d48fbb0be0ee731211110
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 13739
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK Lady-planting-flowers-360px.jpg
www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/08/Later-life-lending/ 38 KB
42 KB 62ms
61ms Image
image/jpeg 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/08/Later-life-lending/Lady-planting-flowers-360px.jpg?h=170&la=en&w=360

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

3dac591eab268fa1f4beaf35d6d4a7eb9c0b5aa1d7d60ecb8fd41d8abfdb58e0

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Wed, 14 Aug 2019 08:52:00 GMT
ETag: 5c64a36ce7ca403a8ef0d8b83b625b48
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 39034
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK nbs-homepage.min.js Show response
www.nationwide.co.uk/assets/main-site/script/bundle/ 181 KB
61 KB 41ms
40ms Script
application/x-javascript 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20190718

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

83daf922e727adfc108e249d5df17258b4e4cfd6bec2d6c66c06cd1db7b0fe91

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 20 Jan 2020 11:48:28 GMT
ETag: "04e9c8787cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public,max-age=300
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 58437
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK customer-satisfaction.hotfix.js Show response
www.nationwide.co.uk/-/media/MainSite/js/ 700 B
5 KB 57ms
57ms Script
application/x-javascript 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/-/media/MainSite/js/customer-satisfaction.hotfix.js

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

8cb7539186913a54afe9309acbf3cd28f4eddd0c1e6bb755951353451a2155a7

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 22 Feb 2018 12:08:15 GMT
ETag: 47848ed9f2cb4166a502dde8cdd19828
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Content-Disposition: attachment; filename="customer-satisfaction.hotfix.js"
Strict-Transport-Security: max-age=16070400
Content-Length: 472
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK launch-web-chat.min.js Show response
www.nationwide.co.uk/-/media/MainSite/js/ 6 KB
7 KB 53ms
52ms Script
application/x-javascript 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/-/media/MainSite/js/launch-web-chat.min.js

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

f2dee1677f5f6d2ebb9b1c6d80adc5c2825eae1f8716e786fab0373c9085a35c

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Thu, 31 Oct 2019 15:31:54 GMT
ETag: f422dd1e9ebe4ac584125e5d637506b6
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Content-Disposition: attachment; filename="launch-web-chat.min.js"
Strict-Transport-Security: max-age=16070400
Content-Length: 2635
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK Kantar-logo.png
www.nationwide.co.uk/-/media/MainSite/images/surveys/ 3 KB
7 KB 57ms
57ms Image
image/png 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/MainSite/images/surveys/Kantar-logo.png?h=50&la=en&w=265

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

c39c5b843f2b0bdd486f6af86d5570ec1b1d9f8a9d098094470b36ee463a3af9

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 22 Jul 2019 11:50:44 GMT
ETag: 7b147e0d27e8412287a14c1664e25d0e
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 2716
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:54 GMT

GET
H/1.1 200
OK logo2xtrans.png
www.nationwide.co.uk/-/media/System/ 7 KB
11 KB 58ms
58ms Image
image/png 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/System/logo2xtrans.png?h=53&la=en&w=133

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

ad6a2819689cad5bfe7ff1290f031d455d53c79399b28379e5d5199c84dd20de

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Thu, 18 Aug 2016 09:09:42 GMT
ETag: 3b2826f147e04ab5a140d4bff2e97978
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 6924
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:55 GMT

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784
https://dpm.demdex.net/id/rd?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784

0
-1 B

149ms
41ms

XHR

52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784
X-TID: UhZeoUejT8c=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.nationwide.co.uk
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.nationwide.co.uk
X-TID: UhZeoUejT8c=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK target.js Show response
cdn.tt.omtrdc.net/cdn/ 43 KB
14 KB 504ms
176ms Script
text/javascript 23.61.220.204
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tt.omtrdc.net/cdn/target.js
Requested by: Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-essentials.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.61.220.204 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-61-220-204.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Oct 2019 05:03:41 GMT
Server: Apache
ETag: "1fcda-aa3e-593d246a6d5b9"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: must-revalidate, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14200

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 369 B
1 KB 42ms
42ms XHR
application/json 52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=1D4334B852784A2D0A490D44%40AdobeOrg&d_nsid=0&ts=1580207154784

