urlscan.io logo urlscan.io
SecurityTrails logo

identity.marksandspencer.insure-systems.co.uk Open in urlscan Pro
2a02:26f0:11a::5f65:1733  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://marksandspencer.insure-systems.co.uk/SelfService/security/login/loginregister
Effective URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_u...
Submission: On February 01 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 5 countries across 11 domains to perform 46 HTTP transactions. The main IP is 2a02:26f0:11a::5f65:1733, located in Vienna, Austria and belongs to AKAMAI-ASN1, NL. The main domain is identity.marksandspencer.insure-systems.co.uk.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on November 2nd 2022. Valid for: a year.
This is the only time identity.marksandspencer.insure-systems.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 4 195.171.22.12 2856 (BT-UK-AS ...)
3 2a02:26f0:11a... 20940 (AKAMAI-ASN1)
11 195.171.22.9 2856 (BT-UK-AS ...)
2 2a00:1450:400... 15169 (GOOGLE)
7 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 178.249.101.23 11054 (LIVEPERSON)
1 18.200.4.79 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
3 178.249.101.99 11054 (LIVEPERSON)
7 178.249.97.98 11054 (LIVEPERSON)
1 18.133.81.95 16509 (AMAZON-02)
2 178.249.97.70 11054 (LIVEPERSON)
46 14
4    195.171.22.12 (Biggleswade, United Kingdom)

ASN2856 (BT-UK-AS BTnet UK Regional network, GB)
marksandspencer.insure-systems.co.uk
3    2a02:26f0:11a::5f65:1733 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)
identity.marksandspencer.insure-systems.co.uk
account.marksandspencer.insure-systems.co.uk
11    195.171.22.9 (Biggleswade, United Kingdom)

ASN2856 (BT-UK-AS BTnet UK Regional network, GB)
cdn.bglgroup.io
2    2a00:1450:400d:80d::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
2    178.249.101.23 (United States)

ASN11054 (LIVEPERSON, US)
lptag.liveperson.net
1    18.200.4.79 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-4-79.eu-west-1.compute.amazonaws.com
bisil.tt.omtrdc.net
2    2a00:1450:400d:803::200e (Ireland)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    178.249.101.99 (United States)

ASN11054 (LIVEPERSON, US)
PTR: am-accdn.lpsnmedia.net
accdn.lpsnmedia.net
7    178.249.97.98 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-lpcdn.lpsnmedia.net
lpcdn.lpsnmedia.net
1    18.133.81.95 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-133-81-95.eu-west-2.compute.amazonaws.com
bcs-twil.bgli.net
2    178.249.97.70 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo.v.liveperson.net
lo.v.liveperson.net
Apex Domain
Subdomains		 Transfer
11 bglgroup.io
cdn.bglgroup.io — Cisco Umbrella Rank: 659554
4 MB
10 lpsnmedia.net
accdn.lpsnmedia.net — Cisco Umbrella Rank: 3250
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 3649
417 KB
7 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 385
124 KB
7 insure-systems.co.uk
marksandspencer.insure-systems.co.uk
identity.marksandspencer.insure-systems.co.uk
account.marksandspencer.insure-systems.co.uk
40 KB
4 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 3267
lo.v.liveperson.net — Cisco Umbrella Rank: 16297
112 KB
3 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 475
104 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 21
20 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
131 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34
2 KB
1 bgli.net
bcs-twil.bgli.net — Cisco Umbrella Rank: 570213
592 B
1 omtrdc.net
bisil.tt.omtrdc.net — Cisco Umbrella Rank: 912410
688 B
46 11
Domain Requested by
11 cdn.bglgroup.io identity.marksandspencer.insure-systems.co.uk
cdn.bglgroup.io
7 lpcdn.lpsnmedia.net lptag.liveperson.net
7 cdn.cookielaw.org cdn.bglgroup.io
cdn.cookielaw.org
4 marksandspencer.insure-systems.co.uk 4 redirects
3 accdn.lpsnmedia.net lptag.liveperson.net
lpcdn.lpsnmedia.net
3 assets.adobedtm.com cdn.bglgroup.io
assets.adobedtm.com
2 lo.v.liveperson.net lptag.liveperson.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 lptag.liveperson.net cdn.bglgroup.io
2 www.googletagmanager.com cdn.bglgroup.io
2 fonts.googleapis.com cdn.bglgroup.io
2 identity.marksandspencer.insure-systems.co.uk identity.marksandspencer.insure-systems.co.uk
1 bcs-twil.bgli.net cdn.bglgroup.io
1 bisil.tt.omtrdc.net assets.adobedtm.com
1 account.marksandspencer.insure-systems.co.uk identity.marksandspencer.insure-systems.co.uk
46 15
Subject Issuer Validity Valid
account.marksandspencer.insure-systems.co.uk
Sectigo RSA Organization Validation Secure Server CA		 2022-11-02 -
2023-11-02		 a year crt.sh
cdn.bglgroup.io
Sectigo RSA Extended Validation Secure Server CA		 2022-08-31 -
2023-08-31		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2022-05-01 -
2023-05-01		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-19 -
2023-08-19		 a year crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2022-04-26 -
2023-04-26		 a year crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-01 -
2023-09-01		 a year crt.sh
*.lpsnmedia.net
Sectigo RSA Organization Validation Secure Server CA		 2023-01-09 -
2024-01-09		 a year crt.sh
bcs-twil.bgli.net
Amazon		 2023-01-03 -
2024-02-02		 a year crt.sh
*.v.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2022-03-22 -
2023-03-22		 a year crt.sh

This page contains 2 frames:

