urlscan.io logo urlscan.io
SecurityTrails logo

rewards.firstdirect.com Open in urlscan Pro
45.145.101.29  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92abee0f0e6cba7a5998785...
Effective URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Submission: On March 26 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 19 HTTP transactions. The main IP is 45.145.101.29, located in United Kingdom and belongs to UKFAST, GB. The main domain is rewards.firstdirect.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 31st 2023. Valid for: a year.
This is the only time rewards.firstdirect.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.111.48.1 14340 (SALESFORCE)
1 8 45.145.101.29 61323 (UKFAST)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2606:4700:e0:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
19 7
1    13.111.48.1 (United States)

ASN14340 (SALESFORCE, US)
PTR: click.mail01.hsbc.co.uk
click.mail01.hsbc.co.uk
8    45.145.101.29 (United Kingdom)

ASN61323 (UKFAST, GB)
PTR: rewards.firstdirect.com
rewards.firstdirect.com
2    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
3    2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2606:4700:e0::ac40:6a17 (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
8 firstdirect.com
rewards.firstdirect.com
797 KB
5 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3285
ka-f.fontawesome.com — Cisco Umbrella Rank: 7293
101 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 5
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 112
3 KB
1 gstatic.com
www.gstatic.com
199 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 108
97 KB
1 hsbc.co.uk
click.mail01.hsbc.co.uk
266 B
19 7
Domain Requested by
8 rewards.firstdirect.com 1 redirects rewards.firstdirect.com
4 ka-f.fontawesome.com kit.fontawesome.com
rewards.firstdirect.com
3 www.google.com rewards.firstdirect.com
www.gstatic.com
2 fonts.googleapis.com rewards.firstdirect.com
1 www.gstatic.com www.google.com
1 www.googletagmanager.com rewards.firstdirect.com
1 kit.fontawesome.com rewards.firstdirect.com
1 click.mail01.hsbc.co.uk 1 redirects
19 8

This site contains no links.

Subject Issuer Validity Valid
rewards.firstdirect.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-07-30		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
www.google.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
ka-f.fontawesome.com
GTS CA 1P5		 2024-03-05 -
2024-06-03		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh
*.google.com
GTS CA 1C3		 2024-02-26 -
2024-05-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://rewards.firstdirect.com/spendandspin/1/game/form
Frame ID: EDC24215F282283880895E81EB54D159
Requests: 17 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfxftIUAAAAABvBPzuTQuKZ3DdGxGyoOuUNliJz&co=aHR0cHM6Ly9yZXdhcmRzLmZpcnN0ZGlyZWN0LmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=n6730enayia0
Frame ID: A4995962381A9C295111641BB2C6D765
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfxftIUAAAAABvBPzuTQuKZ3DdGxGyoOuUNliJz
Frame ID: 60CF5C43FCEF16C26F012ABD011BD793
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

First Direct - Spend And Spin - complete the form below to start spinning

Page URL History Show full URLs

  1. http://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92a... HTTP 307
    https://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92a... HTTP 302
    https://rewards.firstdirect.com/spendandspin/1/?cid=EML_FD_EN_M4088_0&eid=EML_FD_EN_M4088_0 HTTP 302
    https://rewards.firstdirect.com/spendandspin/1/game/form Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

