dutyrefunds.crisp.help Open in urlscan Pro
2606:4700:90:0:8fa5:a1b5:8782:d1e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dutyrefunds.crisp.help/
Effective URL:
https://dutyrefunds.crisp.help/en/
Submission Tags: phish.gg anti.fish automated Search All
Submission: On January 03 via api (January 3rd 2024, 7:36:36 am UTC) from DE — Scanned from DE

Summary HTTP 69 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 17 domains to perform 69 HTTP transactions. The main IP is 2606:4700:90:0:8fa5:a1b5:8782:d1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is dutyrefunds.crisp.help.
TLS certificate: Issued by R3 on November 4th 2023. Valid for: 3 months.

This is the only time dutyrefunds.crisp.help was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:90:... 2606:4700:90:0:8fa5:a1b5:8782:d1e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
5	143.198.240.73 143.198.240.73	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
19	52.222.236.71 52.222.236.71	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
8	2606:4700:440... 2606:4700:4400::6812:22b5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:20:... 2606:4700:20::681a:c2f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a03:b0c0:1:e... 2a03:b0c0:1:e0::2c8:7001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
69	21

2 2606:4700:90:0:8fa5:a1b5:8782:d1e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dutyrefunds.crisp.help	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 143.198.240.73 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

dutyrefunds.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 52.222.236.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-71.fra56.r.cloudfront.net

widget.trustpilot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:4400::6812:22b5 (United States)

ASN13335 (CLOUDFLARENET, US)

client.crisp.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
storage.crisp.chat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:c2f (United States)

ASN13335 (CLOUDFLARENET, US)

static.crisp.help	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:b0c0:1:e0::2c8:7001 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

v2.clickguardian.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	trustpilot.com widget.trustpilot.com — Cisco Umbrella Rank: 5808	131 KB
8	crisp.chat client.crisp.chat — Cisco Umbrella Rank: 29254 storage.crisp.chat — Cisco Umbrella Rank: 572990	180 KB
8	crisp.help 1 redirects dutyrefunds.crisp.help static.crisp.help — Cisco Umbrella Rank: 885302	88 KB
5	dutyrefunds.co.uk dutyrefunds.co.uk	37 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	21 KB
3	google.de www.google.de — Cisco Umbrella Rank: 4002	669 B
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2014 www.google.com — Cisco Umbrella Rank: 6	821 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 692	14 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 stats.g.doubleclick.net — Cisco Umbrella Rank: 184	2 KB
3	gstatic.com fonts.gstatic.com	69 KB
2	clickguardian.app v2.clickguardian.app — Cisco Umbrella Rank: 167490	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	89 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	192 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 395	10 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	30 KB
69	17

	Domain	Requested by
19	widget.trustpilot.com	dutyrefunds.crisp.help widget.trustpilot.com
6	static.crisp.help	dutyrefunds.crisp.help static.crisp.help
6	client.crisp.chat	dutyrefunds.crisp.help client.crisp.chat
5	dutyrefunds.co.uk	dutyrefunds.crisp.help
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.google.de	dutyrefunds.crisp.help
3	bat.bing.com	www.googletagmanager.com bat.bing.com dutyrefunds.crisp.help
3	fonts.gstatic.com	fonts.googleapis.com
2	www.google.com	dutyrefunds.crisp.help
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	v2.clickguardian.app	dutyrefunds.crisp.help v2.clickguardian.app
2	connect.facebook.net	dutyrefunds.crisp.help connect.facebook.net
2	www.googletagmanager.com	dutyrefunds.crisp.help www.googletagmanager.com
2	storage.crisp.chat	dutyrefunds.crisp.help
2	fonts.googleapis.com	dutyrefunds.crisp.help
2	dutyrefunds.crisp.help	1 redirects
1	www.facebook.com	dutyrefunds.crisp.help
1	cdnjs.cloudflare.com	v2.clickguardian.app
1	region1.analytics.google.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	code.jquery.com	dutyrefunds.crisp.help
69	21

This site contains links to these domains. Also see Links.

Domain
dutyrefunds.co.uk
www.linkedin.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
dutyrefunds.crisp.help R3	`2023-11-04` - `2024-02-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.dutyrefunds.co.uk E1	`2023-12-19` - `2024-03-18`	3 months	crt.sh
*.trustpilot.com Amazon RSA 2048 M03	`2024-01-03` - `2025-01-31`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
crisp.chat Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-12` - `2024-05-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-12` - `2024-01-10`	3 months	crt.sh
v2.clickguardian.app Sectigo RSA Domain Validation Secure Server CA	`2023-10-24` - `2024-11-23`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://dutyrefunds.crisp.help/en/
Frame ID: 0C058267CCD4EB01BF79C391632F32F4
Requests: 53 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
Frame ID: 1E3C3961CA0EDCE43DC46FC56CF356FC
Requests: 7 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
Frame ID: 9A6E0EC57058194FC9356196070E7C8A
Requests: 6 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
Frame ID: DBE2A32F0750927B97332A0F690EA908
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FAQ – Duty Refunds

Page URL History Show full URLs

http://dutyrefunds.crisp.help/ HTTP 307
https://dutyrefunds.crisp.help/ HTTP 301
https://dutyrefunds.crisp.help/en/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

fingerprint(\d)?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

69
Requests

100 %
HTTPS

90 %
IPv6

17
Domains

21
Subdomains

21
IPs

4
Countries

867 kB
Transfer

2834 kB
Size

11
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://dutyrefunds.co.uk/
Title: For shoppers

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/
Title: For business

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/about-us/
Title: About Us

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/reclaim-customs-charges/
Title: Reclaim customs charges

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/import-duty-calculator/
Title: Duty calculator

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/faq/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/glossary/
Title: Glossary

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/blog/
Title: Blog

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/forms/new/
Title: Get my refund

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/auth/login/
Title: Log-in

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/86001882

Search URL Search Domain Scan URL

URL: https://twitter.com/DutyRefunds

Search URL Search Domain Scan URL

URL: https://www.instagram.com/dutyrefunds

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/our-story/
Title: Our story

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/solutions/
Title: Solutions

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/solutions/ship-to-uk-with-ddu/
Title: UK via DDU

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/solutions/ship-to-uk-with-ddp/
Title: UK via DDP

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/guides/
Title: Guides

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/partners/directory/
Title: Partner directory

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/partners/become-a-partner/
Title: Partner with us

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/business/help/
Title: Help

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/terms/
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://dutyrefunds.co.uk/privacy-policy/
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dutyrefunds.crisp.help/ HTTP 307
https://dutyrefunds.crisp.help/ HTTP 301
https://dutyrefunds.crisp.help/en/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

69 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
dutyrefunds.crisp.help/en/
Redirect Chain

http://dutyrefunds.crisp.help/
https://dutyrefunds.crisp.help/
https://dutyrefunds.crisp.help/en/