Primary Page: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Frame ID: 293B6A9A4E96D5FE3FFE815E109B763F
Requests: 45 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk&site=82357525&env=prod&isCrossDomain=true
Frame ID: 59A5FB9E8DC06F321D6280AE5D00BCE9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

M&S Car Insurance arranged and administered by BISL Limited Login PageBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://marksandspencer.insure-systems.co.uk/SelfService/security/login/loginregister HTTP 302
    https://marksandspencer.insure-systems.co.uk/serviceredirect/selfservice/security/login/loginregister HTTP 302
    https://marksandspencer.insure-systems.co.uk/serviceredirect/securedredirect/requestredirector HTTP 302
    https://marksandspencer.insure-systems.co.uk/serviceredirect/Account/ExternalLogin?ReturnUrl=%2Fserviceredirect%2Fsecured... HTTP 302
    https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

46
Requests

100 %
HTTPS

43 %
IPv6

11
Domains

15
Subdomains

14
IPs

5
Countries

4883 kB
Transfer

7198 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://marksandspencer.insure-systems.co.uk/SelfService/security/login/loginregister HTTP 302
    https://marksandspencer.insure-systems.co.uk/serviceredirect/selfservice/security/login/loginregister HTTP 302
    https://marksandspencer.insure-systems.co.uk/serviceredirect/securedredirect/requestredirector HTTP 302
    https://marksandspencer.insure-systems.co.uk/serviceredirect/Account/ExternalLogin?ReturnUrl=%2Fserviceredirect%2Fsecuredredirect%2Frequestredirector HTTP 302
    https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

46 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorization.oauth2
identity.marksandspencer.insure-systems.co.uk/as/
Redirect Chain
  • https://marksandspencer.insure-systems.co.uk/SelfService/security/login/loginregister
  • https://marksandspencer.insure-systems.co.uk/serviceredirect/selfservice/security/login/loginregister
  • https://marksandspencer.insure-systems.co.uk/serviceredirect/securedredirect/requestredirector
  • https://marksandspencer.insure-systems.co.uk/serviceredirect/Account/ExternalLogin?ReturnUrl=%2Fserviceredirect%2Fsecuredredirect%2Frequestredirector
  • https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems...
8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::5f65:1733 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c72a44f0bc9ee19a02e0245453ccdfe59b9d9d11be0af09e7c47633e3f9c1ca3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Length
8011
Content-Type
text/html;charset=utf-8
Date
Wed, 01 Feb 2023 20:40:16 GMT
Expires
Wed, 01 Feb 2023 20:40:16 GMT
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=15768000 ; includeSubDomains ; preload
X-Frame-Options
SAMEORIGIN