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7f845d8d8f34888a4a3aef3f2de764e5c49283506e3ca00e7263fc8c7db912dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.nationwide.co.uk/
Origin: https://www.nationwide.co.uk
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v058-0b33ff7f8.edge-irl1.demdex.com 5.64.4.20200120100612 4ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: fMXxt7CERRA=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.nationwide.co.uk
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 id Show response
smetrics.nationwide.co.uk/ 49 B
480 B 129ms
30ms XHR
application/x-javascript 15.188.31.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.nationwide.co.uk/id?d_visid_ver=4.0.0&d_fieldgroup=A&mcorgid=1D4334B852784A2D0A490D44%40AdobeOrg&mid=83814190722232965750196481134274182387&ts=1580207154997

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-essentials.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

38f4ac1ea979f9915e6792bd1cb8a9e088a7704be7fc440aa81a60b77fcb12b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
Origin: https://www.nationwide.co.uk
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Tue, 28 Jan 2020 10:25:54 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-67d6675784-rdt8v
vary: Origin
x-c: master-1118.I6e092d.M0-329
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.nationwide.co.uk
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript
content-length: 49
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XjAMMwAAAQ7hkBTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=83853064744454227200194874683721351244
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XjAMMwAAAQ7hkBTJ

42 B
915 B

38ms
38ms

Image
image/gif

52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XjAMMwAAAQ7hkBTJ

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v058-024ae364f.edge-irl1.demdex.com 5.64.4.20200120100612 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: uRDJ6xm1SMc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Tue, 28 Jan 2020 10:25:54 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XjAMMwAAAQ7hkBTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 json Show response
nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/ 4 KB
2 KB 112ms
33ms XHR
application/json 66.117.29.11
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/json?mbox=nw-global-mbox&mboxSession=c088379eb26b42afa18922245ce4dd5b&mboxPC=&mboxPage=4afb4a3714244d5996e4bc0e3b7c18e8&mboxRid=d579cda59bf64f99bfd30c269ef81413&mboxVersion=1.7.0&mboxCount=1&mboxTime=1580210754817&mboxHost=www.nationwide.co.uk&mboxURL=https%3A%2F%2Fwww.nationwide.co.uk%2F&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1585&browserTimeOffset=60&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&at_property=23e05754-9fa3-4581-5efa-ad424d2a15eb&mboxMCSDID=02A814F25315AA7F-19DCE5988A590596&vst.trk=metrics.nationwide.co.uk&vst.trks=smetrics.nationwide.co.uk&mboxMCGVID=83814190722232965750196481134274182387&mboxAAMB=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&mboxMCGLH=6
Requested by: Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-essentials.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.117.29.11 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: /
Resource Hash: f791d50acd09666c1d541e6e9cf9405b78e084ec307839a51f7c97ede4ae0ae3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.nationwide.co.uk/
Origin: https://www.nationwide.co.uk

Response headers

pragma: no-cache
date: Tue, 28 Jan 2020 10:25:54 GMT
content-encoding: gzip
content-type: application/json;charset=UTF-8
status: 200
vary: Origin,Accept-Encoding
p3p: CP="NOI DSP CURa OUR STP COM"
access-control-allow-origin: https://www.nationwide.co.uk
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
x-request-id: d579cda59bf64f99bfd30c269ef81413

GET
H/1.1 200
OK page-body.png
www.nationwide.co.uk/assets/main-site/images/background/ 2 KB
6 KB 43ms
42ms Image
image/png 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/assets/main-site/images/background/page-body.png

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

17561150e865649a9aeeee94cb0f7a17d5e77147d3f2edefbee566f95128ddb3

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/assets/main-site/style/visibleOnly.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 20 Jan 2020 11:48:32 GMT
ETag: "0a8fe8987cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public,max-age=300
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 2100
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ 83 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2c3b918df3d0dc8ce11328cd21f8d9defc5858231b70bb11cd896f2f0bf5ae46

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/gif;charset=UTF-8

GET
H/1.1 200
OK nbs-medium-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 33 KB
37 KB 39ms
39ms Font
application/x-font-woff 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/fonts/nbs-medium-webfont.woff

