urlscan.io logo urlscan.io
SecurityTrails logo

www.headspace.com Open in urlscan Pro
143.204.214.38  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.headspace.com/
Submission: On December 24 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 4 countries across 14 domains to perform 56 HTTP transactions. The main IP is 143.204.214.38, located in Seattle, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.headspace.com.
TLS certificate: Issued by Amazon on October 29th 2019. Valid for: a year.
This is the only time www.headspace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
27 143.204.214.38 16509 (AMAZON-02)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
3 2600:9000:205... 16509 (AMAZON-02)
1 2a04:4e42:1b:... 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 13.35.253.80 16509 (AMAZON-02)
1 2a04:4e42:400... 54113 (FASTLY)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 13.35.254.108 16509 (AMAZON-02)
1 178.250.2.130 44788 (ASN-CRITE...)
1 1 178.250.0.163 44788 (ASN-CRITE...)
1 74.119.119.150 19750 (AS-CRITEO)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.35.254.119 16509 (AMAZON-02)
2 2a04:4e42:1b:... 54113 (FASTLY)
3 2a04:4e42::729 54113 (FASTLY)
3 151.101.112.84 54113 (FASTLY)
4 34.234.146.186 14618 (AMAZON-AES)
56 19
27    143.204.214.38 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-38.fra53.r.cloudfront.net
www.headspace.com
1    2a02:26f0:6c00:284::13b8 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
cdn.optimizely.com
3    2600:9000:2057:9200:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
images.ctfassets.net
1    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
cdn.polyfill.io
1    2606:4700::6811:4104 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
1    2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    13.35.253.80 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-80.fra6.r.cloudfront.net
static.headspace.com
1    2a04:4e42:400::729 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
jssdkcdns.mparticle.com
2    2a02:26f0:6c00:28c::1931 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
s.pinimg.com
1    13.35.254.108 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-254-108.fra6.r.cloudfront.net
d1fc8wv8zag5ca.cloudfront.net
1    178.250.2.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
sslwidget.criteo.com
1    74.119.119.150 (United States)

ASN19750 (AS-CRITEO - Criteo Corp., US)
widget.us.criteo.com
1    2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    13.35.254.119 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-254-119.fra6.r.cloudfront.net
cdn.amplitude.com
2    2a04:4e42:1b::645 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
identity.mparticle.com
3    2a04:4e42::729 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
jssdks.mparticle.com
3    151.101.112.84 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)
ct.pinterest.com
4    34.234.146.186 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-234-146-186.compute-1.amazonaws.com
errors.client.optimizely.com
Domain Requested by
27 www.headspace.com www.headspace.com
4 errors.client.optimizely.com www.headspace.com
3 ct.pinterest.com s.pinimg.com
www.headspace.com
3 jssdks.mparticle.com jssdkcdns.mparticle.com
3 images.ctfassets.net www.headspace.com
2 identity.mparticle.com jssdkcdns.mparticle.com
www.headspace.com
2 s.pinimg.com www.googletagmanager.com
s.pinimg.com
2 static.headspace.com www.headspace.com
1 cdn.amplitude.com jssdkcdns.mparticle.com
1 www.google-analytics.com jssdkcdns.mparticle.com
1 widget.us.criteo.com www.headspace.com
1 sslwidget.criteo.com 1 redirects
1 static.criteo.net www.googletagmanager.com
1 d1fc8wv8zag5ca.cloudfront.net www.headspace.com
1 jssdkcdns.mparticle.com www.headspace.com
1 www.googletagmanager.com www.headspace.com
1 cdnjs.cloudflare.com www.headspace.com
1 cdn.polyfill.io www.headspace.com
1 cdn.optimizely.com www.headspace.com
56 19
Subject Issuer Validity Valid
*.headspace.com
Amazon		 2019-10-29 -
2020-11-29		 a year crt.sh
cdn.optimizely.com
DigiCert ECC Secure Server CA		 2018-11-24 -
2020-02-23		 a year crt.sh
images.contentful.com
Amazon		 2019-04-06 -
2020-05-06		 a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-05-29 -
2020-04-23		 a year crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-05 -
2020-06-12		 6 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
b3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-12-18 -
2020-09-18		 9 months crt.sh
*.pinterest.com
DigiCert SHA2 High Assurance Server CA		 2019-06-05 -
2020-07-22		 a year crt.sh
*.cloudfront.net
DigiCert Global CA G2		 2019-07-17 -
2020-07-05		 a year crt.sh
*.criteo.net
DigiCert ECC Secure Server CA		 2019-12-03 -
2021-04-06		 a year crt.sh
*.us.criteo.com
DigiCert ECC Secure Server CA		 2019-06-12 -
2020-06-16		 a year crt.sh
cdn.amplitude.com
Amazon		 2019-12-16 -
2021-01-16		 a year crt.sh
identity.mparticle.com
Go Daddy Secure Certificate Authority - G2		 2019-05-27 -
2021-07-17		 2 years crt.sh
errors.client.optimizely.com
DigiCert SHA2 High Assurance Server CA		 2018-09-24 -
2020-09-28		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.headspace.com/
Frame ID: 5AFA177D89F374D76765062C795A6E00
Requests: 57 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]+(?:https?:)?\/\/(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • script /cdn\.amplitude\.com/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i

Page Statistics

56
Requests

100 %
HTTPS

53 %
IPv6

14
Domains

19
Subdomains

19
IPs

4
Countries

1450 kB
Transfer

3745 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38
  • https://sslwidget.criteo.com/event?a=61913&v=5.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis&adce=1&tld=headspace.com&dtycbr=35793 HTTP 302
  • https://widget.us.criteo.com/event?a=61913&v=5.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis&adce=1&tld=headspace.com&dtycbr=35793