76 KB
17 KB

54ms
53ms

Document
text/html

2606:4700:90:0:8fa5:a1b5:8782:d1e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:90:0:8fa5:a1b5:8782:d1e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

nginx /

Resource Hash

1f09916064221faa8b8e70d9f73d8ddba1cf8cff9a23c362636012ace21d0a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=60
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 03 Jan 2024 07:36:31 GMT
etag: W/"12f50-Ck39SqNRJTSeJV51gwBQXBowM1U"
server: nginx
strict-transport-security: max-age=2592000
vary: Accept-Encoding
x-crisp-ray: 8073e4dd-dafb-4d01-a73d-f9131704912b
x-page-cache-status: MISS

Redirect headers

cache-control: public, max-age=60
content-length: 64
content-type: text/html; charset=utf-8
date: Wed, 03 Jan 2024 07:36:31 GMT
location: /en/
server: nginx
strict-transport-security: max-age=2592000
vary: Accept
x-crisp-ray: 6465acf3-2445-437b-b9c0-055d96011185
x-page-cache-status: MISS

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 36ms
15ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ecfc48ab5315e179e1948be2aecc95b3afc29ae1413a2024abb9b1706df9ff0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Jan 2024 07:36:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 06:04:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Jan 2024 07:36:31 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
559 B 37ms
16ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lexend:wght@300;400&display=swap

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dbd346a85e19634d49511ef92f39fff27ac92abd6878851e5a60d12086b1fb66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 03 Jan 2024 07:36:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 07:36:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Jan 2024 07:36:31 GMT

GET
H2 200 tailwind.min.css
dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/ 74 KB
14 KB 342ms
108ms Stylesheet
text/css 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/tailwind.min.css

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

6698f19fe1b63dfb7ed6524cb435feb18430630e67d886d4b850761e38f8c38a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,dcf9e7155f9b2cb5675c21da8797d0ed53b98cd8b08c6ba8d0d23ab4d0e1729d
cf-cache-status: HIT
ki-edge: v=20.2.5;mv=3.0.1
x-content-type-options: nosniff
age: 506650
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
ki-origin: g1p
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Apr 2023 13:51:07 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"643565cb-12747"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9YYonVT92z2m9b6oS%2Ba0mqLZq8hT%2BJDgRDrE6tb6KMMZsIF%2FB2CqkZDkyY8cISfeOJ4tKNi2cwf52Zmq8mWA8vOM6Lwdg99HVSk8rB4JfRPgdkyVYEQq4yPEZGJB417AqS%2F8si45iEk0BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 83f99240caa0887d-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/ 22 KB
4 KB 325ms
91ms Stylesheet
text/css 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://dutyrefunds.co.uk/blog/wp-content/themes/DutyRefunds/css/rebrand/style.min.css

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

3b8f035379750a0058e8b9a351f27979854c7ab0691cc6695091d60f5940988d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,31d55e174ea6a67b139dbad8dc3f7e6da0f0cf004c1a6817f5e712bcb39c2da2
cf-cache-status: HIT
ki-edge: v=20.2.5;mv=3.0.1
x-content-type-options: nosniff
age: 2147195
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
ki-origin: g1p
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 22 May 2023 06:00:58 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"646b051a-576c"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BXnqejlsnjyW8AP1y1L5p%2Bilmzo%2B5oHx7%2BoVQTTc3zRwrVXujj%2BLhknphWQzzkbzb5cnZD%2Bwp3ZmBpVwTjmibhBQp0ESrwiPbjUkU5UNzh5Z9WaISiLOOE8TTXXEoQ51R5i3GJ%2Fz%2BaOeHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 83f99240bf21413c-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tp.widget.bootstrap.min.js Show response
widget.trustpilot.com/bootstrap/v5/ 21 KB
7 KB 38ms
7ms Script
application/x-javascript 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 02:58:57 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 16656
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 6759
x-xss-protection: 1; mode=block
last-modified: Thu, 26 Oct 2023 12:27:20 GMT
server: AmazonS3
etag: "15864ce88fa79a3e954417d0c3396798"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: ujqfL6MTE6OoqW9iO55OJ1hGNSBTn49aIqBRqcyLuuKAWsW8ptf0Ew==

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 28ms
7ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://dutyrefunds.crisp.help/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 3664775
x-cache: HIT, HIT
content-length: 30875
x-served-by: cache-lga21931-LGA, cache-fra-eddf8230120-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1704267392.893183,VS0,VE0
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 4, 2381091

GET
H2 200 l.js Show response
client.crisp.chat/ 8 KB
3 KB 17ms
16ms Script
application/javascript 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/l.js

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5f26825e53902152c63182a0d0da702e77f7813d3c84fa878d1b0a8066d408f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 47227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 24 Aug 2023 11:12:52 GMT
server: cloudflare
etag: W/"64e73b34-205d"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f992415faa9b67-FRA
access-control-allow-headers: Content-Type, Origin
expires: Thu, 04 Jan 2024 07:36:32 GMT

GET
H2 200 libs.min.css
static.crisp.help/stylesheets/libs/ 18 KB
4 KB 35ms
18ms Stylesheet
text/css 2606:4700:20::681a:c2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/stylesheets/libs/libs.min.css?c22dac1190fb3ffd3f4bd37613645d922

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264b651f2b60176a30cb9cb66c29459ee762e0a19d96eeea9d8d12b5944fca49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 30544
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 22:50:21 GMT
server: cloudflare
etag: W/"658dfbad-478e"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucP1eYdNaUSMlLGsOalQD8FX5Z9qPc3kkvJ7FkM%2B8TRv92CyXzTKHECxyMgDgg9tXuzLWDQ0eRhePh%2B%2BHFWHZRRXguUJLT9zE6iaAvRAZWCt1ybPVc8c3WAZVp0T2fI3DIgfb%2BldP%2BXjf%2F0Gd3Li"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9923f58119122-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 22:53:35 GMT

GET
H2 200 common.min.css
static.crisp.help/stylesheets/site/common/ 135 KB
22 KB 44ms
27ms Stylesheet
text/css 2606:4700:20::681a:c2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/stylesheets/site/common/common.min.css?ce10baaefc0eb44a646e2f05da7f425e3

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92bf4ffde56a12351d023ea3e855d3d4a54fe58b979f02412c3c998f84cd6083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 30544
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 22:50:22 GMT
server: cloudflare
etag: W/"658dfbae-21c69"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0I6sLvafNDzNXOobSjnWWwswjR7ae3qiygGa1rAVPbsp3UCOhI3CWztqLkuMahvMSZzntEffpSjvItLFbrSeyiSpN5PngRwK4Qdi1Fmo%2BiMKgc%2BvC%2BBPJMwQ9pqei3sWr2ORcaGspifqg9XcrZA"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9923f58169122-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 22:53:35 GMT

GET
H2 200 home.min.css
static.crisp.help/stylesheets/site/home/ 7 KB
2 KB 41ms
25ms Stylesheet
text/css 2606:4700:20::681a:c2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/stylesheets/site/home/home.min.css?c86de615d0595114f3905c07ec9cc8bdb