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

154f369084c28c7ceaf71531663e84382b0f3ac78fffa7f91c4543499b8ee41b

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.nationwide.co.uk/assets/main-site/style/visibleOnly.min.css
Origin: https://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 20 Jan 2020 11:48:50 GMT
ETag: "03db99487cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: public,max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 34084
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK Learning-to-ride-a-bike-1920px-edit.jpg
www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/12/15-percent-discount-homepage/ 100 KB
104 KB 58ms
58ms Image
image/jpeg 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nationwide.co.uk/-/media/MainSite/images/home-exit/2019/12/15-percent-discount-homepage/Learning-to-ride-a-bike-1920px-edit.jpg?h=768&w=1900

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

a57b4eb3e25ac0ac43e59a0dd0b6223ce67a6b5aef8710a513e423a8634366c4

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/-/css/assets/main-site/generated/css/herocarousel.css?id=105EE154D48B4B5D87A51B75F7AB611D
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Tue, 14 Jan 2020 11:31:46 GMT
ETag: 0bfa1ac74b6a48c798d8795391f595df
x-frame-options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, no-cache, max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Content-Length: 102688
x-xss-protection: 1; mode=block
Expires: Tue, 04 Feb 2020 10:25:55 GMT

GET
DATA 200
OK truncated
/ 8 KB
8 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c966bf9fbd36a14c1eb2e9f5abac1be3d43574dd0bfa0ffbef92dc8d68233f1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Origin: https://www.nationwide.co.uk

Response headers

Content-Type: application/font-woff

GET
H/1.1 200
OK nbs-bold-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 32 KB
37 KB 36ms
36ms Font
application/x-font-woff 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/fonts/nbs-bold-webfont.woff

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

5cfc1d72a6c4c817544222468ad1a2f27ed404481f529f223c05c1c52bb3ba2c

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.nationwide.co.uk/assets/main-site/style/visibleOnly.min.css
Origin: https://www.nationwide.co.uk

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified: Mon, 20 Jan 2020 11:48:50 GMT
ETag: "03db99487cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-font-woff
Cache-Control: public,max-age=604800
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 33208
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK essentials.min.css
www.nationwide.co.uk/assets/main-site/style/ 144 KB
33 KB 38ms
38ms Stylesheet
text/css 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/style/essentials.min.css

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

fda710da00586ec34af1e2cf30806d549704c4607c8424c425de3868a9c69d72

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 20 Jan 2020 11:48:24 GMT
ETag: "0f4398587cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=300
Date: Tue, 28 Jan 2020 10:25:54 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 29544
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK di.js Show response
cdn.decibelinsight.net/i/13607/68591/ 155 KB
63 KB 116ms
23ms Script
text/javascript 18.196.73.164
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.decibelinsight.net/i/13607/68591/di.js

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.196.73.164 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-196-73-164.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

927d4284780e206a06fcddaebd375e7083ec467a021558e92d07548f53cd4b32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Server: nginx
Connection: keep-alive
ETag: W/231006665-16FEBAFA912
Vary: Origin
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-HTTP-Method-Override
Expires: Tue, 28 Jan 2020 10:55:55 GMT

GET
H/1.1 200
OK EG90342921 Show response
analytics.analytics-egain.com/onetag/ Frame DB2C 17 KB
6 KB 184ms
40ms Script
text/javascript 34.248.236.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.analytics-egain.com/onetag/EG90342921
Requested by: Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.236.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-236-142.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c48ae1dec3a2947a1e53a08e497312d29300c6e6f353a59ce1f6fbe74165d7fb

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Server
Vary: Accept-Encoding
Content-Type: text/javascript;charset=utf-8
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 5711
Expires: Wed, 29 Jan 2020 10:25:55 GMT

GET
H/1.1 200
OK Cookie set dest5.html
nationwide.demdex.net/ Frame 0922 0
0 203ms
40ms Document
text/html 52.18.60.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nationwide.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-essentials.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.18.60.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-60-121.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: nationwide.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.nationwide.co.uk/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=83853064744454227200194874683721351244
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.nationwide.co.uk/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 21 Jan 2020 09:08:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=83853064744454227200194874683721351244;Path=/;Domain=.demdex.net;Expires=Sun, 26-Jul-2020 10:25:55 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: gNq47hntT0g=
Content-Length: 2764
Connection: keep-alive