19
Requests

100 %
HTTPS

75 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

1195 kB
Transfer

2968 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92abee0f0e6cba7a59987850244ff7fb6fd1857648fe024adb3a5684b44 HTTP 307
    https://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92abee0f0e6cba7a59987850244ff7fb6fd1857648fe024adb3a5684b44 HTTP 302
    https://rewards.firstdirect.com/spendandspin/1/?cid=EML_FD_EN_M4088_0&eid=EML_FD_EN_M4088_0 HTTP 302
    https://rewards.firstdirect.com/spendandspin/1/game/form Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request form
rewards.firstdirect.com/spendandspin/1/game/
Redirect Chain
  • http://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92abee0f0e6cba7a59987850244ff7fb6fd1857648fe024adb3a5684b44
  • https://click.mail01.hsbc.co.uk/?qs=3a20f1666412ea469bc76abd03e4e968342729237f90a26fa0b30864c6478702e833e92abee0f0e6cba7a59987850244ff7fb6fd1857648fe024adb3a5684b44
  • https://rewards.firstdirect.com/spendandspin/1/?cid=EML_FD_EN_M4088_0&eid=EML_FD_EN_M4088_0
  • https://rewards.firstdirect.com/spendandspin/1/game/form
32 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
e0ec77393f25a43e77621101ba1f5a56b25547479e6d697be2ca7ba35da7c1b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options sameorigin DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
max-age=0, must-revalidate, no-cache, no-store, private
content-length
32690
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 26 Mar 2024 20:22:39 GMT
expires
Sat, 01 Jan 1990 00:00:00 GMT
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self) accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
pragma
no-cache
referrer-policy
no-referrer origin
strict-transport-security
max-age=31536000; includeSubDomains max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
x-download-options
noopen
x-frame-options
sameorigin DENY
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, private
content-length
470
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none same-origin
cross-origin-resource-policy
cross-origin
date
Tue, 26 Mar 2024 20:22:38 GMT
location
https://rewards.firstdirect.com/spendandspin/1/game/form
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=*, encrypted-media=(self), execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=(self), geolocation=(self), gyroscope=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=*, publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=*, usb=(self), web-share=(self), xr-spatial-tracking=(self) accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
referrer-policy
no-referrer origin
strict-transport-security
max-age=31536000; includeSubDomains max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
x-download-options
noopen
x-frame-options
sameorigin DENY
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
icon
fonts.googleapis.com/ 		569 B
775 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
452410fef223a412e5608205fc069ecc35a4d919b413b3422a714a17ebfd0651
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 26 Mar 2024 20:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 26 Mar 2024 20:22:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 26 Mar 2024 20:22:39 GMT
3de40f231b.js
kit.fontawesome.com/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/3de40f231b.js
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55f3c0652fe909e0a1472187441d8c90cffc55d512091a51b1fca5a8a15dc266