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c4f152154e6a050c5e51bad52c058dd7c62d33e88701ca526f405d84cbe9eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 29981
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 22:50:22 GMT
server: cloudflare
etag: W/"658dfbae-1a7a"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoWUTibIiAQS0kLyto7CvpkmmR9%2FsHQzUJ%2BDpH4WrPCNa84VLZvofDQt2aV8DuxChX2IqQWb3uNb%2BvfdTqpBh9CXEWkXeuwP4PmOURhS9HaVgiSejKiNjqoazURP%2BdV2HBBP5CvQ4hJFRCxgalaV"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9923f58189122-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 23:12:28 GMT

GET
H2 200 libs.min.js Show response
static.crisp.help/javascripts/libs/ 42 KB
15 KB 36ms
20ms Script
application/javascript 2606:4700:20::681a:c2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/javascripts/libs/libs.min.js?c08e6e63ad9d06075905c13ff06d001de

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49a59ce7a8c3678a39d3a0b6c69bd141f596923b022432206c81197f461242d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 30544
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 22:50:21 GMT
server: cloudflare
etag: W/"658dfbad-a83c"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fYvl9CjslmbUDk3mRIEvS6MAOQ%2Bljk2O0QAPaXJvA32%2B8ZEmSsSAh9nuYydfdVben8xueXbiSGNzH5P8pxuf527IBeTS6ikzB8BvvOlBVqGyPtSR87JFM9Fe3y0VXzCR8%2B6j9a0fuCWH%2Biz4shwd"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9923f581f9122-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 22:53:35 GMT

GET
H2 200 common.min.js Show response
static.crisp.help/javascripts/site/common/ 12 KB
4 KB 40ms
23ms Script
application/javascript 2606:4700:20::681a:c2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/javascripts/site/common/common.min.js?ccea2a7465408515001e3a9a70bfeeaff

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d931865708f96a8340c7a9ee7c5eaf7472f8c75a023c3d174ea821a81465e631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 30544
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 29 Aug 2023 10:40:00 GMT
server: cloudflare
etag: W/"64edcb00-31e1"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMS%2BR%2B5Et3LX9bmOLgmeyMVQJAZMq2vd0rJeZrG86Ezg2AwEeoMKG0Me6nTi9VpFo89hUtT8NXqtiXoADLw0HszwmI%2FhEseUwV3BlTYyLVlMy0%2BClwAz09STfdJF5B5VnYbo5AITSLkAxlgLJBKQ"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9923f581c9122-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 22:53:35 GMT

GET
H2 200 untitled-design-6_12x73zq.png
storage.crisp.chat/users/helpdesk/website/cc162312e17de000/ 17 KB
17 KB 107ms
83ms Image
image/png 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://storage.crisp.chat/users/helpdesk/website/cc162312e17de000/untitled-design-6_12x73zq.png

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcfde325dd12a40cdb171ec4c28f90c3c2153266aa90087312f44c6d8d97e051

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
content-security-policy: block-all-mixed-content
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-amz-request-id: 17A6C629D42F8E4C
cross-origin-resource-policy: cross-origin
content-disposition: attachment
alt-svc: h3=":443"; ma=86400
content-length: 17149
x-xss-protection: 1; mode=block
x-amz-bucket-region: us-east-1
x-amz-meta-resized: 1
last-modified: Tue, 20 Dec 2022 16:16:19 GMT
server: cloudflare
etag: "5a3ad7d3c8e917d164c2c4770059f9bc-1"
vary: Origin, Accept-Encoding
content-type: image/png
cache-control: public, max-age=315360000
accept-ranges: bytes
cf-ray: 83f9923f6df69b67-FRA
expires: Sat, 31 Dec 2033 07:36:31 GMT

GET
H2 200 site-logo-light_18wdn7h.svg
storage.crisp.chat/users/helpdesk/website/cc162312e17de000/ 11 KB
5 KB 79ms
56ms Image
image/svg+xml 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://storage.crisp.chat/users/helpdesk/website/cc162312e17de000/site-logo-light_18wdn7h.svg

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b7cef5b7d3431c9dc12951d2eaf7eb2b5903d9747282bc85c514e7f90be541

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:31 GMT
content-security-policy: block-all-mixed-content
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
x-amz-request-id: 17A6C629D1DBAF2B
content-encoding: br
cross-origin-resource-policy: cross-origin
content-disposition: attachment
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-amz-bucket-region: us-east-1
last-modified: Tue, 19 Apr 2022 08:31:04 GMT
server: cloudflare
etag: W/"64a71b12566d4f55834bbad308d470c1"
vary: Accept-Encoding, Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=315360000
cf-ray: 83f9923f6df79b67-FRA
expires: Sat, 31 Dec 2033 07:36:31 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 315 KB
102 KB 45ms
24ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d2c0790d27ef6667f83bf0c1c87a86168174a8fd231e1768a1b5316a480e39a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 103833
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Jan 2024 07:36:32 GMT

GET
H2 200 logo-new.png
dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/ 6 KB
7 KB 97ms
97ms Image
image/png 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/logo-new.png

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

1447533f668399339ea2ad5ac9444c0e0cfecf510b03c7823e2c8807a9cee801

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,8714169c64a281b0f6639c99aa614d7461e1538e2463f77238f3027658325722
cf-cache-status: HIT
ki-edge: v=20.2.5;mv=3.0.1
x-content-type-options: nosniff
age: 120047
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-origin: g1p
alt-svc: h3=":443"; ma=86400
content-length: 6384
last-modified: Mon, 02 Jan 2023 05:20:18 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "63b26992-18f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SsmlJBt4J%2Faluuk2Sj0uYVoPq4ln9z4G5FZPGS9fuAC3ga%2BWaFsmR%2BJyXi0tiYu7efvhtRf%2BkH52%2BWrD6BTLb1RljjvYZG%2Fyhy208POKKWzGTGheVRdr7DSCZuN%2Ff42YHlc%2BzROyY0vElg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 83f992417ad92401-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo-new-inverted.png
dutyrefunds.co.uk/blog/wp-content/uploads/2023/03/ 7 KB
8 KB 98ms
98ms Image
image/png 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dutyrefunds.co.uk/blog/wp-content/uploads/2023/03/logo-new-inverted.png

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

60b15cd03dee32d265a7bf3fed6d0b0fe132f9ac1ade5c9f28237ba07d1501c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,36a14e8e3233f00d5fca1bd8163b400f710c2f422d9e127139422359c9f4f498
cf-cache-status: HIT
ki-edge: v=20.2.5;mv=3.0.1
x-content-type-options: nosniff
age: 77478
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
ki-origin: g1p
alt-svc: h3=":443"; ma=86400
content-length: 7536
last-modified: Tue, 28 Mar 2023 08:59:04 GMT
server: nginx/1.18.0 (Ubuntu)
etag: "6422ac58-1d70"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cMbxqzQdV972CQUKjfUIWoraTuFbXoBQeVSX9Dpoj4rPoqClGsonhF%2FDkBhcS4TzDgbisQvG1VQWMTbX6pokrgrb4EPw5kps4vYCWhT%2FU5a39rqafaS%2B3Rz%2FZI%2FMCrz4AFbV9dAbtPxu2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
accept-ranges: bytes
cf-ray: 83f992417d36dd3b-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo-white.svg
dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/ 7 KB
4 KB 90ms
90ms Image
image/svg+xml 143.198.240.73
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dutyrefunds.co.uk/blog/wp-content/uploads/2023/01/logo-white.svg