56 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.headspace.com/ 		118 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/ Next.js 7.0.3
Resource Hash
722b75b198be6165530b3425502421096afc20c8d5b867860a1f4189215ee192
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.headspace.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
content-type
text/html; charset=utf-8
date
Tue, 24 Dec 2019 18:44:56 GMT
set-cookie
AWSALB=0wCFR23SVIVy8TtoeFhFw6PJaScRsL3BOw357rJlnns7kc29xIMTR3mTo6k9Fv4rHKJcxfreQ/POuKTPP0T+x6HUj5ghdtaJvzo0qCP0uQ6eGKx5aPuComgbz9qc; Expires=Tue, 31 Dec 2019 18:44:56 GMT; Path=/ _sp_id.8a05=e872b886-aed5-476f-8d95-4ef688f036e6.1577213096.0.1577213096..f45466f7-7947-497d-b303-1ce185403230; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 25 Dec 2019 03:30:32 GMT; Secure countryCode=BE; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 25 Dec 2019 03:30:32 GMT; Secure cookiePolicyMarketing=not-set; Max-Age=7776; Domain=.headspace.com; Path=/; Expires=Tue, 24 Dec 2019 20:54:32 GMT; Secure cookiePolicyAnalytics=not-set; Max-Age=7776; Domain=.headspace.com; Path=/; Expires=Tue, 24 Dec 2019 20:54:32 GMT; Secure lang=en; Max-Age=31536; Domain=.headspace.com; Path=/; Expires=Wed, 25 Dec 2019 03:30:32 GMT; Secure
vary
Origin
feature-policy
geolocation 'none'; microphone 'none';
x-dns-prefetch-control
off
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=15552000; includeSubDomains
x-download-options
noopen
x-content-type-options
nosniff
x-xss-protection
1; mode=block
referrer-policy
same-origin
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-powered-by
Next.js 7.0.3
etag
"1d9fb-bG4u8rQY6/m15g0PZD7FXhJFhso"
content-encoding
gzip
access-control-allow-headers
authorization,content-type,x-requested-with
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials
true
x-cache
Miss from cloudfront
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
BroCHaM6qtoCYnuTLLPfufOoN9Md-u2BLbTLFx8lGDT6n20nt7F26Q==
index.js
www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/ 		512 KB
176 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/index.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
a0b5013d6b751baa19f38757a2a00c276a078ee0ccf977532b68f152a58682e1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"80096-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
AFPC4aA5mnfesSN3TPk1cXD2AtlI2VzCTVSfNZYj8ImbhjnVGOxJdA==
access-control-allow-credentials
true
_app.js
www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/ 		604 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/_app.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
2a05878ea756d08b00c288f40eb03fec2b3bd67ab6bf78f54c7df2127a8e8ce0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"97122-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
mgkacDfN345WRdMwBYZc0apYj7KtZPRpLX8_fuKPuPl4R0wxABCM3A==
access-control-allow-credentials
true
_error.js
www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/ 		12 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/_error.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
0e754aa2bdc817b574a67d6a5b1478a7dd8b24f45cb25a719d4792b81bd9c414
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"309d-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
vE01hFXXkJu-ejY4x85ufFiEzye17QFRkRtICSK_2h_0zBfbAdCsSA==
access-control-allow-credentials
true
webpack-08029db208cc441c5b4b.js
www.headspace.com/_next/static/runtime/ 		2 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/runtime/webpack-08029db208cc441c5b4b.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
c0024ed7d3601b6df38d45a6519b1a9c3f1b6051f5701c8d05e4715fdcd96a36
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"92e-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
QWQUzPfU-juz9kvj1wotsnT_jrEuyOoKnYkouTVND1FKC9ZHNUxd6w==
access-control-allow-credentials
true
commons.7bb7d95242897be5cdcb.js
www.headspace.com/_next/static/chunks/ 		810 KB
281 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/chunks/commons.7bb7d95242897be5cdcb.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
221c52dd9c63fd710b01bbc6dc6d084c476d034c71031e367888bdb8f3ae4a44
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"ca836-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
pGuVCNwZHs1OjkTs_BLEWIpPAqRQFoSWkVRP4UyNh0SUurmj5fyu0w==
access-control-allow-credentials
true
main-dc62ded704917b7823b1.js
www.headspace.com/_next/static/runtime/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/runtime/main-dc62ded704917b7823b1.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
eeabd21d64ca0a01287d1676b8ff6169edf24f13560814ade1e4f1877360dd18
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"1786-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
tBEtk5NBh9Hdswev4MdT5Ma9gHqodfdu2uSOjfHD-cAwbL8SXEbwVw==
access-control-allow-credentials
true
styles.c851b72c0b9ed6b4935b.js
www.headspace.com/_next/static/chunks/ 		105 B
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/chunks/styles.c851b72c0b9ed6b4935b.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
bfc2ae4b21f737b719393cdef3701c5ebd649eb8c2db337cbdae9812a29d36bc
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"69-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000, immutable
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
oUVEgpKLpKva1F9yPwgrBOPr_WU2QgqNWBV7OT_hMl3_OZq-Nj6I6g==
access-control-allow-credentials
true
styles.06bd008e.chunk.css
www.headspace.com/_next/static/css/ 		13 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/_next/static/css/styles.06bd008e.chunk.css
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
b5d18443c635b7a16ef48219eb5f507cbc1331e1543c3bbc317cf2f26f47e8c0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"347b-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