GET
H/1.1 200
OK egain-chat.js Show response
nationwide.egain.cloud/system/templates/chat/ 2 KB
1 KB 181ms
30ms Script
application/javascript 51.140.72.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nationwide.egain.cloud/system/templates/chat/egain-chat.js
Requested by: Host: analytics.analytics-egain.com
URL: https://analytics.analytics-egain.com/onetag/EG90342921
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.140.72.164 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Nov 2019 22:28:45 GMT
Server: Microsoft-IIS/8.5
ETag: "a110da8ba899d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1068

GET
H/1.1 200
OK Offers.egain Show response
nationwide.egain.cloud/system/ 12 KB
3 KB 185ms
35ms Script
text/javascript 51.140.72.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nationwide.egain.cloud/system/Offers.egain?command=GetRulesJS&egofferpageurl=https%3A%2F%2Fwww.nationwide.co.uk%2F&egofferpagetitle=Nationwide%20Building%20Society%20%7C%20building%20society%2C%20nationwide&egofferpatternchecksum=
Requested by: Host: analytics.analytics-egain.com
URL: https://analytics.analytics-egain.com/onetag/EG90342921
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.140.72.164 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: 5337b05faed24941edb46bb2da5a3be67c419255872493e48b83470379bd71cb

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: no-cache
X-UA-Compatible: IE=EmulateIE9
Content-Length: 2127
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK EG90342921
analytics.analytics-egain.com/iframe/ Frame B616 0
0 41ms
41ms Document
text/html 34.248.236.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.analytics-egain.com/iframe/EG90342921
Requested by: Host: analytics.analytics-egain.com
URL: https://analytics.analytics-egain.com/onetag/EG90342921
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.236.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-236-142.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: analytics.analytics-egain.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.nationwide.co.uk/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.nationwide.co.uk/

Response headers

Cache-Control: max-age=86400
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Tue, 28 Jan 2020 10:25:55 GMT
Expires: Wed, 29 Jan 2020 10:25:55 GMT
Server
Vary: Accept-Encoding
Content-Length: 1624
Connection: keep-alive

GET
H2 200 s520172451861
smetrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.12.0/ 43 B
246 B 32ms
31ms Image
image/gif 15.188.31.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.12.0/s520172451861?AQB=1&ndh=1&pf=1&t=28%2F0%2F2020%2011%3A25%3A55%202%20-60&sdid=02A814F25315AA7F-19DCE5988A590596&mid=83814190722232965750196481134274182387&aamlh=6&ce=UTF-8&ns=nationwide&cdp=3&pageName=bw%3Ahomepage&g=https%3A%2F%2Fwww.nationwide.co.uk%2F&c.&page.&nbs_cms_page_version=406&.page&nbs_version_sc=a%3A2.12.0_v%3A4.0.0_at%3A1.7.0_d%3A0.4_20190228_002&nbs_id.&nbs_id_svicookie=D%3Ds_vi&nbs_id_sfidcookie=D%3Ds_fid&nbs_id_aid=D%3Daid&nbs_id_fid=D%3Dfid&nbs_id_mid=D%3Dmid&nbs_id_sdid=D%3Dsdid&.nbs_id&.c&cc=GBP&ch=Brochureware&events=event26&products=Internal%20ads%3BIntcmp_4169%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_4039%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_4160%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1%2CInternal%20ads%3BIntcmp_4080%3B%3B%3Bevent26%3D1%3Bevar47%3D%2B1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&tnt=102046%3A39%3A0%2C123010%3A1%3A0%2C&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Ahomepage&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=1D4334B852784A2D0A490D44%40AdobeOrg&AQE=1

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 28 Jan 2020 10:25:55 GMT
x-content-type-options: nosniff
x-c: master-1118.I6e092d.M0-329
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 29 Jan 2020 10:25:55 GMT
server: jag
xserver: anedge-67d6675784-mzbwr
etag: 3393469025900396544-4617570096784457046
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 27 Jan 2020 10:25:55 GMT