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.198.240.73 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

762d0f4d4732b529145531ec734b67c91d286365d6cbc1ef3f45debf5aeead8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
ki-cache-tag: a57c309e-3a2d-459f-80c6-a8904c8aca6d,e3676965b4c6a8f0a36bfc4b13ac694fdfe230b50e5132256a6b412810cfce74
cf-cache-status: HIT
ki-edge: v=20.2.5;mv=3.0.1
x-content-type-options: nosniff
age: 710210
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
ki-origin: g1p
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 02 Jan 2023 04:00:16 GMT
server: nginx/1.18.0 (Ubuntu)
etag: W/"63b256d0-1da4"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n2TjZ4ab8d5FDtccBxd63OSB58OeQPCLWQ0mgh%2BW9%2BrlP5iehHOrBnMKjQ0bf1k9UU5QM5AaNrFGfuULi7gxo7Vl01zEK4A7rTnimD%2F%2BljSPiR7ovV1%2BME7tYtBpkbdZboS9Qy6PO70PvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=2592000
ki-cache-type: CDN
cf-ray: 83f992417f7a5311-LHR
ki-cf-cache-status: HIT
x-edge-location-klb: 1
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 15 KB
15 KB 28ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 08:49:59 GMT
x-content-type-options: nosniff
age: 81993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 08:49:59 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ 14 KB
15 KB 30ms
8ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 08:56:37 GMT
x-content-type-options: nosniff
age: 81595
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 08:56:37 GMT

GET
H3 200 graphik_regular.woff2
static.crisp.help/fonts/graphik/latin/ 23 KB
24 KB 67ms
55ms Font
application/font-woff2 2606:4700:20::681a:c2f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.crisp.help/fonts/graphik/latin/graphik_regular.woff2?a9632b9

Requested by

Host: static.crisp.help
URL: https://static.crisp.help/stylesheets/site/common/common.min.css?ce10baaefc0eb44a646e2f05da7f425e3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:c2f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68e651aa80e6bcd72641c3c030c70f1e94199a567de4f0005343ccc464fb6dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.crisp.help/stylesheets/site/common/common.min.css?ce10baaefc0eb44a646e2f05da7f425e3
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 23485
last-modified: Tue, 08 Aug 2023 10:18:26 GMT
server: cloudflare
etag: "64d21672-5bbd"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BnFEURDpwGrw5%2FUzhuJjzMnO5We1bYylqH05F%2BcCuJ5JWERXwAtF0S88G5104vYOtenLQKVsMqhF%2FMxNDSs6TPSOfpymr4ZY%2FdYB1U5CgZJN7EqNsOzneTCjt9C8CIWjNamqmnAJbcof%2Frj6iTXT"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
cf-ray: 83f992418fff8ffe-FRA
access-control-allow-headers: Content-Type, Origin
expires: Thu, 04 Jan 2024 07:36:32 GMT

GET
H2 200 wlpwgwvFAVdoq2_v-6QU.woff2
fonts.gstatic.com/s/lexend/v19/ 39 KB
39 KB 34ms
13ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lexend/v19/wlpwgwvFAVdoq2_v-6QU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lexend:wght@300;400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

212cab2c8f18589ea483920adea5f5d180ab007a4140ad723d931dae89d876e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 01 Jan 2024 20:44:24 GMT
x-content-type-options: nosniff
age: 125528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39808
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:33:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Dec 2024 20:44:24 GMT

GET
DATA 200
OK truncated
/ 389 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98475674c6d2a9db393147c42eced5aad82f5cea318125a407670504c4b84076

Request headers

Referer
Origin: https://dutyrefunds.crisp.help
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 client.js Show response
client.crisp.chat/static/javascripts/ 410 KB
102 KB 26ms
26ms Script
application/javascript 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/javascripts/client.js?7d05ac5

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/l.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62e954e7f697321f4b895db899fb44e6007dc88de65bf76f1df62be9433c4505

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 47227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 24 Aug 2023 11:12:52 GMT
server: cloudflare
etag: W/"64e73b34-6675c"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f992419fdd9b67-FRA
access-control-allow-headers: Content-Type, Origin
expires: Sat, 31 Dec 2033 07:36:32 GMT

GET
H2 200 client_default.css
client.crisp.chat/static/stylesheets/ 355 KB
48 KB 19ms
19ms Stylesheet
text/css 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/stylesheets/client_default.css?7d05ac5

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/l.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87e6c368e97df8a13e383436a405ec83b05c5a052055766a075356c4a20d2fc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 47227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 02 Jan 2024 18:28:29 GMT
server: cloudflare
etag: W/"659455cd-58c0c"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f992419fda9b67-FRA
access-control-allow-headers: Content-Type, Origin
expires: Sat, 31 Dec 2033 07:36:32 GMT

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/ Frame 1E3C 8 KB
3 KB 8ms
7ms Document
text/html 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

095122140e631d527159828db0e9e553e14c7421dbd7c9ef550c0a70ba787d91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 8673
cache-control: max-age=86400
content-encoding: gzip
content-length: 2114
content-type: text/html
date: Wed, 03 Jan 2024 05:12:00 GMT
etag: "bbd26c541b063878dddb6095c1f82221"
last-modified: Mon, 08 May 2023 11:42:24 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-id: CYs8xC1fydbp-5O0wMH6pJ9OR_j3mSoj-LKQxWvkNEFZHkvQ07yVqg==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/ Frame 9A6E 15 KB
4 KB 10ms
10ms Document
text/html 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5d7fffe3a5da465552713233f1edc0d2c323892be14e964cdc4b6423e12fbdba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 44518
cache-control: max-age=86400
content-encoding: gzip
content-length: 3460
content-type: text/html
date: Tue, 02 Jan 2024 19:14:35 GMT
etag: "aa8b1a01ee0848aee02ab9c7adb7cbb7"
last-modified: Mon, 08 May 2023 11:44:28 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-id: 7sJF164Z2TsshiLrobVI2wIJoELOlF1IUDPiRztXEuvmnQMB6x1ZEA==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 index.html Show response
widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/ Frame DBE2 17 KB
4 KB 7ms
7ms Document
text/html 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

57122b576bc6d35f862f873264573c554aac92a913744201c60027b24bd858c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://dutyrefunds.crisp.help/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 44518
cache-control: max-age=86400
content-encoding: gzip
content-length: 3826
content-type: text/html
date: Tue, 02 Jan 2024 19:14:35 GMT
etag: "85b348fabe689b8221b4587943ffab87"
last-modified: Mon, 08 May 2023 11:41:36 GMT
server: AmazonS3
strict-transport-security: max-age=31536000
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-id: M4ZYr7yAWeLwo-QDH5HM7tlmAFxdJvZ_mYI_1tcZMxTDKf3SSIBbWA==
x-amz-cf-pop: FRA56-P4
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/ Frame 1E3C 54 KB
17 KB 14ms
12ms Script
application/x-javascript 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