text/css; charset=UTF-8
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=0
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
o2tDWcxQEp9T3HzpYadzaY-NYBzY_nj8tHrPe4sx2jAkjkz5ypjPbQ==
access-control-allow-credentials
true
11673470095.js
cdn.optimizely.com/js/ 		285 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/11673470095.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:284::13b8 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
06ea8be3d64ff082bb99b1526f9c8a6962f95c2b092264e7f0153193f1cd4ff7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
.eRFxEYDSeXHbKIS4hWR7F5aMXmiZlyn
content-encoding
gzip
x-amz-request-id
573D25483D697E02
status
200
access-control-max-age
86400
date
Tue, 24 Dec 2019 18:44:58 GMT
x-amz-replication-status
COMPLETED
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="2a02:26f0:6c00:284::13b8";dur=0,cdnmap;desc="";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
content-length
88466
x-amz-id-2
j/CoQb6VVDviS9JGXGjivWGznAad4uFxFVfUjKlkT5d0rBqA2ug9HQHSKjMc6RlwM26tDmcQLM8=
last-modified
Wed, 19 Jun 2019 17:57:15 GMT
server
AmazonS3
etag
"75b1c4bb31c03fd216c7b73e3b90c93c"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
x-amz-meta-revision
634
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
logo.svg
www.headspace.com/static/images/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/images/logo.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
1814b26be6374891fe3ebd2dc02797861ceca8c7836c6c037e06a35e94780e9b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"1004-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
O_4tiVqKeVwRcv6GBWMI4RcqoOC6PHYgxyTzaC-BW-Ta15oFGepzYg==
access-control-allow-credentials
true
orange-breathing-character.svg
www.headspace.com/static/home/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/orange-breathing-character.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
c648ad1049c3d67aeef9116fd15824c8ff5a4e81d0da9afd95acd182b733c967
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"21ad-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
L875zRleB_HB80ABHW-YIxPF-1zkMnbF7yvWnzZ_5-Te41dFJCufWQ==
access-control-allow-credentials
true
boombox.svg
www.headspace.com/static/home/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/boombox.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
81351c1b1d5549c83c8b85b418b87e930c2117511b4f9d3154c3428c3097b5eb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"20bc-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
oWSpkWL1uXCpJtm3ZkwSymahDIhScddGCFU_wtaQbVVG6eEnM1fJyA==
access-control-allow-credentials
true
bikers.svg
www.headspace.com/static/home/ 		13 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/bikers.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
4aea9b6c2eeb33f449c57f169dc249350ec8b4d6091e6ce0ab5521b164ee5029
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"340a-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
nvpu88BY6I8wCcb38XSF9stXSKNytIM6tzIYXXjZ3vZ3szEV7SNqEQ==
access-control-allow-credentials
true
swings.svg
www.headspace.com/static/home/ 		13 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/swings.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
2541e82abcc8050db39df9ee928ba5dea744f010415156dc4c21858a11bc7191
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"35dc-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
17bGzU3q5ElMSVS1ZMXjk9LGTyjZ2f7fsaCbtCODZJmn2Fc2fqbJXw==
access-control-allow-credentials
true
treeguy.svg
www.headspace.com/static/home/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/treeguy.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
7306419f464288208ffa445e4ecc1ec6e824be0346871d100561eb0983d31207
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"1d44-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
h89BvEkqT8G7T6uQijHnOT800lzbhhTl2H17GC-sfRtiUhL_g56g_A==
access-control-allow-credentials
true
dancer.svg
www.headspace.com/static/home/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/dancer.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
1d8e21433ce63581f1fc81bea29bf81ec9637a930d3beee7c701391edffda256
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"154c-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
7SW9BX6QnOiFKVv0xJjT6tlN9HbZT1vap-lZFpVzY85QvGJinBRpqw==
access-control-allow-credentials
true
header-hills-bg.svg
www.headspace.com/static/home/ 		1 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/header-hills-bg.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
24b8018ed350a2ee609e802a40bbec3ed12562d42af3fe5350a5e90e579e4c5b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"583-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
zoz05xPl7xYFQXp2dwdsvjE4eFxlXkt8CWmJvpCER5PtL9Tf396mvw==
access-control-allow-credentials
true
header-hills-fg.svg
www.headspace.com/static/home/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/header-hills-fg.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
6e1b690c8e6b5cb14c57287b8c8d2804ceec2654d9f19d97579b4eeed626667a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"1ab3-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
KpxcdLG01EdkBYuW7bdBAuAnnTAxOSx0uP_Sjqvy6kirNHBxPp9Kgw==
access-control-allow-credentials
true
dotcom-home-screen.svg
images.ctfassets.net/v3n26e09qg2r/1qibwO2fz6owAAos8GGGUi/fb36dfaec904c97aec1ad4c9309dc486/ 		24 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.ctfassets.net/v3n26e09qg2r/1qibwO2fz6owAAos8GGGUi/fb36dfaec904c97aec1ad4c9309dc486/dotcom-home-screen.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:9200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
a6df9819c9706c6854fb0bd5d04265f789885158e200be45d397bd087465fd72

