urlscan.io logo urlscan.io
SecurityTrails logo

www.herbalifepac.com Open in urlscan Pro
74.209.251.148  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.herbalifepac.com/
Effective URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Submission: On January 18 via manual from MX
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 74.209.251.148, located in Ashburn, United States and belongs to LATISYS-ASHBURN - Latisys-Ashburn, LLC, US. The main domain is www.herbalifepac.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on February 10th 2018. Valid for: a year.
This is the only time www.herbalifepac.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 14 74.209.251.148 29944 (LATISYS-A...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
16 4
Domain Requested by
14 www.herbalifepac.com 2 redirects www.herbalifepac.com
ajax.googleapis.com
2 www.google-analytics.com www.herbalifepac.com
1 ajax.googleapis.com www.herbalifepac.com
1 cdnjs.cloudflare.com www.herbalifepac.com
16 4

This site contains links to these domains. Also see Links.

Domain
fed.hrbl.com
Subject Issuer Validity Valid
www.herbalifepac.com
Go Daddy Secure Certificate Authority - G2		 2018-02-10 -
2019-04-11		 a year crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-09-22 -
2019-03-31		 6 months crt.sh
*.googleapis.com
Google Internet Authority G3		 2018-12-19 -
2019-03-13		 3 months crt.sh
*.google-analytics.com
Google Internet Authority G3		 2018-12-19 -
2019-03-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.herbalifepac.com/error.aspx?Code=SSO
Frame ID: F0413637F18A760B23238CEF40BBAD93
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.herbalifepac.com/ HTTP 302
    https://www.herbalifepac.com/ HTTP 302
    https://www.herbalifepac.com/error.aspx?Code=SSO Page URL

Detected technologies

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • script /modernizr(?:-([\d.]*[\d]))?.*\.js/i
  • env /^Modernizr$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