14c24f4f0c0c27f8dcaf6d2b05cc367d4b600220fe77862ca55691d0d51fc3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 02 Jan 2024 19:34:54 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 43301
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 17138
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:42:26 GMT
server: AmazonS3
etag: "732769f238a36cb44705f2d6a18312ee"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: dgTPeZeqqqSiTvLm0X5O2b_hFUXboGalPgq_PdaMngL20SsQl7KERA==

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/ Frame DBE2 105 KB
30 KB 8ms
8ms Script
application/x-javascript 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bfa7413ead02f2501d66908e896538ccf31a6034ad4942d0a1c94f8bf4b142df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 02 Jan 2024 23:09:44 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 30410
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 29967
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:41:39 GMT
server: AmazonS3
etag: "72eb9245eeaa878c2bf26d4ca8e62238"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: HkqCljOQSp9QQ7D4rJYS9Cjga_KzSr-TkBKEuW-XC-akTsCC2j9kaw==

GET
H2 200 main.js Show response
widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/ Frame 9A6E 110 KB
30 KB 9ms
9ms Script
application/x-javascript 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

054b4907ab66e54705a08be7b98221ecee6ddb9ca32ed83427e11898d33fe18f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 00:08:08 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 26915
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 30555
x-xss-protection: 1; mode=block
last-modified: Mon, 08 May 2023 11:44:30 GMT
server: AmazonS3
etag: "593d59ebf05fd63221df2ecd0882018e"
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
x-amz-cf-id: 9hDa1fuKdc_0OiEYvOJtDEALTHw7vbVR9KyFaiPZ7BYpE4t-921q7Q==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 275 KB
91 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WXBEVDSTPQ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d75e2b3665a00d50ef0392a85ff13a0a2269f74e9c8083590aa1362ae0448c7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92614
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 03 Jan 2024 07:36:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 07:22:25 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 847
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 03 Jan 2024 09:22:25 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10782814670/ 3 KB
2 KB 68ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10782814670/?random=1704267392331&cv=11&fst=1704267392331&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v856076034&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&hn=www.googleadservices.com&frm=0&tiba=FAQ%20%E2%80%93%20Duty%20Refunds&auid=1201910251.1704267392&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e398ed9d94cb9f50b97c358adcb5f43c05e4d817aafbd0a2d1ab82883af7010d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1259
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 64ms
35ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K6DWWTL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 03 Jan 2024 07:36:32 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 52F4E17CA0B0495D8E3CD2A4DD629B65 Ref B: FRAEDGE1916 Ref C: 2024-01-03T07:36:32Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 28ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 03 Jan 2024 07:36:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: RLaALCHBryzkq3HyiPMxzfT7IXbAVgmiy57mZoIC+WuCvLht0uMerEzU3Qqjc/68DZsHFS/AKSUi2Lz4OfPdrA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK track.js Show response
v2.clickguardian.app/ 4 KB
1 KB 78ms
19ms Script
application/javascript 2a03:b0c0:1:e0::2c8:7001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://v2.clickguardian.app/track.js
Requested by: Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a03:b0c0:1:e0::2c8:7001 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: dcdf62f54440f8c224dcdfb6453c53106600c573d3cb5e4c0ba0d1cafcda3edc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Wed, 03 Jan 2024 07:36:32 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Jan 2020 14:59:56 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: W/"5e25c06c-e6d"
Transfer-Encoding: chunked
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 539adbd6dec7e10e686debee Show response
widget.trustpilot.com/trustbox-data/ Frame DBE2 12 KB
4 KB 88ms
88ms XHR
application/json 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/539adbd6dec7e10e686debee?businessUnitId=61fac7c38540f1c6e766937f&locale=en-GB&reviewLanguages=en&reviewStars=1%2C2%2C3%2C4%2C5&reviewsPerPage=20

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

c9d82a69532887744c71b6279fc5360d50db265a13690105e4a09615e7469948

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 07:36:31 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
etag: "142466a0997026a72100fde884fa2c5d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
x-amz-cf-id: ppheMo9SoIJPdyG4-tNIENavJwMx_8zeU-V8K4f1FlqrjICPMHFnAQ==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame DBE2 0
323 B 36ms
36ms XHR
text/plain 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=500px&styleWidth=100%25&theme=light&stars=1%2C2%2C3%2C4%2C5&reviewLanguages=en&fontFamily=Source%20Sans%20Pro&textColor=%23323232&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.129%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=539adbd6dec7e10e686debee

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: i9fDFxT-UDQAGlhFYDuSAvIFmXBjGKEmDRehEKBoHYm-iLmE2r99FA==
x-xss-protection: 1; mode=block

GET
H2 200 5419b637fa0340045cd0c936 Show response
widget.trustpilot.com/trustbox-data/ Frame 1E3C 941 B
854 B 74ms
74ms XHR
application/json 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/5419b637fa0340045cd0c936?businessUnitId=61fac7c38540f1c6e766937f&locale=en-GB

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

29c484793f640a4f446909b7595316c34c042311b5efa4aef77a34dfe77f4aea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 07:36:31 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
etag: "69c9041ff4535237d8839723f9f837ee"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
content-length: 426
x-xss-protection: 1; mode=block
x-amz-cf-id: hTu5SMSwHCvtsPxd3x4rQfqlinCEszAPJev-EKUprm_dLCGFv0Al7w==

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame 1E3C 0
323 B 36ms
36ms XHR
text/plain 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=20px&styleWidth=100%25&theme=light&fontFamily=Source%20Sans%20Pro&textColor=%23021873&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.129%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=5419b637fa0340045cd0c936

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: ZKkcyTe43PMCj_zTYomK2U15ky90M8UAQME-0ZKU5qvobUPOgZQBNw==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame 1E3C 0
321 B 34ms
34ms XHR
text/plain 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=20px&styleWidth=100%25&theme=light&fontFamily=Source%20Sans%20Pro&textColor=%23021873&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.129%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=5419b637fa0340045cd0c936

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: 0VKUQlsm8MrDaBGsBFW2JSN23auy3haWh-q366sBeuJCxPYRNloYcQ==
x-xss-protection: 1; mode=block

GET
H2 200 539ad0ffdec7e10e686debd7 Show response
widget.trustpilot.com/trustbox-data/ Frame 9A6E 4 KB
2 KB 76ms
75ms XHR
application/json 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/trustbox-data/539ad0ffdec7e10e686debd7?businessUnitId=61fac7c38540f1c6e766937f&locale=en-GB&reviewLanguages=en&reviewStars=1%2C2%2C3%2C4%2C5&reviewsPerPage=6