Redirect headers

Access-Control-Expose-Headers
Request-Context
Cache-Control
private
Content-Length
0
Date
Wed, 01 Feb 2023 20:40:15 GMT
Location
https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Xss-Protection
1; mode=block
brand.css
cdn.bglgroup.io/marksandspencer/css/ 		453 KB
92 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/css/brand.css
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
2a3b53a9ff068f041101e32e4cab3ebe406a23f58dfd9aded12db4af71149105
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Transfer-Encoding
chunked
block-all-mixed-content
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Cteonnt-Length
463600
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:56 GMT
ETag
"066e123e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Access-Control-Expose-Headers
Request-Context
Cache-Control
private
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
jquery.js
cdn.bglgroup.io/marksandspencer/scripts/jquery/ 		292 KB
297 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/scripts/jquery/jquery.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
a28d76c983b06d87eb2c6d6deaff7e1d4faf32f12794a92bd5e21c754c06ed9b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
298502
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:50 GMT
ETag
"0df4d20e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
bgl.common.js
cdn.bglgroup.io/marksandspencer/scripts/bgl/ 		84 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/scripts/bgl/bgl.common.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
deb9f59ee53faf2ca5f245da6554e4e69956cbca72fa4f8c2c092c85b8823540
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:15 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
85754
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:50 GMT
ETag
"0df4d20e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
jquery.validate.min.js
account.marksandspencer.insure-systems.co.uk/js/ 		24 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://account.marksandspencer.insure-systems.co.uk/js/jquery.validate.min.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::5f65:1733 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b78fbbab2e06e91f83dd4b5c5b8768e6ab32aa480a864b19604456137e98e98e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
block-all-mixed-content
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15768000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
24431
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 19 Jan 2023 14:53:12 GMT
X-Frame-Options
DENY
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
application/javascript
Cache-Control
max-age=0
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none'
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 20:40:16 GMT
analytics.js
cdn.bglgroup.io/marksandspencer/ping/ 		3 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/ping/analytics.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
7dbdbd0b77b9897ea08c0aad857070f9f1e9bdc8ab55c1dc08c65b7e5413bba3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
3356
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:56 GMT
ETag
"066e123e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
logo-brand.svg
cdn.bglgroup.io/marksandspencer/images/ 		17 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bglgroup.io/marksandspencer/images/logo-brand.svg
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
e0f3dbee78dc98bb3f83be92d46890dabab06830edb867368e087c2c26b7ab81
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
16939
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:50 GMT
ETag
"0df4d20e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
bgl.components.houston.js
cdn.bglgroup.io/marksandspencer/scripts/ 		24 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/scripts/bgl.components.houston.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
dab4ac617e852bfc7d8955d105a9323a4d8036df6c124a7fb26e7fe101a24f8d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
24071
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:52 GMT
ETag
"0c7f21e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
houston.js
cdn.bglgroup.io/marksandspencer/ping/ 		13 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/ping/houston.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
11d2e2763772584d2ea7a1f665b12ba47d152d3c29342f0f320f34b6ad22ff4a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
13030
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:56 GMT
ETag
"066e123e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
html.form.login.template.budget-validate.js
identity.marksandspencer.insure-systems.co.uk/assets/scripts/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.marksandspencer.insure-systems.co.uk/assets/scripts/html.form.login.template.budget-validate.js
Requested by
Host: identity.marksandspencer.insure-systems.co.uk
URL: https://identity.marksandspencer.insure-systems.co.uk/as/authorization.oauth2?response_type=code&client_id=MandSAuth&scope=openid%20profile&redirect_uri=https%3A%2F%2Fmarksandspencer.insure-systems.co.uk%2Fserviceredirect%2Fping-signin&state=MLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ&tid=3ccd1b4c-c5a1-406e-be41-47baeffe0191
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:11a::5f65:1733 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
349a0e25e17f7ecd98212097581f8c9bd27dee76b79a79f544f09fd6926160ae
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 20:40:16 GMT
Strict-Transport-Security
max-age=15768000 ; includeSubDomains ; preload
Referrer-Policy
origin
Last-Modified
Wed, 01 Sep 2021 16:21:40 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
must-revalidate, max-age=0
Connection
keep-alive
Content-Length
3101
Expires
Wed, 01 Feb 2023 20:40:16 GMT
css2
fonts.googleapis.com/ 		1 KB
857 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Mansalva&display=swap
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/css/brand.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
007403ee280f2edf2fb9740311a0ee1efc26e5d2c5e80228c28f2a083482a98c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 01 Feb 2023 20:40:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 01 Feb 2023 20:40:16 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/4b525b78-1809-4c94-ae03-4e5597680776/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/4b525b78-1809-4c94-ae03-4e5597680776/OtAutoBlock.js
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1488b9d0c55e9763e1848d8539e830a4b2fe3cb2507509116e81d3ca93b8b92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
A1M/YOF7F1EDinOWlTxFLg==
age
53844
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2020
x-ms-lease-status
unlocked
last-modified
Fri, 20 May 2022 10:38:26 GMT
server
cloudflare
etag
0x8DA3A4CDF49856C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
8701431c-701e-0070-0c35-6cab22000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d80512e604071-LHR
expires
Thu, 02 Feb 2023 20:40:16 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		25 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83f8393c6593831a76ea84324c946029082b5c72507176c13387468d21c651ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
4ki7PtkHDuSPC1vGdOaknQ==
age
73642
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
8384
x-ms-lease-status
unlocked
last-modified
Tue, 31 Jan 2023 02:45:54 GMT
server
cloudflare
etag
0x8DB033545CD6338
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
bec856a9-201e-0167-71d1-352d14000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d80512e614071-LHR
gtm.js
www.googletagmanager.com/ 		202 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TSBZN34
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e983a27a771a8ad67db4f8e85a5217a745afdd860686a5f071585016370edc7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
69177
x-xss-protection
0
last-modified
Wed, 01 Feb 2023 19:28:31 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 01 Feb 2023 20:40:16 GMT
gtm.js
www.googletagmanager.com/ 		186 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P8GCVJ6
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7d256a09b38561178ee198161150d8c290590ff314f6cc853a196d684cc87f04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64793
x-xss-protection
0
last-modified
Wed, 01 Feb 2023 19:28:31 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 01 Feb 2023 20:40:16 GMT
launch-b794d6c90130.min.js
assets.adobedtm.com/062c7e403a83/cdfdec7648e1/ 		330 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/062c7e403a83/cdfdec7648e1/launch-b794d6c90130.min.js?_=1675284016747
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/scripts/jquery/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f4debfdc2d4499ba1cfa47950cb29600a6c2df6d2db0c054b7ff49405b5f4aaf