16
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

105 kB
Transfer

235 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.herbalifepac.com/ HTTP 302
    https://www.herbalifepac.com/ HTTP 302
    https://www.herbalifepac.com/error.aspx?Code=SSO Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set error.aspx
www.herbalifepac.com/
Redirect Chain
  • http://www.herbalifepac.com/
  • https://www.herbalifepac.com/
  • https://www.herbalifepac.com/error.aspx?Code=SSO
4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
ec9d5f73ddfd07f75e481d897135ba3a2476208a6712296703f2bde24621926d
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.herbalifepac.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Date
Fri, 18 Jan 2019 00:17:26 GMT
Content-Length
4605
Set-Cookie
VS=0b3f4571-968c-4b09-baa3-2d466780a66d; expires=Mon, 18-Jan-2021 00:17:26 GMT; path=/; HttpOnly; Secure; HttpOnly
X-FRAME-OPTIONS
SAMEORIGIN
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
/error.aspx?Code=SSO
Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Date
Fri, 18 Jan 2019 00:17:26 GMT
Content-Length
137
Set-Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; path=/; HttpOnly; Secure; HttpOnly ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; path=/; HttpOnly; Secure; HttpOnly VS=0b3f4571-968c-4b09-baa3-2d466780a66d; expires=Mon, 18-Jan-2021 00:17:26 GMT; path=/; HttpOnly; Secure; HttpOnly cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=; expires=Fri, 18-Jan-2019 00:37:26 GMT; path=/; Secure; HttpOnly
X-FRAME-OPTIONS
SAMEORIGIN
X-XSS-Protection
1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
layout.css
www.herbalifepac.com/css/ 		30 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/css/layout.css
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
f2028f250f01ac2f12562f50b6d10097508fbc8afe0c8c83961c970469d497ef
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Wed, 08 Feb 2017 19:52:55 GMT
ETag
"808569f04482d21:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
X-XSS-Protection
1; mode=block
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
7947
X-Content-Type-Options
nosniff
jqtransform.css
www.herbalifepac.com/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/css/jqtransform.css
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
d8a53bf41d4c2c8801ea5ece839322562b824ca22916d9f50e86ff9ea431eafb
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Fri, 06 May 2016 21:51:05 GMT
ETag
"802a8b63e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
X-XSS-Protection
1; mode=block
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1755
X-Content-Type-Options
nosniff
mnav.css
www.herbalifepac.com/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/css/mnav.css
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
0046e859b393bdfd1864609ff4f35ae723909476625602224900577b5a7f422a
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
X-Content-Type-Options
nosniff
Last-Modified
Fri, 06 May 2016 21:51:06 GMT
ETag
"0c12364e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1892
X-XSS-Protection
1; mode=block
mnav-theme.css
www.herbalifepac.com/css/ 		771 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/css/mnav-theme.css
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
3f2918f41303ca92e885d2cbda5915ca490ca3a410c721a1355b8da5d2346a7d
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
X-Content-Type-Options
nosniff
Last-Modified
Fri, 06 May 2016 21:51:05 GMT
ETag
"802a8b63e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
771
X-XSS-Protection
1; mode=block
modernizr.min.js
cdnjs.cloudflare.com/ajax/libs/modernizr/2.0.6/ 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.0.6/modernizr.min.js
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5a828d11d179d277f1bb54871f1859dc04f888413cffc35f0e01b256774e38a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 18 Jan 2019 00:17:26 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:23:06 GMT
server
cloudflare
etag
W/"5afd49fa-41b4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Wed, 08 Jan 2020 00:17:26 GMT
cache-control
public, max-age=30672000
cf-ray
49ace0ecf9cd6505-FRA
served-in-seconds
0.001
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.0/ 		92 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Thu, 03 Jan 2019 09:57:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1261186
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
33461
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Jan 2020 09:57:40 GMT
jquery.jqtransform.js
www.herbalifepac.com/js/plugins/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/js/plugins/jquery.jqtransform.js
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
90e3019fe15d0c76e087679b29e66c137c8f8f9324d4c7e7861f5227ab7f85f5
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Fri, 06 May 2016 21:51:15 GMT
ETag
"80b8169e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
3922
X-Content-Type-Options
nosniff
mnav.js
www.herbalifepac.com/js/plugins/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/js/plugins/mnav.js
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
648b2ced7c403f769519bcd0ceff3708bf9e40a0f14b7ad58659ac42e4da50b5
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Fri, 06 May 2016 21:51:16 GMT
ETag
"0a2196ae1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1301
X-Content-Type-Options
nosniff
global.js
www.herbalifepac.com/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/js/global.js
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
e7daae33983cf5fa365c51ce6892cec8dca8a7c6cf090a777deb4a8c6f18768e
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Fri, 06 May 2016 21:51:14 GMT
ETag
"075e868e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/javascript
X-XSS-Protection
1; mode=block
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2024
X-Content-Type-Options
nosniff
img-footer-logo-.png
www.herbalifepac.com/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.herbalifepac.com/img/img-footer-logo-.png
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
c237e4b4a76ae810308332dff1c0823cff73ee3b2aac570a39f4bbf2e3907692
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
X-Content-Type-Options
nosniff
Last-Modified
Thu, 30 Jun 2016 20:17:58 GMT
ETag
"0df267ecd3d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
2566
X-XSS-Protection
1; mode=block
reset.css
www.herbalifepac.com/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.herbalifepac.com/css/reset.css
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
2bd61fab7dd5e62af38b232183d441e2ab0b790f2e46c9626cda6c189d5be69e
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
X-Content-Type-Options
nosniff
Last-Modified
Fri, 06 May 2016 21:51:06 GMT
ETag
"0c12364e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
text/css
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1139
X-XSS-Protection
1; mode=block
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:809::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b688a3bcd1297cc0fe08e6e52fea14ba9108ee4b9a2052c03e7bac6e19347255
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Nov 2018 21:10:09 GMT
server
Golfe2
age
5300
date
Thu, 17 Jan 2019 22:49:06 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
17404
expires
Fri, 18 Jan 2019 00:49:06 GMT
img-logomark.png
www.herbalifepac.com/img/ 		7 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.herbalifepac.com/img/img-logomark.png
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
a7b4b9f78d0dfb19dab66ad87369e0c6248e95982c7f42190cb0d016b1758cbe
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.herbalifepac.com/css/layout.css
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/css/layout.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
X-Content-Type-Options
nosniff
Last-Modified
Mon, 14 May 2018 20:47:59 GMT
ETag
"115a44d8c4ebd31:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
7674
X-XSS-Protection
1; mode=block
mobile-nav-icon.png
www.herbalifepac.com/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.herbalifepac.com/img/mobile-nav-icon.png
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
74.209.251.148 Ashburn, United States, ASN29944 (LATISYS-ASHBURN - Latisys-Ashburn, LLC, US),
Reverse DNS
Software
/
Resource Hash
52ae0c16c187d16c3ce24404ec8ae5652e8c214247cf0a1e8d6ceeaa8279cc56
Security Headers
Name Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, br
Host
www.herbalifepac.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.herbalifepac.com/css/mnav.css
Cookie
ASP.NET_SessionId=apgy405xkrcpfmwezyyk5af0; VS=0b3f4571-968c-4b09-baa3-2d466780a66d; cookie_20=!SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.herbalifepac.com/css/mnav.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
X-Content-Type-Options
nosniff
Last-Modified
Fri, 06 May 2016 21:51:10 GMT
ETag
"01b8666e1a7d11:0"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
Date
Fri, 18 Jan 2019 00:17:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
1042
X-XSS-Protection
1; mode=block
collect
www.google-analytics.com/r/ 		35 B
112 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j72&a=490650644&t=pageview&_s=1&dl=https%3A%2F%2Fwww.herbalifepac.com%2Ferror.aspx%3FCode%3DSSO&ul=en-us&de=UTF-8&dt=Herbalife%20PAC&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=1072591950&gjid=1350393061&cid=456459918.1547770647&tid=UA-80329134-1&_gid=268250327.1547770647&_r=1&z=934253887
Requested by
Host: www.herbalifepac.com
URL: https://www.herbalifepac.com/error.aspx?Code=SSO
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:809::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.herbalifepac.com/error.aspx?Code=SSO
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Jan 2019 00:17:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| Modernizr object| respond function| yepnope function| $ function| jQuery object| accordion function| mapInit function| debounce string| GoogleAnalyticsObject function| ga object| nav object| navUl object| navLi object| navLiA object| jQuery1703239914754211408 object| google_tag_data object| gaplugins object| gaGlobal object| gaData