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

071c4a1ed60295707b210d581e805e5f6f0a0484117e1c8dfd4f599a69a76bbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 03 Jan 2024 07:36:32 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
etag: "e37cd92bd874bfe6958fe24b6d82cec1"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/json; charset=utf-8
cache-control: public,max-age=1800
content-length: 1301
x-xss-protection: 1; mode=block
x-amz-cf-id: 3T-S6sUghzllaAxjvil7ydpsG7W4-xBnmmrYkh7sMjz_bsNWTEuXnA==

GET
H2 204 TrustboxImpression Show response
widget.trustpilot.com/stats/ Frame 9A6E 0
323 B 44ms
44ms XHR
text/plain 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=300px&styleWidth=100%25&theme=light&stars=1%2C2%2C3%2C4%2C5&reviewLanguages=en&fontFamily=Source%20Sans%20Pro&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.129%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=539ad0ffdec7e10e686debd7

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: _WJNdKEZm01FHf31CJNu82wMnhTSysJ4VC7RI3DC4dy6Ij558k9Czw==
x-xss-protection: 1; mode=block

GET
H2 204 TrustboxView Show response
widget.trustpilot.com/stats/ Frame 9A6E 0
322 B 35ms
35ms XHR
text/plain 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=300px&styleWidth=100%25&theme=light&stars=1%2C2%2C3%2C4%2C5&reviewLanguages=en&fontFamily=Source%20Sans%20Pro&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.129%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=61fac7c38540f1c6e766937f&widgetId=539ad0ffdec7e10e686debd7

Requested by

Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.71 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-71.fra56.r.cloudfront.net

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:31 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
server: Kestrel
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
cache-control: no-store,no-cache
x-amz-cf-id: _MD4chq40ZtZwmkaMD5qRsDuAvH4w49CmnYY7yESAAaJ8tuPHs5Elw==
x-xss-protection: 1; mode=block

GET
H3 200 / Show response
client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/prelude/ 212 B
541 B 62ms
62ms Script
application/javascript 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/prelude/?callback=window.%24__CRISP_INSTANCE.__spool.website_handler&2024-0-3-8-36

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?7d05ac5

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a75605ad391b69e408032fd01a05af2bb42cd61bb845ccaa61f36be0274a966f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 03 Jan 2024 07:36:32 GMT
server: cloudflare
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f992423b9918f1-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 11:36:32 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
214 B 16ms
15ms XHR
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1339831344&t=pageview&_s=1&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dp=%2Fen%2F&ul=en-us&de=UTF-8&dt=FAQ%20%E2%80%93%20Duty%20Refunds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACgCI~&jid=266774035&gjid=2072234102&cid=516437284.1704267392&tid=UA-209040626-1&_gid=1231727667.1704267392&_r=1&_slc=1&gtm=45He3bt0n81K6DWWTLv856076034&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1440741454

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://dutyrefunds.crisp.help/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
259 B 35ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-WXBEVDSTPQ&gtm=45je3bt0v880127104z8856076034&_p=1704267392212&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=516437284.1704267392&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704267392&sct=1&seg=0&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dt=FAQ%20%E2%80%93%20Duty%20Refunds&en=page_view&_fv=1&_ss=1&tfd=673
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WXBEVDSTPQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 64ms
21ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WXBEVDSTPQ&cid=516437284.1704267392&gtm=45je3bt0v880127104z8856076034&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WXBEVDSTPQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 39ms
17ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-WXBEVDSTPQ&cid=516437284.1704267392&gtm=45je3bt0v880127104z8856076034&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1346160026

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
354 B 61ms
20ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-209040626-1&cid=516437284.1704267392&jid=266774035&gjid=2072234102&_gid=1231727667.1704267392&_u=YEBAAEAAAAAAACgCI~&z=1759797816

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://dutyrefunds.crisp.help/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 03 Jan 2024 07:36:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://dutyrefunds.crisp.help
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 611817430022152 Show response
connect.facebook.net/signals/config/ 131 KB
34 KB 68ms
68ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/611817430022152?v=2.9.138&r=stable&domain=dutyrefunds.crisp.help

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

28e8644a3a8cf12fcb328ea5ee8eaff73ef933160e324f58dadea440ec01af32

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 03 Jan 2024 07:36:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: k1BPXQtVYzAkMICZq+oWhNEtwUt1n43xm56h9VXqfjxhl5TP5kNSr0xzosDwMM+niXx8v7M5/sQ0KqcbntsmgQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10782814670/ 42 B
455 B 43ms
19ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10782814670/?random=1704267392331&cv=11&fst=1704265200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v856076034&u_w=1600&u_h=1200&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&frm=0&tiba=FAQ%20%E2%80%93%20Duty%20Refunds&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_MqnjhBBa-HCk3wTRyjoXPsH1lEF8eg&random=3135704489&rmt_tld=0&ipr=y

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10782814670/ 42 B
154 B 26ms
18ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10782814670/?random=1704267392331&cv=11&fst=1704265200000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v856076034&u_w=1600&u_h=1200&url=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&frm=0&tiba=FAQ%20%E2%80%93%20Duty%20Refunds&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_MqnjhBBa-HCk3wTRyjoXPsH1lEF8eg&random=3135704489&rmt_tld=1&ipr=y

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 137024189.js Show response
bat.bing.com/p/action/ 0
116 B 29ms
29ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/137024189.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 03 Jan 2024 07:36:32 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 18D26D07A9BE499995583D68F41C3A80 Ref B: FRAEDGE1916 Ref C: 2024-01-03T07:36:32Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 74ms
74ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=137024189&tm=gtm002&Ver=2&mid=07eda21a-c23e-4d0b-a9b4-0ca3d5a89ae2&sid=d0c61080aa0a11ee90f6e33cb37ae69b&vid=d0c62c90aa0a11eeb2ae1d010f46db2a&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=FAQ%20%E2%80%93%20Duty%20Refunds&p=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&r=&lt=515&evt=pageLoad&sv=1&rn=456618

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 03 Jan 2024 07:36:32 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C8EFF812DFEE41648C5C80AE85B56E14 Ref B: FRAEDGE1916 Ref C: 2024-01-03T07:36:32Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fingerprint2.min.js Show response
cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/ 29 KB
10 KB 31ms
16ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.min.js

Requested by

Host: v2.clickguardian.app
URL: https://v2.clickguardian.app/track.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bf52e1f92ce9ea93f33025943d00dbfe5e73ff1c8ddc1507aee8ac82d34dc0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:32 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 3122840
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 9392
last-modified: Mon, 04 May 2020 16:10:04 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5c-72e4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJsEj0FNsOOrjZEI6y6qL4o6tNFKytfuUp46qibPB9A1hC0bd0ZVzJeAhSqopojsR%2BcnZcLHGysKpnavslq0XFwWC3b6zE7XTHl1bk8GIhMy6nBncHHtYfRmY9ClsO8uRZru7Pal31IPaBe477%2BOL8QL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 83f99242bc7e085c-FRA
expires: Mon, 23 Dec 2024 07:36:32 GMT