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 18 Sep 2019 21:19:43 GMT
content-encoding
gzip
server
Contentful Images API
age
6598116
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
access-control-allow-origin
*
x-amz-cf-id
rHJ5kthcrmI-LWq4lEsVI-fGK3TGLi9A2pXF9_UK6-8hBQpg7DOHUg==
via
1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
polyfill.min.js
cdn.polyfill.io/v2/ 		222 B
571 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.polyfill.io/v2/polyfill.min.js?features=IntersectionObserver%2CArray.from
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
x-content-type-options
nosniff
age
2568808
normalized-user-agent
chrome/74.0.0
detected-user-agent
Chrome/74.0.3729
status
200
date
Tue, 24 Dec 2019 18:44:59 GMT
request_came_from_shield
HHN
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1, HIT-CLUSTER, fastly;desc="Edge time";dur=1
content-length
126
referrer-policy
origin-when-cross-origin
etag
W/"7e-Lg1mQtlDtrujPBTtidtsoNmOeEQ"
vary
User-Agent, Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
svg4everybody.min.js
cdnjs.cloudflare.com/ajax/libs/svg4everybody/1.0.0/ 		970 B
917 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/svg4everybody/1.0.0/svg4everybody.min.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4104 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
da4fae0ee0fcb340c3d5944c2916e04b610c1b27bf569218fd8b9004d5cac504
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
br
cf-cache-status
HIT
age
21846970
cf-ray
54a4bacdae548ca4-VIE
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:26:56 GMT
server
cloudflare
etag
W/"5afd4ae0-3ca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sun, 13 Dec 2020 18:44:59 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.036
gtm.js
www.googletagmanager.com/ 		155 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9476b6a4cd9f43b16c8cfcaa5c7142be7163984911a603493cde4828d700c09a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
*
content-type
application/javascript; charset=UTF-8
status
200
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
42794
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
icons.svg
www.headspace.com/static/ 		34 KB
17 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.headspace.com/static/icons.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
d89b63406de97fcad69446cdc0456ec7f3132d5aa946a83f41089d8971e5267a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"892a-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=0
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
UfofENsGLk2ZGOP-TEfHwwk0dcBWVWhN44ktSY7qlc113x2rU8hp4w==
access-control-allow-credentials
true
truncated
/ 		26 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
background.svg
www.headspace.com/static/home/ 		28 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/background.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
b57fe812440bd373f69474b848c6d102a7b37796c24195a93c4754d7f2a5e9f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"6fa5-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
uSIOOWcZeJS7dILTPIlEz4ZZ-cZnhpmbpQ2lujOVV501asatx6FZAw==
access-control-allow-credentials
true
clouds-01.svg
www.headspace.com/static/home/ 		699 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/clouds-01.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
c3bffd48e2054bc5b3889bf06cf4f68576a6591c8de207cdbdb8a8f7806d3984
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"2bb-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
9ZvZc641iXmgDnoJp4nwJLukFx1eA0tyZo6gOJsuTxGjOzx_g-5SGQ==
access-control-allow-credentials
true
clouds-02.svg
www.headspace.com/static/home/ 		1 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/clouds-02.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
89498c90addec77dbf39764abd1715674949da31a6f10c6f5df7c52c306b501a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"4fb-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
4EaazRZuLXukABXx3xvocNTM3pQGToXZ13l3VNAXQP5DSgbUq-AG2g==
access-control-allow-credentials
true
clouds-03.svg
www.headspace.com/static/home/ 		738 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/clouds-03.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
7d55f5954634bd9ecdd77bf468aaeb2ef1ac7878b5f7112bc0e330ce8d606ac1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"2e2-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
A3w0vjaHM7EE7mcCiyZfaSXSH4LbCAdOT2xrzEWFK4eCnJPIPTPoPw==
access-control-allow-credentials
true
clouds-04.svg
www.headspace.com/static/home/ 		993 B
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/clouds-04.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
2b23f9816eb4441e9a412265974c9cf196f31bf7615af19c7b113f971648e836
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"3e1-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
X-HPyhxoM5d260YYhwtMpmx_8Gz8nzKvLdp-2d-SjBn4RkP_V0KtYw==
access-control-allow-credentials
true
clouds-05.svg
www.headspace.com/static/home/ 		885 B
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/clouds-05.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
8de4d4469701273b5bd2c88c669f277139abde1d3ffd84911cf3ba646227ac06
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"375-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
LO_mqTtjG_VrH9_L2MphficaLAYJeybT_YEWlUcWmqogbaL_mUe5vA==
access-control-allow-credentials
true
clouds-06.svg
www.headspace.com/static/home/ 		1 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/home/clouds-06.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
426d6eca99572d7496738de7ac775af898f775963859a63a6cf35669d634ef2c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"4a5-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/svg+xml
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
MlS6jfEfkvf1CoRHgUnD4PntOv7FJwOgguR6Kdx8HHnCCI8BBrLzmA==
access-control-allow-credentials
true
iphone-7.png
www.headspace.com/static/images/ 		44 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.headspace.com/static/images/iphone-7.png
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.214.38 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-143-204-214-38.fra53.r.cloudfront.net
Software
/
Resource Hash
2ec7b8d599b943f38baf7faf4b7a7c775408769370d6f8e816585042b2d78b95
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.headspace.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
via
1.1 f960fa0538fdb326fc338e984fa7ece9.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
content-security-policy-report-only
connect-src *.cloudfront.net api.amplitude.com api.branch.io api.integration.headspace.com api.prod.headspace.com api.staging.headspace.com app.getsentry.com assets.ctfassets.net auth.integration.headspace.com auth.prod.headspace.com auth.staging.headspace.com cdn.contentful.com cdn.optimizely.com ct.pinterest.com errors.client.optimizely.com gum.criteo.com headspace.com identity.mparticle.com jssdks.mparticle.com logx.optimizely.com preview.contentful.com rum.optimizely.com sdk.iad-01.braze.com sentry.io static.zuora.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com 'self' api.prod.headspace.com auth.headspace.com livestream.prod.headspace.com static.zuora.com; default-src data: integration-www.headspace.com staging-www.headspace.com www.headspace.com; font-src data: fonts.gstatic.com static.headspace.com use.fontawesome.com use.typekit.net 'self'; frame-src a11673470095.cdn.optimizely.com apisandbox.zuora.com auth.headspace.com bid.g.doubleclick.net forms.hsforms.com gum.criteo.com static.criteo.net widget.us.criteo.com www.facebook.com www.youtube.com www.zuora.com 'self' https://auth.prod.headspace.com/; img-src ads.yahoo.com alb.reddit.com api.prod.headspace.com app.getsentry.com cm.g.doubleclick.net connect.facebook.net ct.pinterest.com customer.mediawallahscript.com cx.atdmt.com data: dis.criteo.com forms.hsforms.com googleads.g.doubleclick.net gum.criteo.com headspace.com hs-prod-community.imgix.net i.liadm.com i.ytimg.com images.contentful.com images.ctfassets.net my.headspace.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com privacy-policy.truste.com production-snowplow.headspace.com proudflex.org px.ads.linkedin.com q.quora.com r.casalemedia.com rtb-csync.smartadserver.com secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com static.headspace.com stats.g.doubleclick.net sync.outbrain.com t.co tags.bluekai.com track.hubspot.com webapp.integration.headspace.com webapp.staging.headspace.com www.facebook.com www.google-analytics.com www.google.ae www.google.al www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.com www.google.cz www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.is www.google.it www.google.je www.google.lt www.google.lv www.google.mk www.google.mv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.googletagmanager.com www.gstatic.com www.linkedin.com x.bidswitch.net 'self' api.prod.headspace.com; media-src assets.ctfassets.net blob: downloads.ctfassets.net headspace.com livestream.integration.headspace.com livestream.prod.headspace.com livestream.staging.headspace.com static.headspace.com 'self'; script-src *.cloudfront.net a.quora.com analytics.twitter.com api.branch.io apisandboxstatic.zuora.com app.link blob: cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn.polyfill.io cdn.ravenjs.com cdnjs.cloudflare.com connect.facebook.net forms.hsforms.com googleads.g.doubleclick.net headspace.com https://static.zuora.com js.appboycdn.com js.hs-analytics.net js.hs-scripts.com js.hsforms.net jssdkcdn.mparticle.com jssdkcdns.mparticle.com platform.twitter.com s.pinimg.com sjs.bizographics.com sslwidget.criteo.com static.ads-twitter.com static.criteo.net static.zuora.com widget.us.criteo.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src cdn.polyfill.io cdnjs.cloudflare.com cloudfront.net headspace.com https://fonts.googleapis.com platform.twitter.com static.zuora.com use.fontawesome.com www.google.com 'self' 'unsafe-inline'; report-uri https://sentry.io/api/1532173/security/?sentry_key=ac60cf3a3f0240d487fa18d834ea627b&sentry_environment=production
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=15552000; includeSubDomains
x-dns-prefetch-control
off
content-length
45085
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 23 Dec 2019 16:30:20 GMT
x-frame-options
SAMEORIGIN
etag
W/"b01d-16f33985960"
x-download-options
noopen
vary
Origin
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
image/png
cache-control
public, max-age=31536000
feature-policy
geolocation 'none'; microphone 'none';
accept-ranges
bytes
access-control-allow-headers
authorization,content-type,x-requested-with
x-amz-cf-id
J8a7DXJydTTxGL6dRUa8i9zFSx1h9G5t4vqhts4LN9CCQg1AnxfhWA==
access-control-allow-credentials
true
apercu_regular.woff2
static.headspace.com/fonts/apercu/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.headspace.com/fonts/apercu/apercu_regular.woff2
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.80 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-80.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e918a3fcb44e725952c49774404f5564c0e5bf79fe03fdd78ec2034561153672