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
gzip
last-modified
Wed, 01 Feb 2023 08:11:05 GMT
server
AkamaiNetStorage
etag
"d9793fe10258345d9e31163452966a56:1675239065.452121"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://identity.marksandspencer.insure-systems.co.uk
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
91901
expires
Wed, 01 Feb 2023 21:40:16 GMT
twiliochatbranding-mands.js
cdn.bglgroup.io/marksandspencer/ping/ 		4 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/ping/twiliochatbranding-mands.js
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/houston.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
9950015777190dd35026c6808102171d5c3fd82536caf7524e0dd5068d573559
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
4054
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:56 GMT
ETag
"066e123e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
twilio-webchat.js
cdn.bglgroup.io/marksandspencer/ping/ 		3 MB
3 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/ping/twilio-webchat.js
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/houston.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
559df3300db98c852eecdd59e3cd8dfbb6decf383cd2440bae759478e703921d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
3397557
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:56 GMT
ETag
"066e123e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
icon-eye.svg
cdn.bglgroup.io/marksandspencer/images/ 		1 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.bglgroup.io/marksandspencer/images/icon-eye.svg
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/css/brand.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
29f991c43137fecc594fe7c221091a3c2665e0fce90fa011d986bffebc18bbbd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://cdn.bglgroup.io/marksandspencer/css/brand.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
block-all-mixed-content
Content-Length
1046
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:50 GMT
ETag
"0df4d20e92fd91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Expose-Headers
Request-Context
Cache-Control
public, max-age=3600
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
Wed, 01 Feb 2023 21:40:16 GMT
MandSLondon-Regular.otf
cdn.bglgroup.io/marksandspencer/fonts/ 		33 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.bglgroup.io/marksandspencer/fonts/MandSLondon-Regular.otf
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/css/brand.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.171.22.9 Biggleswade, United Kingdom, ASN2856 (BT-UK-AS BTnet UK Regional network, GB),
Reverse DNS
Software
/
Resource Hash
590e2e04cebb2eebb3a3d63463b7de2acee67fc58a34821ef93f8869597a4845
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.bglgroup.io/marksandspencer/css/brand.css
Origin
https://identity.marksandspencer.insure-systems.co.uk
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://marksandspencer.insure-systems.co.uk https://channel-cards-html.lloydsbankinggroup.com/ https://danskebank-3ds-bxl.wlp-acs.com https://danskebank-3ds-vdm.wlp-acs.com https://*.liveperson.net http://widget.trustpilot.com/ https://acs.airplus.com https://acs.icicibank.com https://acs1.icicibank.com https://acs2.onlinesbi.com https://acsclient.credecard.com https://acs1.edb.com https://acs2.edb.com https://acs1.luottokunta.fi https://acs1.3ds.modirum.com https://acs2.3ds.modirum.com https://*.3dsecure.no https://bbva.cardinalcommerce.com https://gps.cardinalcommerce.com https://pfs.cardinalcommerce.com https://santanderinternational.cardinalcommerce.com https://cap.attempts.securecode.com https://danskebank-3dsecure.wlp-acs.com https://idcheck.acs.touchtechpayments.com https://macs.touchtechpayments.com https://securesuite.co.uk https://www.securesuite.co.uk https://secure.barclaycard.co.uk https://secure4.arcot.com https://secure5.arcot.com https://secure6.arcot.com https://secure7.arcot.com https://tsys.arcot.com https://threedsecurepa.petafuel.net https://verifiedbyvisa.barclays.co.uk https://verify.monzo.com https://www.clicksafe.lloydstsb.com https://www.mycardsecure.com https://3debspay.boc.cn https://*.lpsnmedia.net https://www.thecardservicesonline.com https://verifiedbyvisa.acs.touchtechpayments.com https://authentication.cardinalcommerce.com https://secure.3ds.cornercard.co.uk https://secure.3ds.cornercard.ch https://acs.fssnet.co.in https://acs.decta.com https://3dsecure-1.wirecard.com https://pa.eshapay.net https://api.secure-code.bunq.com https://foriseu-vbv.mycardplace.com https://aptopaysafe-vbv.mycardplace.com https://s.userzoom.com https://postoffice.demdex.net/ https://*.fls.doubleclick.net/ https://www.google.com/recaptcha/ https://bisil.demdex.net; img-src 'self' 'unsafe-inline' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://smetrics.rac.co.uk https://*.abtasty.com https://ssl.gstatic.com/ https://lp.sabio.co.uk https://*.lpsnmedia.net https://www.google-analytics.com https://origin.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://cm.everesttech.net/cm/dd https://dpm.demdex.net/ https://*.scene7.com/is/image/Targetbglgroup/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.sc.omtrdc.net/ https://track.omguk.com/e/qi/; media-src 'self' https://*.lpsnmedia.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://c.bing.com https://cdn4.userzoom.com https://cdn-segment.com https://*.abtasty.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.liveperson.net https://*.lpsnmedia.net https://az416426.vo.msecnd.net/scripts/a/ https://www.googletagmanager.com https://tagmanager.google.com/ https://secure.marketinghub.opentext.com https://chronicle.comparethemarket.com https://connect.facebook.net https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://assets.adobedtm.com https://track.omguk.com/ https://www.google-analytics.com/plugins/ua/ecommerce.js https://www.google-analytics.com/plugins/ua/ec.js https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://sdk.twilio.com; style-src 'self' 'unsafe-inline' https://cdn4.userzoom.com https://teddytor.abtasty.com https://tagmanager.google.com/ https://fonts.googleapis.com/; connect-src 'self' https://*.clarity.ms https://c.bing.com https://bisil.sc.omtrdc.net/ https://*.abtasty.com https://agentqa.nina-nuance.com https://agent.nina-nuance.com https://dc.services.visualstudio.com https://www.google-analytics.com https://dpm.demdex.net https://smetrics.MarksAndSpencer.co.uk https://dpm.demdex.net/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://bisil.tt.omtrdc.net https://functions-bgl-webchat-1363-dev.twil.io https://functions-bgl-webchat-7164-int.twil.io https://functions-bgl-webchat-3101-stg.twil.io https://functions-bgl-webchat-7311-prod.twil.io https://*.bgli.net https://iam.twilio.com https://flex-api.twilio.com wss://tsock.us1.twilio.com https://event-bridge.twilio.com wss://event-bridge.twilio.com; default-src 'none'; form-action 'self'; upgrade-insecure-requests;
Date
Wed, 01 Feb 2023 20:40:16 GMT
X-Content-Type-Options
nosniff
block-all-mixed-content
Content-Length
33976
X-XSS-Protection
1; mode=block
Request-Context
appId=cid-v1:62ed6cb9-1b27-425c-8d60-61b1f98d07bc
Pragma
no-cache
Referrer-Policy
no-referrer, same-origin
Last-Modified
Tue, 24 Jan 2023 11:43:50 GMT
ETag
"0df4d20e92fd91:0"
Vary
*
X-Frame-Options
SAMEORIGIN
Content-Type
font/otf
Access-Control-Allow-Origin
https://identity.marksandspencer.insure-systems.co.uk
Access-Control-Expose-Headers
Request-Context
Cache-Control
no-cache, no-store
Feature-Policy
ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr *; usb 'none'; wake-lock 'none'; webauthn 'none'; vr 'none';
Accept-Ranges
bytes
Expires
-1
tag.js
lptag.liveperson.net/tag/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=82357525
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/houston.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
5624aeb2703037c9b669b4903e1961a38778408edcd3bea47e370e5de9f6c571
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Wed, 07 Dec 2022 20:20:28 GMT
server
ws
etag
"6390f58c-1da4"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
7588
4b525b78-1809-4c94-ae03-4e5597680776.json
cdn.cookielaw.org/consent/4b525b78-1809-4c94-ae03-4e5597680776/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/4b525b78-1809-4c94-ae03-4e5597680776/4b525b78-1809-4c94-ae03-4e5597680776.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8dc55d4ad83cd37fbc3060c6007d7cf04b3406921ff9c5a68555ac033be5830
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ot5hrg5iLvNWYK7zxQ6VPw==
age
34629
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1348
x-ms-lease-status
unlocked
last-modified
Fri, 20 May 2022 10:38:25 GMT
server
cloudflare
etag
0x8DA3A4CDED9BC00
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f7d41b1c-b01e-00a1-5d35-6c167d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d80522a1b889b-LHR
expires
Thu, 02 Feb 2023 20:40:16 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.16.0/ 		374 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
353bcd41d11cc5a2bcb6763c269e41ac785c06ace29ac10053bb7c0fa3bf1ecf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
dGCXlveaBvO7BI0nfZKP+g==
age
81227
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
85065
x-ms-lease-status
unlocked
last-modified
Thu, 06 May 2021 19:31:04 GMT
server
cloudflare
etag
0x8D910C57D52F14C
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
5f2b57c5-401e-017c-0f02-ef0386000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d80527f964071-LHR
.jsonp
lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/ 		282 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/houston.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
557e1eb1103411cffdbb50fe328d73eab3ea7b52b562d63248e7af4e95036626
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/062c7e403a83/cdfdec7648e1/launch-b794d6c90130.min.js?_=1675284016747
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