GET
H2 200 source-sans-pro.css
widget.trustpilot.com/fonts/ Frame 1E3C 4 KB
5 KB 7ms
7ms Stylesheet
text/css 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/5419b637fa0340045cd0c936/index.html?templateId=5419b637fa0340045cd0c936&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 06:05:28 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 5465
x-amz-server-side-encryption: AES256
etag: "cb285521e9837805ec47e63705ee80c2"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4518
x-amz-cf-id: AYWFDki_ncoCbyzPhuopjNf5iAsk_nPQhRvCAcucAzVrJdaLOY8iog==

GET
H2 200 source-sans-pro.css
widget.trustpilot.com/fonts/ Frame 9A6E 4 KB
5 KB 8ms
8ms Stylesheet
text/css 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 06:05:28 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 5465
x-amz-server-side-encryption: AES256
etag: "cb285521e9837805ec47e63705ee80c2"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4518
x-amz-cf-id: GwUVzIic3soyVEe7O8imo1AwcGorkE3_kApIFKrHMGb48S6HDu-mKA==

GET
H2 200 source-sans-pro.css
widget.trustpilot.com/fonts/ Frame DBE2 4 KB
5 KB 7ms
7ms Stylesheet
text/css 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://widget.trustpilot.com/trustboxes/539adbd6dec7e10e686debee/index.html?templateId=539adbd6dec7e10e686debee&businessunitId=61fac7c38540f1c6e766937f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 06:05:28 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
last-modified: Mon, 03 Oct 2022 14:37:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 5465
x-amz-server-side-encryption: AES256
etag: "cb285521e9837805ec47e63705ee80c2"
x-cache: Hit from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 4518
x-amz-cf-id: wH62y9xrtXi2Gle_1CfH85zdsj5ara8eNUYIufIy60cinWPTebLlcg==

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
widget.trustpilot.com/fonts/source-sans-pro/ Frame 1E3C 13 KB
13 KB 9ms
9ms Font
binary/octet-stream 52.222.236.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.trustpilot.com/fonts/source-sans-pro/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by: Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/fonts/source-sans-pro.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-71.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Request headers

Referer: https://widget.trustpilot.com/fonts/source-sans-pro.css
Origin: https://widget.trustpilot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 02:36:50 GMT
via: 1.1 387adc951beb5181d840dfb5d1f09488.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 17992
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 13036
last-modified: Thu, 29 Sep 2022 09:41:54 GMT
server: AmazonS3
etag: "0ad032b3d07aaf33b160ac4799dda40f"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: binary/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
x-amz-cf-id: k4-3shjlo2f47q--sozNTe2Lmu_dsJ5CF0gT2d-9HVvApZSyFklXhg==

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 19ms
18ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-209040626-1&cid=516437284.1704267392&jid=266774035&_u=YEBAAEAAAAAAACgCI~&z=767515261

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
17ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-209040626-1&cid=516437284.1704267392&jid=266774035&_u=YEBAAEAAAAAAACgCI~&z=767515261

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Jan 2024 07:36:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 28ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=611817430022152&ev=PageView&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&rl=&if=false&ts=1704267392522&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1704267392521.2008397936&ler=empty&it=1704267392405&coo=false&rqm=GET

Requested by

Host: dutyrefunds.crisp.help
URL: https://dutyrefunds.crisp.help/en/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 03 Jan 2024 07:36:32 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H/1.1 200
OK tracking Show response
v2.clickguardian.app/ 0
316 B 196ms
152ms XHR
text/html 2a03:b0c0:1:e0::2c8:7001
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://v2.clickguardian.app/tracking
Requested by: Host: v2.clickguardian.app
URL: https://v2.clickguardian.app/track.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a03:b0c0:1:e0::2c8:7001 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://dutyrefunds.crisp.help/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 03 Jan 2024 07:36:32 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 6ms
6ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1339831344&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dp=%2Fen%2F&ul=en-us&de=UTF-8&dt=FAQ%20%E2%80%93%20Duty%20Refunds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=10%25&el=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&_u=aEDAAEABAAAAACgCIAC~&jid=&gjid=&cid=516437284.1704267392&tid=UA-209040626-1&_gid=1231727667.1704267392&gtm=45He3bt0n81K6DWWTLv856076034&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=89471222

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 Jan 2024 22:09:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34040
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1339831344&t=event&ni=1&_s=1&dl=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&dp=%2Fen%2F&ul=en-us&de=UTF-8&dt=FAQ%20%E2%80%93%20Duty%20Refunds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=25%25&el=https%3A%2F%2Fdutyrefunds.crisp.help%2Fen%2F&_u=aEDAAEABAAAAACgCIAC~&jid=&gjid=&cid=516437284.1704267392&tid=UA-209040626-1&_gid=1231727667.1704267392&gtm=45He3bt0n81K6DWWTLv856076034&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=704189354

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 02 Jan 2024 22:09:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 34040
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/ 2 KB
1 KB 65ms
65ms Script
application/javascript 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/settings/website/50b775b2-f69b-4d2f-a529-ab4e10bfc86e/?callback=window.%24__CRISP_INSTANCE.__spool.website_handler&1701798101531

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?7d05ac5

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88ccc4c211ea88126e043fcf450ef0a3ef49bda59140789401a52d63096b15e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: EXPIRED
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 03 Jan 2024 01:50:35 GMT
server: cloudflare
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=14400
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9924aaa8318f1-FRA
access-control-allow-headers: Content-Type, Origin
expires: Wed, 03 Jan 2024 11:36:33 GMT

GET
H3 200 en.js Show response
client.crisp.chat/static/javascripts/locales/ 7 KB
3 KB 21ms
21ms Script
application/javascript 2606:4700:4400::6812:22b5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client.crisp.chat/static/javascripts/locales/en.js?7d05ac5

Requested by

Host: client.crisp.chat
URL: https://client.crisp.chat/static/javascripts/client.js?7d05ac5

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::6812:22b5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e9bb5915da0c16656a3c92f71ab64515782fe5c1faeb7e6c3641b3cb58c1d6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dutyrefunds.crisp.help/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 07:36:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 47220
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 08 Aug 2023 12:01:16 GMT
server: cloudflare
etag: W/"64d22e8c-1c34"
access-control-max-age: 300
access-control-allow-methods: HEAD, GET, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=315360000
access-control-allow-credentials: false
vary: Accept-Encoding
cf-ray: 83f9924b1adc18f1-FRA
access-control-allow-headers: Content-Type, Origin
expires: Sat, 31 Dec 2033 07:36:33 GMT