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
Origin
https://rewards.firstdirect.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:39 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
24
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
content-type
text/javascript
cache-control
max-age=60, public, stale-while-revalidate=30
cf-ray
86a9daa30aaf3dca-LHR
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F8Bpc3szG5d8N5B6OlYi
front.css
rewards.firstdirect.com/spendandspin/1/css/ 		543 KB
85 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rewards.firstdirect.com/spendandspin/1/css/front.css?id=8eef5998ec06429401d682fea07c6e54
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
ea6986c816c537e0bc1396aff14bfa3423e499eb45985d3dabc96e195758e27e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin
last-modified
Mon, 04 Mar 2024 11:06:51 GMT
cross-origin-opener-policy
same-origin
etag
"8017fae246eda1:0"
date
Tue, 26 Mar 2024 20:22:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
content-length
86525
teomhKoIUZ.css
rewards.firstdirect.com/spendandspin/1/css/brand/ 		70 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://rewards.firstdirect.com/spendandspin/1/css/brand/teomhKoIUZ.css?time=1711484559
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
ff5128fd93f5b13810ec94ae9c137f110e3625f35deed23a14a765a9ce816cf6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin
last-modified
Thu, 15 Feb 2024 17:29:55 GMT
cross-origin-opener-policy
same-origin
etag
"80ab12973460da1:0"
date
Tue, 26 Mar 2024 20:22:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
content-length
9210
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
15347086a4c3f7a12d7ae800fa711b988a1c1c1572262d53b9295d1e1a089e8a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Tue, 26 Mar 2024 20:22:39 GMT
js
www.googletagmanager.com/gtag/ 		290 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-18K806J7PR
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
461f054c3595b9939000fd41f0ec3808af2e066ee78b531127f2a5ee41cf01eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:40 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99251
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 26 Mar 2024 20:22:40 GMT
logo.png
rewards.firstdirect.com/spendandspin/1/images/brands/teomhKoIUZ/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rewards.firstdirect.com/spendandspin/1/images/brands/teomhKoIUZ/logo.png
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
27a89e9ac81cffe51966de081e4a3fddeaf12ac786e74fb7df59a714c1c9a310
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Tue, 26 Mar 2024 20:22:39 GMT
x-content-type-options
nosniff
referrer-policy
origin
last-modified
Wed, 05 Jul 2023 08:26:26 GMT
cross-origin-opener-policy
same-origin
etag
"065a6631aafd91:0"
x-frame-options
DENY
content-type
image/png
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
content-length
20239
NVz7nUK0.gif
rewards.firstdirect.com/spendandspin/1/images/page/L3aBmX4Zr0QtsIim1Ouu/ 		343 KB
344 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rewards.firstdirect.com/spendandspin/1/images/page/L3aBmX4Zr0QtsIim1Ouu/NVz7nUK0.gif
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
091576c9d17806bc2d2b7daa7000cf69f9b590fe2f7384069aad301add5c66e5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Tue, 26 Mar 2024 20:22:39 GMT
x-content-type-options
nosniff
referrer-policy
origin
last-modified
Tue, 19 Mar 2024 12:03:31 GMT
cross-origin-opener-policy
same-origin
etag
"9fab2376f579da1:0"
x-frame-options
DENY
content-type
image/gif
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
content-length
351457
front.js
rewards.firstdirect.com/spendandspin/1/js/ 		976 KB
298 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rewards.firstdirect.com/spendandspin/1/js/front.js?id=1786c4f81b5fa626f5e92eca1dd8ae96
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
54e8a4bc364200a724deeb11be8eb9777b6108f0d4da6a126559aae9f84470a8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin
last-modified
Mon, 04 Mar 2024 11:06:51 GMT
cross-origin-opener-policy
same-origin
etag
"8017fae246eda1:0"
date
Tue, 26 Mar 2024 20:22:39 GMT
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
content-length
304113
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=3de40f231b
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/3de40f231b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6a17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:40 GMT
via
1.1 532ff8019b690b232af4903307ca5eb4.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
LHR5-P6
age
307926
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iBaUowYJ4TtSkrow1Q76XZeAD0EN8Kv%2BRYI3op6K%2BaRM57oNfFOvTRJC2me%2FD2C6RvSHfKD0828vGw%2BDbBDO0OFOBvDCzbxV5D4bL6agpMo0zqpdkSX8jtobiNmuFSv1s0fLigtTXDnKdgCQIm8zW8KJrw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
86a9daa54a4c94e4-LHR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
0cAJiI-6kt-gyTS6sRchYE0r0IMXfA0kJxNfNk3XEV78ROemwHiyUA==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=3de40f231b
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/3de40f231b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6a17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:40 GMT
via
1.1 6699805b9870134f60ff76c262d76a02.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
LHR5-P6
age
345058