unused62
8096267
date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://identity.marksandspencer.insure-systems.co.uk
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12163
expires
Wed, 01 Feb 2023 21:40:17 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/062c7e403a83/cdfdec7648e1/launch-b794d6c90130.min.js?_=1675284016747
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

unused62
8096267
date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://identity.marksandspencer.insure-systems.co.uk
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1597
expires
Wed, 01 Feb 2023 21:40:17 GMT
delivery
bisil.tt.omtrdc.net/rest/v1/ 		281 B
688 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bisil.tt.omtrdc.net/rest/v1/delivery?client=bisil&sessionId=b83a70ff79b4497083b1476fd173a131&version=2.8.2
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/062c7e403a83/cdfdec7648e1/launch-b794d6c90130.min.js?_=1675284016747
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.200.4.79 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-200-4-79.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8976bbea4d29dba8ee368c1f3175565fe5b215d6c4226d99167e5d808c8eee89

Request headers

Referer
https://identity.marksandspencer.insure-systems.co.uk/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://identity.marksandspencer.insure-systems.co.uk
access-control-allow-credentials
true
timing-allow-origin
*
x-request-id
c9dbde7e9dde3d114cf7b408358465ff
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TSBZN34
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 01 Feb 2023 20:21:44 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1113
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Wed, 01 Feb 2023 22:21:44 GMT
en.json
cdn.cookielaw.org/consent/4b525b78-1809-4c94-ae03-4e5597680776/67092093-ae98-4118-9ed0-cdde14a1415f/ 		67 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/4b525b78-1809-4c94-ae03-4e5597680776/67092093-ae98-4118-9ed0-cdde14a1415f/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c965996c871cb3d8748d7a7daf3ee6e6e39ce380b43c683891af5ece6fc3517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
sTCufxJwos5P32hC7R0zfg==
age
34630
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13658
x-ms-lease-status
unlocked
last-modified
Fri, 20 May 2022 10:38:26 GMT
server
cloudflare
etag
0x8DA3A4CDF706902
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
91d5d172-601e-00ce-7e35-6cbea9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d8053bd08889b-LHR
expires
Thu, 02 Feb 2023 20:40:17 GMT
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.16.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.16.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfed96db853cb6e2053513daf02c9dec0e5c052e268d2b7f47c245c17ba5cdec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
fRJA75J6r2mGFJ+1cXZ3Ag==
age
60737
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2571
x-ms-lease-status
unlocked
last-modified
Thu, 06 May 2021 19:30:48 GMT
server
cloudflare
etag
0x8D910C5736A0F8D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
6f856188-601e-00a8-346c-c40cf3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d80542e05889b-LHR
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.16.0/assets/v2/ 		47 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.16.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.16.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a082145419e862c11e82c8d58fdae1f5bb02c3175d93ce884793ac869994515
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
S3H0HVpdA/Z6/RbJtrvCUQ==
age
81801
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
11574
x-ms-lease-status
unlocked
last-modified
Thu, 06 May 2021 19:30:49 GMT
server
cloudflare
etag
0x8D910C5747F0CDA
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
17ab4bb8-c01e-0144-4f42-ca42df000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
792d80542e09889b-LHR
/
accdn.lpsnmedia.net/api/account/82357525/configuration/setting/accountproperties/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/82357525/configuration/setting/accountproperties/?cb=accountSettingsCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-accdn.lpsnmedia.net
Software
ws /
Resource Hash
39ab508a5f842af8ad914adee934a092f49348f28c9c7db37f8f4300ef40b2f2
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Wed, 01 Feb 2023 20:41:17 GMT
ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 		40 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 03 Nov 2022 22:03:25 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 01 Feb 2024 20:40:17 GMT
UMSClientAPI.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 		88 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
57554877947a356911e17034359412ea444c15f58884c0100062788dd3660bb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 03 Nov 2022 22:03:24 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 01 Feb 2024 20:40:17 GMT
lpChatV3.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 		92 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 03 Nov 2022 22:03:25 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 01 Feb 2024 20:40:17 GMT
surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 03 Nov 2022 22:03:25 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 01 Feb 2024 20:40:17 GMT
zones
accdn.lpsnmedia.net/api/account/82357525/configuration/le-campaigns/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/82357525/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-accdn.lpsnmedia.net
Software
ws /
Resource Hash
8bcaf8d834bd8a5bf99d56276c64f5c3ee570240bd0a83e2a87da19b849a023e
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
0
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Wed, 01 Feb 2023 20:41:17 GMT
truncated
/ 		817 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
collect
www.google-analytics.com/j/ 		2 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1860886606&t=pageview&_s=1&dl=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk%2Fas%2Fauthorization.oauth2%3Fresponse_type%3Dcode%26client_id%3DMandSAuth%26scope%3Dopenid%2520profile%26redirect_uri%3Dhttps%253A%252F%252Fmarksandspencer.insure-systems.co.uk%252Fserviceredirect%252Fping-signin%26state%3DMLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ%26tid%3D3ccd1b4c-c5a1-406e-be41-47baeffe0191&ul=en-us&de=UTF-8&dt=M%26S%20Car%20Insurance%20arranged%20and%20administered%20by%20BISL%20Limited%20Login%20Page&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1386474027&gjid=1030982146&cid=1786891544.1675284018&tid=UA-99110297-4&_gid=602643857.1675284018&_r=1&_slc=1&gtm=2wg1u0TSBZN34&cd1=%20&cd2=%20&cd6=%20%20&cd8=%20&cd10=%20&z=649994454
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://identity.marksandspencer.insure-systems.co.uk/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 01 Feb 2023 20:40:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://identity.marksandspencer.insure-systems.co.uk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
desktopEmbedded.js
lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 		961 KB
300 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 03 Nov 2022 22:03:25 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 01 Feb 2024 20:40:17 GMT
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/ Frame 59A5 		39 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk&site=82357525&env=prod&isCrossDomain=true
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://identity.marksandspencer.insure-systems.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods
GET, POST, PATCH
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Wed, 01 Feb 2023 20:40:17 GMT
expires
Thu, 01 Feb 2024 20:40:17 GMT
last-modified
Thu, 03 Nov 2022 22:00:32 GMT
server
ws
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-cache-status
HIT
x-content-type-options
nosniff
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk&site=82357525&force=1&env=prod&isCrossDomain=true
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 03 Nov 2022 22:00:32 GMT
server
ws
x-cache-status
HIT
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Thu, 01 Feb 2024 20:40:17 GMT
css
fonts.googleapis.com/ 		10 KB
851 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/twilio-webchat.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 01 Feb 2023 20:40:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 01 Feb 2023 19:02:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 01 Feb 2023 20:40:18 GMT
worker-availability
bcs-twil.bgli.net/webchatcache/ 		388 B
592 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bcs-twil.bgli.net/webchatcache/worker-availability?brand=MandS&journey=SelfService&product=Unknown&policyStatus=Unknown
Requested by
Host: cdn.bglgroup.io
URL: https://cdn.bglgroup.io/marksandspencer/ping/twilio-webchat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.133.81.95 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-133-81-95.eu-west-2.compute.amazonaws.com
Software
/
Resource Hash
1dd8778c0e8e745e9ecf038d88481018e322e14b3e3dc4a956f63c48299df3d2