6 Cookies

Domain/Path Name / Value
.herbalifepac.com/ Name: _gat
Value: 1
.herbalifepac.com/ Name: _gid
Value: GA1.2.268250327.1547770647
.herbalifepac.com/ Name: _ga
Value: GA1.2.456459918.1547770647
www.herbalifepac.com/ Name: VS
Value: 0b3f4571-968c-4b09-baa3-2d466780a66d
www.herbalifepac.com/ Name: cookie_20
Value: !SYbDyVk0dny7fQlDui2rxUdDwae0X/+gI8XSn8iCN3nk3pE0aRed2EfKjtoNnLpjJmkmbaQMJltQxhQ=
www.herbalifepac.com/ Name: ASP.NET_SessionId
Value: apgy405xkrcpfmwezyyk5af0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';child-src 'self' 'unsafe-inline' https://*.streamhoster.com;font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' 'unsafe-inline' https://*.streamhoster.com;img-src 'self' https://media.gractions.com https://www.google-analytics.com;media-src 'self' 'unsafe-inline' https://*.streamhoster.com;script-src 'unsafe-inline' 'self' https://www.google-analytics.com/analytics.js https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://code.jquery.com;style-src 'self' 'unsafe-inline' https://static.streamhoster.com https://fonts.googleapis.com; report-uri /report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block