GET
H/1.1 200
OK tracker Show response
cloud-emea.analytics-egain.com/ Frame DB2C 153 B
390 B 153ms
38ms Script
application/json 34.248.236.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cloud-emea.analytics-egain.com/tracker?aId=EG90342921&seqId=1&pU=https%3A%2F%2Fwww.nationwide.co.uk%2F&pT=Nationwide%20Building%20Society%20%7C%20building%20society%2C%20nationwide&pR=&_cb_=EGAINCLOUD._callback.eg3a1d3ee809a41c
Requested by: Host: analytics.analytics-egain.com
URL: https://analytics.analytics-egain.com/onetag/EG90342921
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.236.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-236-142.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d439b7830c2713f4eaae5c2812caac3b4d3f466502e85d4de53076ed24fae450

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Server
Vary: Accept-Encoding
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 161

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 698294585a9b44f5abd3073732325a0436f19bfa7b3ae2b89c88653803011c95

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/gif;charset=UTF-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 387cfaa1ebcfdd7d3495a7372cf6381ea76fcd37fc500663f9799e896d537d6c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK egain-docked-chat.js Show response
nationwide.egain.cloud/system/templates/chat/ Frame F6D7 48 KB
11 KB 32ms
32ms Script
application/javascript 51.140.72.164
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://nationwide.egain.cloud/system/templates/chat/egain-docked-chat.js
Requested by: Host: nationwide.egain.cloud
URL: https://nationwide.egain.cloud/system/templates/chat/egain-chat.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.140.72.164 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: da05276c10c8b302283ed50840d69a0863ff5dc3bb186a87153d5c2c3f888aca

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:55 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Nov 2019 22:28:45 GMT
Server: Microsoft-IIS/8.5
ETag: "808c6c8ba899d51:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 10475

GET
H/1.1 200
OK nbs-lazy-load.min.js Show response
www.nationwide.co.uk/assets/main-site/script/bundle/ 31 KB
13 KB 41ms
41ms Script
application/x-javascript 155.131.144.68
Nationwide Buildi...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-lazy-load.min.js?v=20190404

Requested by

Host: www.nationwide.co.uk
URL: https://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20190718

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_CBC

Server

155.131.144.68 , United Kingdom, ASN8698 (Nationwide Building Society, GB),

Reverse DNS

Software

Resource Hash

1beda47f244ed8e38f3895919150cc2caa2e816509fac7880c011a0c64272062

Security Headers

Name	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Security-Policy: default-src *.bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src *.bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud *.omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ *.swiftype.com *.virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com *.bing.com https://assets.contently.com *.doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net *.virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 20 Jan 2020 11:48:28 GMT
ETag: "04e9c8787cfd51:0"
x-frame-options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: public,max-age=300
Date: Tue, 28 Jan 2020 10:25:55 GMT
Strict-Transport-Security: max-age=16070400
Accept-Ranges: bytes
Content-Length: 9226
x-xss-protection: 1; mode=block

GET
H2 200 s5107851347107
smetrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.12.0/ 43 B
140 B 30ms
26ms Image
image/gif 15.188.31.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://smetrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-2.12.0/s5107851347107?AQB=1&ndh=1&pf=1&t=28%2F0%2F2020%2011%3A25%3A55%202%20-60&mid=83814190722232965750196481134274182387&aamlh=6&ce=UTF-8&ns=nationwide&cdp=3&pageName=bw%3Ahomepage&g=https%3A%2F%2Fwww.nationwide.co.uk%2F&c.&nbs_custom_link.&pageName=D%3DpageName&linkName=D%3D%22o%7C%22%2Bpev2&.nbs_custom_link&.c&cc=GBP&v5=di-68591-F8552F39D408AE97107DAA135BBDD7BB26&c73=largeDesktop%20site%7Clandscape&pe=lnk_o&pev2=Decibel%20Insight%20Session%20ID&mcorgid=1D4334B852784A2D0A490D44%40AdobeOrg&lrt=36&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 28 Jan 2020 10:25:55 GMT
x-content-type-options: nosniff
x-c: master-1118.I6e092d.M0-329
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 29 Jan 2020 10:25:55 GMT
server: jag
xserver: anedge-67d6675784-4fz8l
etag: 3393469025900396544-4615076599296825113
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 27 Jan 2020 10:25:55 GMT

GET
H/1.1

200
OK

js Show response
pixel.mathtag.com/sync/
Redirect Chain

https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pe...
https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pe...