Request headers

Accept
application/json, text/plain, */*
Referer
https://identity.marksandspencer.insure-systems.co.uk/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 01 Feb 2023 20:40:18 GMT
x-amzn-trace-id
Root=1-63dace32-37d37ce532e0cb0c2a2b6f96
x-amzn-requestid
c4aa5698-cd69-454e-b82b-da061bce2fe7
content-length
388
x-amz-apigw-id
frUn6EugLPEFnow=
content-type
application/json
refererrestrictions
accdn.lpsnmedia.net/api/account/82357525/configuration/domainprotection/ Frame 59A5 		113 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/82357525/configuration/domainprotection/refererrestrictions?cb=lpCb44048x30728
Requested by
Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk&site=82357525&env=prod&isCrossDomain=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-accdn.lpsnmedia.net
Software
ws /
Resource Hash
3457008dd9004ab981a4546ccb16a9672ef097bff249a2f0e7ccd0fff85222a8
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://lpcdn.lpsnmedia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:18 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
x-envoy-upstream-service-time
10
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
82357525
lo.v.liveperson.net/api/js/ 		247 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lo.v.liveperson.net/api/js/82357525?&cb=lpCb88909x73104&t=sp&ts=1675284019262&pid=8653903854&tid=4578762549&pt=M%26S%20Car%20Insurance%20arranged%20and%20administered%20by%20BISL%20Limited%20Login%20Page&u=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk%2Fas%2Fauthorization.oauth2%3Fresponse_type%3Dcode%26client_id%3DMandSAuth%26scope%3Dopenid%2520profile%26redirect_uri%3Dhttps%253A%252F%252Fmarksandspencer.insure-systems.co.uk%252Fserviceredirect%252Fping-signin%26state%3DMLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ%26tid%3D3ccd1b4c-c5a1-406e-be41-47baeffe0191&sec=%5B%22MandS%22%2C%22SelfService%22%2C%22Login%22%5D&df=0&os=0&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22MandS%3A%20SelfService%3A%20LoginRegister%22%2C%22imei%22%3A%22Unknown%22%7D%7D%2C%7B%22type%22%3A%22prodView%22%2C%22products%22%3A%5B%7B%22product%22%3A%7B%7D%7D%5D%7D%2C%7B%22type%22%3A%22service%22%2C%22service%22%3A%7B%22topic%22%3A%22VA%22%2C%22status%22%3A7%2C%22category%22%3A%22Login%22%7D%7D%2C%7B%22type%22%3A%22personal%22%2C%22personal%22%3A%7B%22firstname%22%3A%22%22%7D%7D%5D&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.70 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo.v.liveperson.net
Software
ws /
Resource Hash
80c13d0cb52cddbd88f56b6c671d42d5e6061d750a76f0eca2b26a40c778e6b0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:19 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
82357525
lo.v.liveperson.net/api/js/ 		111 B
854 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lo.v.liveperson.net/api/js/82357525?sid=hBOSDUjpRRe49nI6_juT_w&cb=lpCb60934x49998&t=pl&ts=1675284019267&pid=8653903854&tid=4578762549&vid=diYTI0MjNmNzU1OTlkOGM0
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/82357525/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.70 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo.v.liveperson.net
Software
ws /
Resource Hash
076384e4d3ab3f4a8069f456d3775d8c38cee022456938e67ba5bb26030fcc03