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com

Response headers

x-amz-version-id
null
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
age
604784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
date
Tue, 17 Dec 2019 18:45:16 GMT
content-length
20864
last-modified
Tue, 26 Nov 2019 18:20:22 GMT
server
AmazonS3
etag
"59469dee6787197930bd94880c1ecc00"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
access-control-expose-headers
ETag
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
fYJmT6zGJY74SYSvYjD-lBHwzr7YxtfGJEIooacF1HWGv6NGKSLR7Q==
apercu_bold.woff2
static.headspace.com/fonts/apercu/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.headspace.com/fonts/apercu/apercu_bold.woff2
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.80 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-253-80.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
88a83d6555af69a761e9d9c92ec7b587a1de45c95e4365ab8ef3d0abeb823ff0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com

Response headers

x-amz-version-id
null
via
1.1 87b272b7d9b97f38da15c91c833c3292.cloudfront.net (CloudFront)
age
481909
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
date
Thu, 19 Dec 2019 04:53:11 GMT
content-length
21048
last-modified
Thu, 20 Dec 2018 20:35:25 GMT
server
AmazonS3
etag
"051d6e318abfad4e63ce09e483b5faee"
access-control-max-age
3600
access-control-allow-methods
GET
content-type
binary/octet-stream
access-control-allow-origin
*
access-control-expose-headers
ETag
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-amz-cf-id
cNY9Yp4hQ5qxVbPC-bjodhRdcEcDnapDB1LJht_wfRfvpGNgbc1gdg==
mparticle.js
jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/ 		649 KB
272 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::729 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Kestrel /
Resource Hash
a190842b7f727ccf7cfc66ab8edf28bd51089a4d6cc330fd97881704348069c5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
age
1442
x-cache
HIT, HIT
status
200
content-length
278527
x-served-by
cache-dca17759-DCA, cache-fra19130-FRA
server
Kestrel
x-timer
S1577213099.229246,VS0,VE1
vary
Accept, Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
expires
Tue, 24 Dec 2019 19:20:56 GMT
cache-control
public, max-age=3600
accept-ranges
bytes
x-cache-hits
2, 1
core.js
s.pinimg.com/ct/ 		1 KB
732 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::1931 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
efd9de3afabf343e13c305fa182024238ff8e24025e5c88c6c5d56b0a88480cd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-encoding
gzip
x-cdn
akamai
etag
"1e214e15ac165378f0589400974edd54"
vary
Accept-Encoding, Origin
content-type
application/javascript
status
200
cache-control
max-age=7200
x-fallback
53e23098-2.16.186.141
accept-ranges
bytes
content-length
565
sp.js
d1fc8wv8zag5ca.cloudfront.net/2.6.1/ 		73 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1fc8wv8zag5ca.cloudfront.net/2.6.1/sp.js
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.254.108 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-254-108.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5cfd7a812a15d3765357ffb2a9b187008c34aff5b77556ba032de395f437ba40

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 09 Oct 2019 03:53:24 GMT
Content-Encoding
gzip
Last-Modified
Thu, 14 Apr 2016 15:30:15 GMT
Server
AmazonS3
Age
6619896
ETag
"867a18e9267c612557bd7e89a1a485f4"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
Cache-Control
max-age=315360000
X-Amz-Cf-Pop
FRA6-C1
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25905
X-Amz-Cf-Id
csWXGGTflrMgROZcWBoYPdqpI_g5GjaCtN5DVR03wCKtiyrUYlRPOw==
ld.js
static.criteo.net/js/ld/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/ld.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
6a60018cab3d38d035188490d869d5dc1283a7dd115917226df457ca92887f7f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
last-modified
Mon, 16 Dec 2019 15:00:50 GMT
server
nginx
access-control-allow-origin
*
etag
W/"5df79c22-7533"
content-type
text/javascript
status
200
cache-control
max-age=86400, public
timing-allow-origin
*
expires
Wed, 25 Dec 2019 18:44:59 GMT
event
widget.us.criteo.com/
Redirect Chain
  • https://sslwidget.criteo.com/event?a=61913&v=5.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis&adce=1&tld=headspace.com&dtycbr=35793
  • https://widget.us.criteo.com/event?a=61913&v=5.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis&adce=1&tld=headspace.com&dtycbr=35793
1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.us.criteo.com/event?a=61913&v=5.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis&adce=1&tld=headspace.com&dtycbr=35793
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO - Criteo Corp., US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c73ed7d1ef53367e1eff510389323af2c55ee09610572ed59c34960221b39d71

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 18:44:58 GMT
content-encoding
gzip
content-type
application/x-javascript
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
vary
Accept-Encoding
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
status
200
cache-control
no-cache
timing-allow-origin
*
content-length
864
expires
0