2 KB
2 KB

44ms
43ms

Script
text/javascript

2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct&UUID=ac575e30-078f-4d00-9e5c-06dc8ac067cb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 2049 2965a32 master cdg-pixel-x20 /
Resource Hash: 2b122e9def13765c30db13b9ab5f76d7afae888708ce201b5477d3a5a085dadf

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:56 GMT
Server: MT3 2049 2965a32 master cdg-pixel-x20
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 1570
Expires: Tue, 28 Jan 2020 10:26:14 GMT

Redirect headers

Date: Tue, 28 Jan 2020 10:25:56 GMT
Server: MT3 2049 2965a32 master cdg-pixel-x22
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct&UUID=ac575e30-078f-4d00-9e5c-06dc8ac067cb
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 0
Expires: Tue, 28 Jan 2020 10:26:14 GMT

GET
H/1.1 200
OK iframe
pixel.mathtag.com/sync/ Frame 26A6 0
0 86ms
44ms Document
text/html 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.mathtag.com/sync/iframe?mt_uuid=ac575e30-078f-4d00-9e5c-06dc8ac067cb&no_iframe=1&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mt_exid=10068
Requested by: Host: pixel.mathtag.com
URL: https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=https%3A%2F%2Fsmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct&UUID=ac575e30-078f-4d00-9e5c-06dc8ac067cb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 2049 2965a32 master zrh-pixel-x8 /
Resource Hash

Request headers

Host: pixel.mathtag.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://www.nationwide.co.uk/
Accept-Encoding: gzip, deflate, br
Cookie: uuid=ac575e30-078f-4d00-9e5c-06dc8ac067cb; uuidc=KL7Lc+tZIa43pOVxlOLdXzVrxUm++WyGvCB7ubiTRMWPRcIqEjuwoxzqXxDyVOBsevCY7MLYXA4bsS1psfan4JNoi3s+jfTf2aLJ1JVP+g8=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://www.nationwide.co.uk/

Response headers

Content-Type: text/html
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 2049 2965a32 master zrh-pixel-x8
Expires: Tue, 28 Jan 2020 10:25:55 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Tue, 28 Jan 2020 10:25:56 GMT
Content-Length: 2239
Connection: keep-alive

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ 43 B
480 B 41ms
41ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 2049 2965a32 master zrh-pixel-x23 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:25:56 GMT
Server: MT3 2049 2965a32 master zrh-pixel-x23
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 28 Jan 2020 10:25:55 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/misc/ 43 B
635 B 41ms
41ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 2049 2965a32 master zrh-pixel-x16 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.nationwide.co.uk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 28 Jan 2020 10:26:06 GMT
Server: MT3 2049 2965a32 master zrh-pixel-x16
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 28 Jan 2020 10:26:05 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 11:15:59	Name: demdex Value: 83853064744454227200194874683721351244
.nationwide.co.uk/	1970-01-19 06:56:48	Name: gpv_p19 Value: bw%3Ahomepage
.nationwide.co.uk/	1969-12-31 23:59:59	Name: hero-carousel Value: Y
.nationwide.co.uk/	1970-01-19 06:56:49	Name: mbox Value: session#c088379eb26b42afa18922245ce4dd5b#1580209015\|check#true#1580207215
.nationwide.co.uk/	1970-01-19 06:56:49	Name: mboxEdgeCluster Value: 26
.nationwide.co.uk/	1969-12-31 23:59:59	Name: AMCVS_1D4334B852784A2D0A490D44%40AdobeOrg Value: 1
.www.nationwide.co.uk/	1969-12-31 23:59:59	Name: TS01d92654 Value: 01d658d16a025d8afeaf1c2235ffa3a6b4219ad01caa821a657821b6bba176c76a843d68f7db38a856d5626eed29f461121257a5da18fbca27bbd89d155f08fcc7414f1598555c826e97fd003103770daf108a31e4a046816659066e7f4487be27c5c23e70
.nationwide.co.uk/	1970-01-20 00:27:59	Name: s_ecid Value: MCMID%7C83814190722232965750196481134274182387
.nationwide.co.uk/	1969-12-31 23:59:59	Name: s_cc Value: true
www.nationwide.co.uk/	1969-12-31 23:59:59	Name: SC_ANALYTICS_SESSION_COOKIE Value: 2445489DED814D5AA2D1281849B246F2\|0\|k2z3nzfkfupmxeousecisrnl
.nationwide.co.uk/	1970-01-20 00:29:25	Name: AMCV_1D4334B852784A2D0A490D44%40AdobeOrg Value: 1278862251%7CMCIDTS%7C18290%7CMCMID%7C83814190722232965750196481134274182387%7CMCAAMLH-1580811954%7C6%7CMCAAMB-1580811954%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1580214355s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18297%7CvVersion%7C4.0.0
.nationwide.co.uk/	1969-12-31 23:59:59	Name: check Value: true
.www.nationwide.co.uk/	1969-12-31 23:59:59	Name: TS01798c06 Value: 01d658d16aecb51bef384badd27c29eb27f0968788aa821a657821b6bba176c76a843d68f728cc1621ab6db954e7f1750934a4acf44c9112c5274aa21434ba3a66b7da4d5b
.www.nationwide.co.uk/	1970-01-19 06:56:48	Name: du Value: duNB
www.nationwide.co.uk/	1969-12-31 23:59:59	Name: EG-SEQ-ID Value: 1
www.nationwide.co.uk/	1970-01-22 22:37:06	Name: SC_ANALYTICS_GLOBAL_COOKIE Value: 5f06c1b31f1943378fee55fdc858e75c
www.nationwide.co.uk/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: k2z3nzfkfupmxeousecisrnl