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://identity.marksandspencer.insure-systems.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 20:40:19 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontentvisibilityautostatechange function| $ function| jQuery object| bgl function| gtmStart object| firstScript object| oneTrustScript1 object| oneTrustScript2 object| oneTrustScript3 string| maskCode string| maskNumber object| optrial object| dataLayer boolean| tagProcessingDone function| setTagProcessingDone object| digitalData string| siteId object| NinaVars string| cdnbaseUrl object| twilioClientConfig function| OptanonWrapper object| v object| livePersonTag string| lpSiteId object| lpTag object| webchatContext object| componentProps string| twilioRed string| twilioRedDarker string| textColor string| twilioGreen string| twilioGreenDarker string| textColor2 object| appConfig string| email object| el string| redirect_uri string| tid string| error string| VAUserInitials object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| __target_telemetry object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga undefined| serverId string| serverTE function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap object| Optanon object| OneTrust function| _typeof function| _extends object| lpTaglogListeners object| lpMTagConfig object| gaplugins object| gaGlobal object| gaData function| createFrameworkGlobals object| liveperson function| clearImmediate function| setImmediate object| regeneratorRuntime object| core object| __SECRET_EMOTION__ number| 2f1acc6c3a606b082e5eef5e54414ffb object| __MUI_STYLES__ number| __MUI_GENERATOR_COUNTER__ object| platform object| Handlebars object| _twilioWebChat function| SurveyManager function| _stateChanged object| STORAGE object| proto string| QUESTION_ERROR_TYPE object| lpIntlTelInputUtils object| lpIntlTelInputGlobals

15 Cookies

Domain/Path Name / Value
marksandspencer.insure-systems.co.uk/ Name: .AspNet.Correlation.Ping
Value: VMJWOOu_wJJ_StES5hLnKPiJHmEv4g7D4tOcSoEu5To
identity.marksandspencer.insure-systems.co.uk/ Name: PF
Value: 7JmcLEmR9jS4eCHHSTkWba
account.marksandspencer.insure-systems.co.uk/ Name: AWSALB
Value: 1bEEzZNE0r7IEo1frxGpxjXBAIzTrX6b4H1F7vqE+2/q42erP9I4K1GKhcCPrwxHp+48PreUuQdHzZMmSNjil2gje8OfpzSGkgMHhN1z4BzgJUSMw2ib/2GWMSQh
account.marksandspencer.insure-systems.co.uk/ Name: AWSALBCORS
Value: 1bEEzZNE0r7IEo1frxGpxjXBAIzTrX6b4H1F7vqE+2/q42erP9I4K1GKhcCPrwxHp+48PreUuQdHzZMmSNjil2gje8OfpzSGkgMHhN1z4BzgJUSMw2ib/2GWMSQh
account.marksandspencer.insure-systems.co.uk/ Name: JSESSIONID
Value: F6A5454B4AD1E136BC6C6E46588781A6
identity.marksandspencer.insure-systems.co.uk/ Name: AWSALB
Value: UiIW1hiQO37WriIHyETPLpqov0H7BbsbbJ8Ir6plshuqlv9CSPUZVhg88IRV2OWr/CEfaQPBBoqIzz4A7iRoqEUIuwSFcXbugxRGl8F9t4vnzf6mzHAu3Volm1Xd
identity.marksandspencer.insure-systems.co.uk/ Name: AWSALBCORS
Value: UiIW1hiQO37WriIHyETPLpqov0H7BbsbbJ8Ir6plshuqlv9CSPUZVhg88IRV2OWr/CEfaQPBBoqIzz4A7iRoqEUIuwSFcXbugxRGl8F9t4vnzf6mzHAu3Volm1Xd
.insure-systems.co.uk/ Name: at_check
Value: true
.insure-systems.co.uk/ Name: mbox
Value: session#b83a70ff79b4497083b1476fd173a131#1675285878|PC#b83a70ff79b4497083b1476fd173a131.37_0#1738528818
.marksandspencer.insure-systems.co.uk/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Wed+Feb+01+2023+20%3A40%3A17+GMT%2B0000+(GMT)&version=6.16.0&hosts=&landingPath=https%3A%2F%2Fidentity.marksandspencer.insure-systems.co.uk%2Fas%2Fauthorization.oauth2%3Fresponse_type%3Dcode%26client_id%3DMandSAuth%26scope%3Dopenid%2520profile%26redirect_uri%3Dhttps%253A%252F%252Fmarksandspencer.insure-systems.co.uk%252Fserviceredirect%252Fping-signin%26state%3DMLmBqwO6g7hsiEeGpny_HpZVx3G747OWChAr_Tw8OPzAVWkt78Ac5vDh4PpGm_AOBFAqtxKxRKU3d6ooc0uYqNfrBSLhWl0sSEptugpLwt1BwZEm1WmfYiqEwtq6moyRQMPhustkhNdNaoh9DBNS0w4UJDKFGxavjH_Vsc8xWuAoUbq15NhCCU6rhqdPQOgFkwSCHlXsdvCCjaVTV-h78_CGsV1UQqSczy5v4NAEDyB1pcad2x9ZMHly9w1tig_6vS-1oDsRB4sNFvrT1Y9gPOeQlSx82r5Oo7E2M8FtNWVDO7j8qEtIsq7SgK-Aa3u6dB6ReQ%26tid%3D3ccd1b4c-c5a1-406e-be41-47baeffe0191&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CBG74%3A0%2CC0004%3A0
.insure-systems.co.uk/ Name: _ga
Value: GA1.3.1786891544.1675284018
.insure-systems.co.uk/ Name: _gid
Value: GA1.3.602643857.1675284018
.insure-systems.co.uk/ Name: _gat_UA-99110297-4
Value: 1
.insure-systems.co.uk/ Name: LPVID
Value: diYTI0MjNmNzU1OTlkOGM0
.insure-systems.co.uk/ Name: LPSID-82357525
Value: hBOSDUjpRRe49nI6_juT_w