Redirect headers

pragma
no-cache
date
Tue, 24 Dec 2019 18:44:58 GMT
location
https://widget.us.criteo.com/event?a=61913&v=5.5.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dvh&p2=e%3Ddis&adce=1&tld=headspace.com&dtycbr=35793
status
302
cache-control
no-cache
timing-allow-origin
*
content-length
0
expires
0
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
682
date
Tue, 24 Dec 2019 18:33:37 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Tue, 24 Dec 2019 20:33:37 GMT
amplitude-4.2.1-min.gz.js
cdn.amplitude.com/libs/ 		68 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/amplitude-4.2.1-min.gz.js
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.254.119 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-35-254-119.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
56e81c364da2cf5172aa095f02558ee2f440585d21cbe8d6746a0e473c0c8e2c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 22 Oct 2019 22:17:12 GMT
content-encoding
gzip
age
5430468
x-cache
Hit from cloudfront
status
200
content-length
23404
last-modified
Mon, 21 Oct 2019 15:45:35 GMT
server
AmazonS3
etag
"addb3457c5f65c867ae2be9606542893"
x-amz-version-id
2PesFonHu677Rw5PZ53UUToyHVzesxrU
via
1.1 2f471134491a4de5cfcaef646caf9dde.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
2APTB_-wUG-R7NRtmWvsNfKHrzJkf7gbyd5OeHWkFNrewygwa0GkGg==
identify
identity.mparticle.com/v1/ 		0
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://identity.mparticle.com/v1/identify
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

Access-Control-Request-Method
POST
Origin
https://www.headspace.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type,x-mp-key

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
via
1.1 varnish
server
Kestrel
age
2631
strict-transport-security
max-age=900
x-cache
HIT
status
204
x-cache-hits
311
access-control-allow-headers
content-type,x-mp-key
accept-ranges
bytes
x-timer
S1577213099.313638,VS0,VE0
access-control-allow-origin
*
x-served-by
cache-hhn4029-HHN
identify
identity.mparticle.com/v1/ 		175 B
270 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://identity.mparticle.com/v1/identify
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::645 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Kestrel /
Resource Hash
a7ab631465fa406bf71403cbe8570176739fb14fc82f81b47b75e0496ba15937
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

x-mp-key
580aa567c0d972439cf41d95730011ed
Origin
https://www.headspace.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
server
Kestrel
x-timer
S1577213099.319679,VS0,VE110
status
200
x-served-by
cache-hhn4029-HHN
vary
Accept-Encoding
x-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=900
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
main.532239b0.js
s.pinimg.com/ct/lib/ 		45 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.532239b0.js
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:28c::1931 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
10c3b1b8d9b03f13651f16b74cddff7a133468381315b1dcef26afdca5df8958

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-encoding
gzip
x-cdn
akamai
etag
"42f2d9232667759ed210155c5be8d336"
vary
Accept-Encoding, Origin
content-type
application/javascript
status
200
cache-control
max-age=1209600
x-fallback
53e231b0-2.16.186.141
accept-ranges
bytes
content-length
16262
Events
jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/ 		41 B
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/Events
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Kestrel /
Resource Hash
c27fa138c1a6790bad6ec0ef33b3fb3200841651ed456de81ade61874a8d12f7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
server
Kestrel
x-timer
S1577213099.470747,VS0,VE2
status
202
x-served-by
cache-fra19154-FRA
vary
Accept-Encoding
x-cache
MISS
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
Forwarding
jssdks.mparticle.com/v1/JS/580aa567c0d972439cf41d95730011ed/ 		0
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/580aa567c0d972439cf41d95730011ed/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1577213099.470745,VS0,VE2
x-served-by
cache-fra19154-FRA
status
202
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
Events
jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/ 		41 B
119 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v2/JS/580aa567c0d972439cf41d95730011ed/Events
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/580aa567c0d972439cf41d95730011ed/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::729 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Kestrel /
Resource Hash
c27fa138c1a6790bad6ec0ef33b3fb3200841651ed456de81ade61874a8d12f7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 24 Dec 2019 18:44:59 GMT
content-encoding
gzip
server
Kestrel
x-timer
S1577213099.470733,VS0,VE47
status
202
x-served-by
cache-fra19154-FRA
vary
Accept-Encoding
x-cache
MISS
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
/
ct.pinterest.com/user/ 		35 B
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2613695941317&ov=%7B%22np%22%3A%22gtm%22%7D&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1577213099484
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.532239b0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.84 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 18:44:59 GMT
x-cdn
fastly
status
200
content-type
image/gif
access-control-allow-origin
https://www.headspace.com
access-control-expose-headers
Epik
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
x-pinterest-rid
8141251407364804
x-envoy-upstream-service-time
1
content-length
35
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/ 		35 B
85 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?tid=2613695941317&ov=%7B%22np%22%3A%22gtm%22%7D&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.headspace.com%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%7D&cb=1577213099484
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.84 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 18:44:59 GMT
x-cdn
fastly
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
4
content-length
35
x-pinterest-rid
4704065153492768
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/ 		35 B
87 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2613695941317&pd=%7B%22np%22%3A%22gtm%22%7D&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.headspace.com%2F%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%7D&cb=1577213099485
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.84 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Dec 2019 18:44:59 GMT
x-cdn
fastly
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
3
content-length
35
x-pinterest-rid
6402783361543108
expires
Sat, 01 Jan 2000 00:00:00 GMT
train-cat.svg
images.ctfassets.net/v3n26e09qg2r/bdQLnwT6O4mwQyASyU44q/dd3026f66c931c90e0e645072840882a/ 		68 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.ctfassets.net/v3n26e09qg2r/bdQLnwT6O4mwQyASyU44q/dd3026f66c931c90e0e645072840882a/train-cat.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:9200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
ccaf220bfe87acedb7c5bc101bb4e12a042ece552642f679f0e8a3a1bacb1b15