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src .bing.com https://onlinebanking.nationwide.co.uk 'self'; connect-src .bing.com cdn.decibelinsight.net http://track.contently.com https://d083-uk.api.decibelinsight.net/ dpm.demdex.net https://enrolment.mynationwide.io/ wss://lo.msg.liveperson.net http://metrics.nationwide.co.uk/ https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud .omtrdc.net https://rsa.egain.cloud https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com https://smetrics.nationwide.co.uk/ .swiftype.com .virtualearth.net wss://cdn.decibelinsight.net https://www.googleadservices.com; font-src data: 'self'; frame-src accounts.google.com https://adservice.google.com/ apis.google.com .bing.com https://assets.contently.com .doubleclick.net https://analytics.analytics-egain.com/ googleads.g.doubleclick.net https://www.youtube.com https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://lo.tokenizer.liveperson.net https://lpcdn.lpsnmedia.net https://nationwide.demdex.net https://nationwide.egain.cloud https://nationwidedev1.egain.cloud notifyme-uat.nationwide-mats.co.uk platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com https://embed.ustudio.com/ www.facebook.com www.google.com .youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' ; media-src https://lpcdn.lpsnmedia.net; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src https://accdn.lpsnmedia.net analytics.analytics-egain.com apis.google.com assets.kampyle.com .bing.com https://www.adobetag.com clients1.google.com https://cloud-emea.analytics-egain.com connect.facebook.net http://assets.contently.com cse.google.com data: dpm.demdex.net https://analytics.analytics-egain.com https://nationwide.egain.cloud/ https://nationwidedev1.egain.cloud https://nationwidedev2.egain.cloud https://www.google.co.uk https://www.gstatic.com ipv4.google.com https://lo.v.liveperson.net https://lpcdn.lpsnmedia.net https://lptag.liveperson.net .nationwide.co.uk .omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk .reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://app.decibelinsight.com/js/hm.js https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://nationwidechat.prod.parature.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com https://cdn.tt.omtrdc.net .virtualearth.net https://s.ytimg.com 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com .bing.com cse.google.com .nationwide.co.uk https://nationwide.egain.cloud https://nationwidedev1.egain.cloud .reevoo.com 'self' .virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Strict-Transport-Security	max-age=16070400
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.analytics-egain.com
cdn.decibelinsight.net
cdn.tt.omtrdc.net
cloud-emea.analytics-egain.com
cm.everesttech.net
dpm.demdex.net
nationwide.co.uk
nationwide.demdex.net
nationwide.egain.cloud
nationwidebuildingso.tt.omtrdc.net
pixel.mathtag.com
smetrics.nationwide.co.uk
www.nationwide.co.uk
15.188.31.119
155.131.144.68
155.131.44.69
18.196.73.164
2.18.233.201
23.61.220.204
34.248.236.142