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains ; preload
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
account.marksandspencer.insure-systems.co.uk
assets.adobedtm.com
bcs-twil.bgli.net
bisil.tt.omtrdc.net
cdn.bglgroup.io
cdn.cookielaw.org
fonts.googleapis.com
identity.marksandspencer.insure-systems.co.uk
lo.v.liveperson.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
marksandspencer.insure-systems.co.uk
www.google-analytics.com
www.googletagmanager.com
178.249.101.23
178.249.101.99
178.249.97.70
178.249.97.98
18.133.81.95
18.200.4.79
195.171.22.12
195.171.22.9
2606:4700::6810:9440
2a00:1450:4001:813::2008
2a00:1450:400d:803::200e
2a00:1450:400d:80d::200a
2a02:26f0:11a::5f65:1733
2a02:26f0:3500:587::1e80
007403ee280f2edf2fb9740311a0ee1efc26e5d2c5e80228c28f2a083482a98c
076384e4d3ab3f4a8069f456d3775d8c38cee022456938e67ba5bb26030fcc03
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
11d2e2763772584d2ea7a1f665b12ba47d152d3c29342f0f320f34b6ad22ff4a
1dd8778c0e8e745e9ecf038d88481018e322e14b3e3dc4a956f63c48299df3d2
29f991c43137fecc594fe7c221091a3c2665e0fce90fa011d986bffebc18bbbd
2a3b53a9ff068f041101e32e4cab3ebe406a23f58dfd9aded12db4af71149105
3457008dd9004ab981a4546ccb16a9672ef097bff249a2f0e7ccd0fff85222a8
349a0e25e17f7ecd98212097581f8c9bd27dee76b79a79f544f09fd6926160ae
353bcd41d11cc5a2bcb6763c269e41ac785c06ace29ac10053bb7c0fa3bf1ecf
39ab508a5f842af8ad914adee934a092f49348f28c9c7db37f8f4300ef40b2f2
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
557e1eb1103411cffdbb50fe328d73eab3ea7b52b562d63248e7af4e95036626
559df3300db98c852eecdd59e3cd8dfbb6decf383cd2440bae759478e703921d
5624aeb2703037c9b669b4903e1961a38778408edcd3bea47e370e5de9f6c571
57554877947a356911e17034359412ea444c15f58884c0100062788dd3660bb8
590e2e04cebb2eebb3a3d63463b7de2acee67fc58a34821ef93f8869597a4845
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
7c965996c871cb3d8748d7a7daf3ee6e6e39ce380b43c683891af5ece6fc3517
7d256a09b38561178ee198161150d8c290590ff314f6cc853a196d684cc87f04
7dbdbd0b77b9897ea08c0aad857070f9f1e9bdc8ab55c1dc08c65b7e5413bba3
80c13d0cb52cddbd88f56b6c671d42d5e6061d750a76f0eca2b26a40c778e6b0
83f8393c6593831a76ea84324c946029082b5c72507176c13387468d21c651ff
8976bbea4d29dba8ee368c1f3175565fe5b215d6c4226d99167e5d808c8eee89
8bcaf8d834bd8a5bf99d56276c64f5c3ee570240bd0a83e2a87da19b849a023e
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
9950015777190dd35026c6808102171d5c3fd82536caf7524e0dd5068d573559
9a082145419e862c11e82c8d58fdae1f5bb02c3175d93ce884793ac869994515
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04
a28d76c983b06d87eb2c6d6deaff7e1d4faf32f12794a92bd5e21c754c06ed9b
b78fbbab2e06e91f83dd4b5c5b8768e6ab32aa480a864b19604456137e98e98e
b8dc55d4ad83cd37fbc3060c6007d7cf04b3406921ff9c5a68555ac033be5830
c72a44f0bc9ee19a02e0245453ccdfe59b9d9d11be0af09e7c47633e3f9c1ca3
cfed96db853cb6e2053513daf02c9dec0e5c052e268d2b7f47c245c17ba5cdec
dab4ac617e852bfc7d8955d105a9323a4d8036df6c124a7fb26e7fe101a24f8d
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
deb9f59ee53faf2ca5f245da6554e4e69956cbca72fa4f8c2c092c85b8823540
e0f3dbee78dc98bb3f83be92d46890dabab06830edb867368e087c2c26b7ab81
e1488b9d0c55e9763e1848d8539e830a4b2fe3cb2507509116e81d3ca93b8b92
e983a27a771a8ad67db4f8e85a5217a745afdd860686a5f071585016370edc7e
f4debfdc2d4499ba1cfa47950cb29600a6c2df6d2db0c054b7ff49405b5f4aaf