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 17 Sep 2019 05:09:10 GMT
content-encoding
gzip
server
Contentful Images API
age
915627
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
access-control-allow-origin
*
x-amz-cf-id
Gdhfv_8d-IJxLW-ElPLKaJBtpYlIjvDBSAXZ4RLhBAfihf3_YZZXJA==
via
1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
zany-bg-tranparent.svg
images.ctfassets.net/v3n26e09qg2r/HbPfyeRUEU2yac4sqA8g4/1d12f646eddda92080178c9e2692427c/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.ctfassets.net/v3n26e09qg2r/HbPfyeRUEU2yac4sqA8g4/1d12f646eddda92080178c9e2692427c/zany-bg-tranparent.svg
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:9200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
564fb9fbf3aa9c18b4f9390993b9f075f390390fd3d3203bea91266d05804b5f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 17 Sep 2019 05:29:08 GMT
content-encoding
gzip
server
Contentful Images API
age
1084011
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
status
200
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
access-control-allow-origin
*
x-amz-cf-id
odNUEryPEQz4jOEkIoDqeqZ1QfDm7AGxlQVtqyaNVMXfi0fWI3zcCw==
via
1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
log
errors.client.optimizely.com/ 		13 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://errors.client.optimizely.com/log
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/_app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.146.186 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-234-146-186.compute-1.amazonaws.com
Software
/
Resource Hash
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

Request headers

Access-Control-Request-Method
POST
Origin
https://www.headspace.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Tue, 24 Dec 2019 18:45:00 GMT
Allow
POST,OPTIONS
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.headspace.com
Access-Control-Max-Age
1800
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
X-Requested-With,Content-Type,Accept,Origin
Content-Length
13
log
errors.client.optimizely.com/ 		13 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://errors.client.optimizely.com/log
Requested by
Host: www.headspace.com
URL: https://www.headspace.com/_next/static/_R8HAxNkROBsc6OFQOV3z/pages/_app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.146.186 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-234-146-186.compute-1.amazonaws.com
Software
/
Resource Hash
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

Request headers

Access-Control-Request-Method
POST
Origin
https://www.headspace.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers
content-type

Response headers

Date
Tue, 24 Dec 2019 18:45:00 GMT
Allow
POST,OPTIONS
Access-Control-Allow-Methods
GET,POST,OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.headspace.com
Access-Control-Max-Age
1800
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
X-Requested-With,Content-Type,Accept,Origin
Content-Length
13
log
errors.client.optimizely.com/ 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://errors.client.optimizely.com/log
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.146.186 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-234-146-186.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com
Content-Type
application/json

Response headers

Access-Control-Allow-Origin
https://www.headspace.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials
true
Connection
keep-alive
Date
Tue, 24 Dec 2019 18:45:00 GMT
Content-Type
text/plain
log
errors.client.optimizely.com/ 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://errors.client.optimizely.com/log
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.146.186 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-234-146-186.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin
https://www.headspace.com
Content-Type
application/json

Response headers

Access-Control-Allow-Origin
https://www.headspace.com
Access-Control-Expose-Headers
Access-Control-Allow-Credentials
true
Connection
keep-alive
Date
Tue, 24 Dec 2019 18:45:00 GMT
Content-Type
text/plain

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| dataLayer undefined| _ object| __NEXT_DATA__ function| __NEXT_REGISTER_PAGE object| webpackJsonp object| google_tag_manager object| mParticle function| pintrk object| GlobalSnowplowNamespace function| snowplow object| criteo_q object| mpGoogleAnalyticsKit object| mpAmplitudeKit object| mpOptimizelyKit object| regeneratorRuntime boolean| isTesting string| GoogleAnalyticsObject function| ga object| amplitude object| Snowplow object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| tagId number| index object| __core-js_shared__ function| setImmediate function| clearImmediate object| __SENTRY__ object| next object| __NEXT_REDUX_STORE__

11 Cookies

Domain/Path Name / Value
www.headspace.com/ Name: AWSALB
Value: haMyYzyG2ko7iY297I0wgey+ng5jKlBeHJJCzue1eb2Hzjzr7pBUn3ZGSxnlMmo+Syl1W726/VQp2KAOSEuQ2ibE4iV+zHI5sDeqfolf49LZ2OPy+DR8w12rzIhZ
.headspace.com/ Name: _gid
Value: GA1.2.2083528644.1577213099
.headspace.com/ Name: mprtcl-v4_B0C8D5EC
Value: {'gs':{'ie':1|'dt':'580aa567c0d972439cf41d95730011ed'|'cgid':'10698bf7-bac0-49e9-a50c-5601c6c7bad1'|'das':'72060cf3-2ca4-4d29-bb11-91a3aabd9fa5'|'csm':'WyIxNDM5OTE0NDEzNzY4NDMzMzA0Il0='|'sid':'F6E512A3-99BA-4F74-B4E4-AD53AB4CAE4B'|'les':1577213099297|'ssd':1577213099296}|'l':0|'1439914413768433304':{'fst':1577213099433}|'cu':'1439914413768433304'}
.headspace.com/ Name: amplitude_id_2c0e8b630e65ea00889d07e47d2bb68d_testheadspace.com
Value: eyJkZXZpY2VJZCI6ImI0YjhhZmM2LTdhNGMtNDg0NC1iMjZmLTE5OWQxNDdmZWM3M1IiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTU3NzIxMzA5OTM4NywibGFzdEV2ZW50VGltZSI6MTU3NzIxMzA5OTM4NywiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9
.headspace.com/ Name: _sp_id.8a05
Value: e872b886-aed5-476f-8d95-4ef688f036e6.1577213096.1.1577213099.1577213096.44e79839-6c3b-4ae5-97cd-31a03aaf45f5
.headspace.com/ Name: countryCode
Value: BE
.headspace.com/ Name: cookiePolicyAnalytics
Value: not-set
.headspace.com/ Name: _ga
Value: GA1.2.1495914851.1577213099
.headspace.com/ Name: lang
Value: en
.headspace.com/ Name: cookiePolicyMarketing
Value: not-set
.headspace.com/ Name: _sp_ses.8a05
Value: *