51.140.72.164
52.18.60.121
52.30.78.155
66.117.28.86
66.117.29.11
0b612f32a5ea492a7975ed975b6470c279f280a04ac4de1d027afe1c1e5923bb
154f369084c28c7ceaf71531663e84382b0f3ac78fffa7f91c4543499b8ee41b
17561150e865649a9aeeee94cb0f7a17d5e77147d3f2edefbee566f95128ddb3
1beda47f244ed8e38f3895919150cc2caa2e816509fac7880c011a0c64272062
2b122e9def13765c30db13b9ab5f76d7afae888708ce201b5477d3a5a085dadf
2c3b918df3d0dc8ce11328cd21f8d9defc5858231b70bb11cd896f2f0bf5ae46
367c8307dc671effa86f466bed2dad7cd7495fd4cca2dce5619c3e5d6beb8bd8
387cfaa1ebcfdd7d3495a7372cf6381ea76fcd37fc500663f9799e896d537d6c
38f4ac1ea979f9915e6792bd1cb8a9e088a7704be7fc440aa81a60b77fcb12b5
3dac591eab268fa1f4beaf35d6d4a7eb9c0b5aa1d7d60ecb8fd41d8abfdb58e0
454356f4c771dd3d547ee65ea3f7c9aa7d80883833bb42159c0005f56f705d35
5337b05faed24941edb46bb2da5a3be67c419255872493e48b83470379bd71cb
574556a9c9dda19bc169685b4c976c1f644fb6498b7ce457bda41eb6e6e7ae20
5cfc1d72a6c4c817544222468ad1a2f27ed404481f529f223c05c1c52bb3ba2c
698294585a9b44f5abd3073732325a0436f19bfa7b3ae2b89c88653803011c95
6c966bf9fbd36a14c1eb2e9f5abac1be3d43574dd0bfa0ffbef92dc8d68233f1
73c7a7779be62b4ed0a9e3f40e3ac9158d05f032ae8afe322d9cb5f1f15c0a62
7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d
7f845d8d8f34888a4a3aef3f2de764e5c49283506e3ca00e7263fc8c7db912dd
83daf922e727adfc108e249d5df17258b4e4cfd6bec2d6c66c06cd1db7b0fe91
8cb7539186913a54afe9309acbf3cd28f4eddd0c1e6bb755951353451a2155a7
927d4284780e206a06fcddaebd375e7083ec467a021558e92d07548f53cd4b32
97606768c72e8c23be8da1f58a7cbaabc709819b8ab1790c157d6e51efc9e109
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a57b4eb3e25ac0ac43e59a0dd0b6223ce67a6b5aef8710a513e423a8634366c4
ad6a2819689cad5bfe7ff1290f031d455d53c79399b28379e5d5199c84dd20de
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c39c5b843f2b0bdd486f6af86d5570ec1b1d9f8a9d098094470b36ee463a3af9
c48ae1dec3a2947a1e53a08e497312d29300c6e6f353a59ce1f6fbe74165d7fb
d439b7830c2713f4eaae5c2812caac3b4d3f466502e85d4de53076ed24fae450
da05276c10c8b302283ed50840d69a0863ff5dc3bb186a87153d5c2c3f888aca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2dee1677f5f6d2ebb9b1c6d80adc5c2825eae1f8716e786fab0373c9085a35c
f4643fb92ab9f29080b2b0c96de3093a2bbc6d947bc8613efe9228be2d55c069
f5ecb4cafaeeea9fcc116112989c76febbbd037aae0f8f3c8e598b7d9ddf6ddd
f791d50acd09666c1d541e6e9cf9405b78e084ec307839a51f7c97ede4ae0ae3
fc4e3c1ab1d2f941ed4ff754900ee470065048ffa3a454f769b0e284f818018d
fda710da00586ec34af1e2cf30806d549704c4607c8424c425de3868a9c69d72

www.nationwide.co.uk Open in urlscan Pro 155.131.144.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

40 Requests

100 %HTTPS

0 %IPv6

8 Domains

13 Subdomains

11 IPs

7 Countries

729 kBTransfer

1427 kBSize

17 Cookies

18 Outgoing links

Page URL History

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nationwide.co.uk Open in urlscan Pro
155.131.144.68 Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

100 %
HTTPS

0 %
IPv6

8
Domains

13
Subdomains

11
IPs

7
Countries

729 kB
Transfer

1427 kB
Size

17
Cookies

40 HTTP transactions
4 data transactions