GET
DATA 200
OK truncated
/ 881 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c8faba32cf813d34a373a7528d2446d0f2b061f8dd6900391af20ac718f69bd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.crisp.help/	1970-01-20 19:34:03	Name: _gcl_au Value: 1.1.1201910251.1704267392
.crisp.help/	1970-01-20 17:25:53	Name: _gid Value: GA1.2.1231727667.1704267392
.crisp.help/	1970-01-20 17:24:27	Name: _gat_UA-209040626-1 Value: 1
.crisp.help/	1970-01-21 03:00:27	Name: _ga_WXBEVDSTPQ Value: GS1.1.1704267392.1.0.1704267392.60.0.0
.doubleclick.net/	1970-01-20 17:24:28	Name: test_cookie Value: CheckForPermission
.crisp.help/	1970-01-20 17:25:53	Name: _uetsid Value: d0c61080aa0a11ee90f6e33cb37ae69b
.crisp.help/	1970-01-21 02:46:03	Name: _uetvid Value: d0c62c90aa0a11eeb2ae1d010f46db2a
.bing.com/	1970-01-21 02:46:03	Name: MUID Value: 266798D80167643B245A8B2300676568
.crisp.help/	1970-01-20 19:34:03	Name: _fbp Value: fb.1.1704267392521.2008397936
.crisp.help/	1970-01-21 03:00:27	Name: _ga Value: GA1.2.516437284.1704267392
.crisp.help/	1970-01-20 21:47:15	Name: crisp-client%2Fsession%2F50b775b2-f69b-4d2f-a529-ab4e10bfc86e Value: session_2af6800b-01fe-4315-922a-4be789621c13

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
cdnjs.cloudflare.com
client.crisp.chat
code.jquery.com
connect.facebook.net
dutyrefunds.co.uk
dutyrefunds.crisp.help
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
region1.analytics.google.com
static.crisp.help
stats.g.doubleclick.net
storage.crisp.chat
v2.clickguardian.app
widget.trustpilot.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
143.198.240.73
2001:4860:4802:34::36
2606:4700:20::681a:c2f
2606:4700:4400::6812:22b5
2606:4700:90:0:8fa5:a1b5:8782:d1e
2606:4700::6811:180e
2620:1ec:c11::200
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:813::200e
2a00:1450:4001:827::2003
2a00:1450:4001:829::2003
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200a
2a00:1450:400c:c00::9d
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a03:b0c0:1:e0::2c8:7001
2a04:4e42:200::649
52.222.236.71
02e5bf47b2473c1da7a39a25b14f0f5d9857142842d33def047e492f9f610cb9
054b4907ab66e54705a08be7b98221ecee6ddb9ca32ed83427e11898d33fe18f
071c4a1ed60295707b210d581e805e5f6f0a0484117e1c8dfd4f599a69a76bbf
095122140e631d527159828db0e9e553e14c7421dbd7c9ef550c0a70ba787d91
1447533f668399339ea2ad5ac9444c0e0cfecf510b03c7823e2c8807a9cee801
14c24f4f0c0c27f8dcaf6d2b05cc367d4b600220fe77862ca55691d0d51fc3b2
1f09916064221faa8b8e70d9f73d8ddba1cf8cff9a23c362636012ace21d0a60
212cab2c8f18589ea483920adea5f5d180ab007a4140ad723d931dae89d876e5
264b651f2b60176a30cb9cb66c29459ee762e0a19d96eeea9d8d12b5944fca49
28e8644a3a8cf12fcb328ea5ee8eaff73ef933160e324f58dadea440ec01af32
29c484793f640a4f446909b7595316c34c042311b5efa4aef77a34dfe77f4aea
3b8f035379750a0058e8b9a351f27979854c7ab0691cc6695091d60f5940988d
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
49a59ce7a8c3678a39d3a0b6c69bd141f596923b022432206c81197f461242d2
4bf52e1f92ce9ea93f33025943d00dbfe5e73ff1c8ddc1507aee8ac82d34dc0f
4e9bb5915da0c16656a3c92f71ab64515782fe5c1faeb7e6c3641b3cb58c1d6d
57122b576bc6d35f862f873264573c554aac92a913744201c60027b24bd858c0
5c4f152154e6a050c5e51bad52c058dd7c62d33e88701ca526f405d84cbe9eff
5d7fffe3a5da465552713233f1edc0d2c323892be14e964cdc4b6423e12fbdba
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
60b15cd03dee32d265a7bf3fed6d0b0fe132f9ac1ade5c9f28237ba07d1501c1
62e954e7f697321f4b895db899fb44e6007dc88de65bf76f1df62be9433c4505
6698f19fe1b63dfb7ed6524cb435feb18430630e67d886d4b850761e38f8c38a
68e651aa80e6bcd72641c3c030c70f1e94199a567de4f0005343ccc464fb6dcb
73b7cef5b7d3431c9dc12951d2eaf7eb2b5903d9747282bc85c514e7f90be541
762d0f4d4732b529145531ec734b67c91d286365d6cbc1ef3f45debf5aeead8a
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87e6c368e97df8a13e383436a405ec83b05c5a052055766a075356c4a20d2fc2
88ccc4c211ea88126e043fcf450ef0a3ef49bda59140789401a52d63096b15e8
92bf4ffde56a12351d023ea3e855d3d4a54fe58b979f02412c3c998f84cd6083
98475674c6d2a9db393147c42eced5aad82f5cea318125a407670504c4b84076
9c8faba32cf813d34a373a7528d2446d0f2b061f8dd6900391af20ac718f69bd
a75605ad391b69e408032fd01a05af2bb42cd61bb845ccaa61f36be0274a966f
ae7406b114669428b9a0b02171f6968f11375b3602f41cc657def6fca0683832
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bcfde325dd12a40cdb171ec4c28f90c3c2153266aa90087312f44c6d8d97e051
bfa7413ead02f2501d66908e896538ccf31a6034ad4942d0a1c94f8bf4b142df
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c9d82a69532887744c71b6279fc5360d50db265a13690105e4a09615e7469948
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
d2c0790d27ef6667f83bf0c1c87a86168174a8fd231e1768a1b5316a480e39a4
d5f26825e53902152c63182a0d0da702e77f7813d3c84fa878d1b0a8066d408f
d75e2b3665a00d50ef0392a85ff13a0a2269f74e9c8083590aa1362ae0448c7d
d931865708f96a8340c7a9ee7c5eaf7472f8c75a023c3d174ea821a81465e631
dbd346a85e19634d49511ef92f39fff27ac92abd6878851e5a60d12086b1fb66
dcdf62f54440f8c224dcdfb6453c53106600c573d3cb5e4c0ba0d1cafcda3edc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e398ed9d94cb9f50b97c358adcb5f43c05e4d817aafbd0a2d1ab82883af7010d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecfc48ab5315e179e1948be2aecc95b3afc29ae1413a2024abb9b1706df9ff0f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

dutyrefunds.crisp.help Open in urlscan Pro 2606:4700:90:0:8fa5:a1b5:8782:d1e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

69 Requests

100 %HTTPS

90 %IPv6

17 Domains

21 Subdomains

21 IPs

4 Countries

867 kBTransfer

2834 kBSize

11 Cookies

24 Outgoing links

Page URL History

Redirected requests

69 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dutyrefunds.crisp.help Open in urlscan Pro
2606:4700:90:0:8fa5:a1b5:8782:d1e Public Scan

Screenshot
Live screenshot

Full Image

69
Requests

100 %
HTTPS

90 %
IPv6

17
Domains

21
Subdomains

21
IPs

4
Countries

867 kB
Transfer

2834 kB
Size

11
Cookies

69 HTTP transactions
2 data transactions