4 Console Messages

Source Level URL
Text
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1295)
Message:
GTM PTag v1.2; tagId: 2613695941317
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1295)
Message:
Firing Pinterest event: pagevisit
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1295)
Message:
Event Data:
console-api log URL: https://www.googletagmanager.com/gtm.js?id=GTM-M92JXMV&gtm_auth=16iCHRn1z7748mckvKDXyw&gtm_preview=env-2&gtm_cookies_win=x(Line 1295)
Message:
[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.amplitude.com
cdn.optimizely.com
cdn.polyfill.io
cdnjs.cloudflare.com
ct.pinterest.com
d1fc8wv8zag5ca.cloudfront.net
errors.client.optimizely.com
identity.mparticle.com
images.ctfassets.net
jssdkcdns.mparticle.com
jssdks.mparticle.com
s.pinimg.com
sslwidget.criteo.com
static.criteo.net
static.headspace.com
widget.us.criteo.com
www.google-analytics.com
www.googletagmanager.com
www.headspace.com
13.35.253.80
13.35.254.108
13.35.254.119
143.204.214.38
151.101.112.84
178.250.0.163
178.250.2.130
2600:9000:2057:9200:12:94b3:c380:93a1
2606:4700::6811:4104
2a00:1450:4001:80b::2008
2a00:1450:4001:80b::200e
2a02:26f0:6c00:284::13b8
2a02:26f0:6c00:28c::1931
2a04:4e42:1b::621
2a04:4e42:1b::645
2a04:4e42:400::729
2a04:4e42::729
34.234.146.186
74.119.119.150
06ea8be3d64ff082bb99b1526f9c8a6962f95c2b092264e7f0153193f1cd4ff7
0e754aa2bdc817b574a67d6a5b1478a7dd8b24f45cb25a719d4792b81bd9c414
10c3b1b8d9b03f13651f16b74cddff7a133468381315b1dcef26afdca5df8958
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
1814b26be6374891fe3ebd2dc02797861ceca8c7836c6c037e06a35e94780e9b
1d8e21433ce63581f1fc81bea29bf81ec9637a930d3beee7c701391edffda256
221c52dd9c63fd710b01bbc6dc6d084c476d034c71031e367888bdb8f3ae4a44
24b8018ed350a2ee609e802a40bbec3ed12562d42af3fe5350a5e90e579e4c5b
2541e82abcc8050db39df9ee928ba5dea744f010415156dc4c21858a11bc7191
2a05878ea756d08b00c288f40eb03fec2b3bd67ab6bf78f54c7df2127a8e8ce0
2b23f9816eb4441e9a412265974c9cf196f31bf7615af19c7b113f971648e836
2ec7b8d599b943f38baf7faf4b7a7c775408769370d6f8e816585042b2d78b95
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
426d6eca99572d7496738de7ac775af898f775963859a63a6cf35669d634ef2c
4aea9b6c2eeb33f449c57f169dc249350ec8b4d6091e6ce0ab5521b164ee5029
564fb9fbf3aa9c18b4f9390993b9f075f390390fd3d3203bea91266d05804b5f
56e81c364da2cf5172aa095f02558ee2f440585d21cbe8d6746a0e473c0c8e2c
5cfd7a812a15d3765357ffb2a9b187008c34aff5b77556ba032de395f437ba40
6a60018cab3d38d035188490d869d5dc1283a7dd115917226df457ca92887f7f
6e1b690c8e6b5cb14c57287b8c8d2804ceec2654d9f19d97579b4eeed626667a
722b75b198be6165530b3425502421096afc20c8d5b867860a1f4189215ee192
7306419f464288208ffa445e4ecc1ec6e824be0346871d100561eb0983d31207
7d55f5954634bd9ecdd77bf468aaeb2ef1ac7878b5f7112bc0e330ce8d606ac1
81351c1b1d5549c83c8b85b418b87e930c2117511b4f9d3154c3428c3097b5eb
88a83d6555af69a761e9d9c92ec7b587a1de45c95e4365ab8ef3d0abeb823ff0
89498c90addec77dbf39764abd1715674949da31a6f10c6f5df7c52c306b501a
8de4d4469701273b5bd2c88c669f277139abde1d3ffd84911cf3ba646227ac06
9476b6a4cd9f43b16c8cfcaa5c7142be7163984911a603493cde4828d700c09a
a0b5013d6b751baa19f38757a2a00c276a078ee0ccf977532b68f152a58682e1
a190842b7f727ccf7cfc66ab8edf28bd51089a4d6cc330fd97881704348069c5
a6df9819c9706c6854fb0bd5d04265f789885158e200be45d397bd087465fd72
a7ab631465fa406bf71403cbe8570176739fb14fc82f81b47b75e0496ba15937
b57fe812440bd373f69474b848c6d102a7b37796c24195a93c4754d7f2a5e9f8
b5d18443c635b7a16ef48219eb5f507cbc1331e1543c3bbc317cf2f26f47e8c0
bfc2ae4b21f737b719393cdef3701c5ebd649eb8c2db337cbdae9812a29d36bc
c0024ed7d3601b6df38d45a6519b1a9c3f1b6051f5701c8d05e4715fdcd96a36
c27fa138c1a6790bad6ec0ef33b3fb3200841651ed456de81ade61874a8d12f7
c3bffd48e2054bc5b3889bf06cf4f68576a6591c8de207cdbdb8a8f7806d3984
c648ad1049c3d67aeef9116fd15824c8ff5a4e81d0da9afd95acd182b733c967
c73ed7d1ef53367e1eff510389323af2c55ee09610572ed59c34960221b39d71
cae897bdde94867960ad284a56b1631296eaceddf5710a2857127ca0aa2777d3
ccaf220bfe87acedb7c5bc101bb4e12a042ece552642f679f0e8a3a1bacb1b15
d89b63406de97fcad69446cdc0456ec7f3132d5aa946a83f41089d8971e5267a
da4fae0ee0fcb340c3d5944c2916e04b610c1b27bf569218fd8b9004d5cac504
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e918a3fcb44e725952c49774404f5564c0e5bf79fe03fdd78ec2034561153672
eeabd21d64ca0a01287d1676b8ff6169edf24f13560814ade1e4f1877360dd18
efd9de3afabf343e13c305fa182024238ff8e24025e5c88c6c5d56b0a88480cd