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ZDP%2BRpZC%2FiMjlFdZulW26MztF52voVQ13RTMLa8fVxmxC0hnNGVGaIMWqqWH%2BGzyrHp3VF2kRKGGgWeFBDY8Avy01M4DItGoOYyJopDe8aHogiE%2FVn83zYCS0Ek6yGSC2GzwIAZwVJxp4bqGGBg9xj4ew%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
86a9daa54a4e94e4-LHR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
2sPscUx8X9YINTToU3Kqn7kNH7MO9SfVQ7CapZVOteex-UOng64f2A==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		3 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=3de40f231b
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/3de40f231b.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6a17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:40 GMT
via
1.1 02462ba58311d13c5134d2086aba8b32.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
LHR5-P6
age
307926
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2SGamWFiKuUfMD%2FCDny7k0ft6vGURv%2BNpn2676vmtJRx0hrOaiw%2BhsI4kmr%2FAPLX10gGaH7nAIv7%2BkouW%2FaQMp4p16kQoH8ifPxNg1NEstYI%2BiQqkQwwn5AJZrZK9na8FVrNZHGz%2FwUFsfJL2%2FEcrxFdA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
86a9daa54a4494e4-LHR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
yj6EnbrRTd2PobaJqFnovVKC0iGpWRiMfkPTJzhohZWeH1nN33HkJw==
css
fonts.googleapis.com/ 		17 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/css/front.css?id=8eef5998ec06429401d682fea07c6e54
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4a8efbd7506eff9fa3c89d25389524012c9d5fd972ff17dfff0f283d0b01d07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Tue, 26 Mar 2024 20:22:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 26 Mar 2024 20:10:46 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 26 Mar 2024 20:22:39 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/ 		499 KB
199 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f3756825df5194a174b7a55ebd3b484c276766eef21343d34b053b98ed386801
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
Origin
https://rewards.firstdirect.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 18:06:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8177
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
203410
x-xss-protection
0
last-modified
Mon, 25 Mar 2024 04:00:24 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 26 Mar 2025 18:06:23 GMT
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
Requested by
Host: rewards.firstdirect.com
URL: https://rewards.firstdirect.com/spendandspin/1/game/form
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6a17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
Origin
https://rewards.firstdirect.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 26 Mar 2024 20:22:40 GMT
via
1.1 1fbc4ed92487877d10ad1d7d3fa8355e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
LHR5-P6
age
275476
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
78168
last-modified
Wed, 04 Aug 2021 18:58:24 GMT
server
cloudflare
etag
"a9fd1225fb2cd32320e2b931dca01089"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fYFWsPxeAaaSYNsWdv7xRlGs0IcfROjxptfBQA9pUT1Jo5BMl%2Fd%2F%2FwS95%2BX2we47QM8tYa%2BX7Xkl4IhfFELQlAqN9xLqaLXphyqWsH5v4fnJnYpjb36HgXxvIOnnzfnQtDYCBKrOg2nAIIiGC1TWc4CMpg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
86a9daa5babe94e4-LHR
access-control-allow-headers
fa-kit-token
x-amz-cf-id
8IL7HtxY3Jw3LEn0qouYPw3udAtfPJ9Iad3nQh6lGo1JZP7nHdZbQQ==
anchor
www.google.com/recaptcha/api2/ Frame A499 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfxftIUAAAAABvBPzuTQuKZ3DdGxGyoOuUNliJz&co=aHR0cHM6Ly9yZXdhcmRzLmZpcnN0ZGlyZWN0LmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&cb=n6730enayia0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-B-KAugekK2iEDf-l7RH4iA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rewards.firstdirect.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-GB,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-B-KAugekK2iEDf-l7RH4iA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 26 Mar 2024 20:22:40 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
bframe
www.google.com/recaptcha/api2/ Frame 60CF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfxftIUAAAAABvBPzuTQuKZ3DdGxGyoOuUNliJz
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Yf7LDlDL-aYDtDvfcgT6pg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rewards.firstdirect.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-GB,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Yf7LDlDL-aYDtDvfcgT6pg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Tue, 26 Mar 2024 20:22:41 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
favicon.png
rewards.firstdirect.com/spendandspin/1/images/brands/teomhKoIUZ/ 		418 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://rewards.firstdirect.com/spendandspin/1/images/brands/teomhKoIUZ/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.145.101.29 , United Kingdom, ASN61323 (UKFAST, GB),
Reverse DNS
rewards.firstdirect.com
Software
/
Resource Hash
1c28d521c62067879b549dc5b59e8542e9f6ea5948916aafc3b28af0892d9b5f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://rewards.firstdirect.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Tue, 26 Mar 2024 20:22:41 GMT
x-content-type-options
nosniff
referrer-policy
origin
last-modified
Wed, 05 Jul 2023 08:26:26 GMT
cross-origin-opener-policy
same-origin
etag
"065a6631aafd91:0"
x-frame-options
DENY
content-type
image/png
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
content-length
418

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onpagereveal object| FontAwesomeKitConfig object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client string| code function| gtag object| dataLayer boolean| ga-disable-G-18K806J7PR function| jQuery function| $ function| SimpleMDE function| axios number| uidEvent object| modal_callbacks object| modal_open function| modalHandleEvents function| modalHandleResponse function| modalHandleMessage function| modalHandleValidation function| submitModalForm function| displayModal function| openModalForm function| ajaxGet function| ajaxPost function| doConfirm function| Inputmask function| mobileCheck function| trapKeyboardFocus function| initMap object| recaptcha object| closure_lm_234896 object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady

3 Cookies

Domain/Path Name / Value
rewards.firstdirect.com/ Name: SERVERID
Value: WEB01|ZgMuk|ZgMuk
rewards.firstdirect.com/ Name: XSRF-TOKEN
Value: eyJpdiI6Im04Lzl5Vm9tck5hNmNxdWlKYlQ1Zmc9PSIsInZhbHVlIjoiTXNWVklUdSsrK010TmJiWkUvc0dyODNoM05OS2txNVYwZWQ3VVUwOWZ3c0VzTzZETzNnejkrbXhaVnZxR3JSOXUwMmk1SVdFWVB5MmJBM0owc3h2Z3d4QmpQc1JwZ2dDQXB2MUczNGpJZGNNbUtUa1pidzIwN3JXYTZNNXQyTjciLCJtYWMiOiI2Nzk1OTkyZGNlYjgwMDAzZTk4MzUyMzk2YTQ5ZDgyYTRlZmMzYWJhMTc0ZjgzNGFmNmQzZjZmZGJlODA2ZDY0IiwidGFnIjoiIn0%3D
rewards.firstdirect.com/ Name: first_direct_spend_and_spin_session
Value: eyJpdiI6IlJOUmUvcGQ5am03bGE3TWlUUElTQmc9PSIsInZhbHVlIjoiVFZpNGVoQWdmZDZOVmFMcEVyOCtLN3o4d2UxQW5EdnBFbkQrU25MWHFEWldBa3N4Ri9YYytORzlvVHZBQTZvUWwwRTRDQThVQ0poUmRMWlFhRk5kSEtPOGhLL21WNm5qYmgreU15ekU2TTVFVFpLekhRY3ROYlB5bHlvYWRKYXUiLCJtYWMiOiJkODJmYTEzYTE3M2M5YTFmMWY5YzkyODA3MGJmMTM2OTczOWQ3OTVmOTdkNmI2MzY3MTkzM2VkN2RiMzUzZDY1IiwidGFnIjoiIn0%3D

7 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Frame-Options sameorigin DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

click.mail01.hsbc.co.uk
fonts.googleapis.com
ka-f.fontawesome.com
kit.fontawesome.com
rewards.firstdirect.com
www.google.com
www.googletagmanager.com
www.gstatic.com
13.111.48.1
2606:4700:4400::ac40:93bc
2606:4700:e0::ac40:6a17
2a00:1450:4001:802::2008
2a00:1450:4001:811::2004
2a00:1450:4001:827::200a
2a00:1450:4001:828::2003
45.145.101.29
091576c9d17806bc2d2b7daa7000cf69f9b590fe2f7384069aad301add5c66e5
15347086a4c3f7a12d7ae800fa711b988a1c1c1572262d53b9295d1e1a089e8a
1c28d521c62067879b549dc5b59e8542e9f6ea5948916aafc3b28af0892d9b5f
27a89e9ac81cffe51966de081e4a3fddeaf12ac786e74fb7df59a714c1c9a310
452410fef223a412e5608205fc069ecc35a4d919b413b3422a714a17ebfd0651
461f054c3595b9939000fd41f0ec3808af2e066ee78b531127f2a5ee41cf01eb
54e8a4bc364200a724deeb11be8eb9777b6108f0d4da6a126559aae9f84470a8
55f3c0652fe909e0a1472187441d8c90cffc55d512091a51b1fca5a8a15dc266
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
b4a8efbd7506eff9fa3c89d25389524012c9d5fd972ff17dfff0f283d0b01d07
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7
e0ec77393f25a43e77621101ba1f5a56b25547479e6d697be2ca7ba35da7c1b7
ea6986c816c537e0bc1396aff14bfa3423e499eb45985d3dabc96e195758e27e
f3756825df5194a174b7a55ebd3b484c276766eef21343d34b053b98ed386801
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
ff5128fd93f5b13810ec94ae9c137f110e3625f35deed23a14a765a9ce816cf6