urlscan.io logo urlscan.io
SecurityTrails logo

ms-qa.vestwell.com Open in urlscan Pro
184.72.226.82  Public Scan

Go To Rescan Add Verdict Report
URL: https://ms-qa.vestwell.com/
Submission: On June 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 184.72.226.82, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is ms-qa.vestwell.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on June 7th 2024. Valid for: a year.
This is the only time ms-qa.vestwell.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 184.72.226.82 14618 (AMAZON-AES)
1 13.32.27.35 16509 (AMAZON-02)
1 107.22.30.209 14618 (AMAZON-AES)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:200... 54113 (FASTLY)
1 2a00:1450:400... 15169 (GOOGLE)
18 6
11    184.72.226.82 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-184-72-226-82.compute-1.amazonaws.com
ms-qa.vestwell.com
1    13.32.27.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-35.fra56.r.cloudfront.net
cdn.heapanalytics.com
1    107.22.30.209 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-30-209.compute-1.amazonaws.com
heapanalytics.com
3    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
11 vestwell.com
ms-qa.vestwell.com
1 MB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 70
2 KB
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 2413
heapanalytics.com — Cisco Umbrella Rank: 2037
41 KB
1 gstatic.com
fonts.gstatic.com
31 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 354
5 KB
18 5
Domain Requested by
11 ms-qa.vestwell.com ms-qa.vestwell.com
3 fonts.googleapis.com ms-qa.vestwell.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdn.jsdelivr.net ms-qa.vestwell.com
1 heapanalytics.com ms-qa.vestwell.com
1 cdn.heapanalytics.com ms-qa.vestwell.com
18 6

This site contains no links.

Subject Issuer Validity Valid
portal-nginx.ms.ue1.vestwell.com
Amazon RSA 2048 M03		 2024-06-07 -
2025-07-06		 a year crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M02		 2024-05-29 -
2025-06-26		 a year crt.sh
heapanalytics.com
Amazon RSA 2048 M02		 2023-11-09 -
2024-12-08		 a year crt.sh
upload.video.google.com
WR2		 2024-05-21 -
2024-08-13		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
*.gstatic.com
WR2		 2024-05-21 -
2024-08-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ms-qa.vestwell.com/
Frame ID: 854FE3C6B5708D44C61BE3CA1F065F3D
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In / Vestwell

Detected technologies

Overall confidence: 100%
Detected patterns
  • heap-\d+\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

18
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

1469 kB
Transfer

4379 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ms-qa.vestwell.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b9904b05f021c5ba3a694e1c33a37bf9e671a737613ec276d9738bc7c00cb164
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-cache no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1226
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
content-type
text/html; charset=utf-8
date
Sat, 08 Jun 2024 07:33:52 GMT
etag
"6660b14c-4ca"
expires
Thu, 01 Jan 1970 00:00:01 GMT
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
x-forwarded-proto
https
x-frame-options
deny
x-xss-protection
1; mode=block
runtime.6086735f.js
ms-qa.vestwell.com/auth/static/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/auth/static/js/runtime.6086735f.js
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f0dce51209cd05ed73e5f7ff381c5844b031537cec131bd6cecd85d414141c42
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
1268
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
server
nginx
etag
"6660b14c-4f4"
x-frame-options
deny
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Sun, 09 Jun 2024 07:33:52 GMT
shared.f4e8f858.js
ms-qa.vestwell.com/auth/static/js/ 		4 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/auth/static/js/shared.f4e8f858.js
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
26397a3a1570fa9133d1b800e7ae462faac63b460c038db70d6030bf482abf57
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
1244801
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
server
nginx
etag
"6660b14c-12fe81"
x-frame-options
deny
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Sun, 09 Jun 2024 07:33:52 GMT
main.b0e778cc.js
ms-qa.vestwell.com/auth/static/js/ 		244 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/auth/static/js/main.b0e778cc.js
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4f4f594f72ab6e08310adc2670f681531516acb59e5aa2e722cc63417c250592
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
57832
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
server
nginx
etag
"6660b14c-e1e8"
x-frame-options
deny
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Sun, 09 Jun 2024 07:33:52 GMT
shared.78028192786ec519c524.css
ms-qa.vestwell.com/auth/static/css/ 		33 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/auth/static/css/shared.78028192786ec519c524.css
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
999cb59325247147fd2b07c3b4b95965888cd250a8673ffeac87f9fcdd2155f8
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
8031
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
server
nginx
etag
"6660b14c-1f5f"
x-frame-options
deny
content-type
text/css
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Sun, 09 Jun 2024 07:33:52 GMT
main.78028192786ec519c524.css
ms-qa.vestwell.com/auth/static/css/ 		125 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/auth/static/css/main.78028192786ec519c524.css
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dbb7c6e0d2b3067e00a53e76fd774d5f959b1c8234b4ad16e7f5d99f346a3b9e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
28082
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
server
nginx
etag
"6660b14c-6db2"
x-frame-options
deny
content-type
text/css
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Sun, 09 Jun 2024 07:33:52 GMT
heap-1418109408.js
cdn.heapanalytics.com/js/ 		128 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-1418109408.js
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-35.fra56.r.cloudfront.net
Software
nginx / Express
Resource Hash
17ad95a367a0dcf55ff0dea416a93b8487d9542765b325b6d453f2155d0a4799
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:23 GMT
content-encoding
br
via
1.1 cbe141923b7469a299306144733821c2.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
FRA56-C2
age
29
x-powered-by
Express
etag
W/"200e0-2x17K1FMyXcEsfD3Nnzc8tfdJ+Q"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
QDmYfvSp_1XouKBKVQajLDKR7qXehxvsnklLXyMDb4PKNV0PPA6SNQ==
h
heapanalytics.com/ 		37 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=1418109408&u=322950505328263&v=1305178548311276&s=3771326211571723&b=web&tv=4.0&z=0&h=%2F&d=ms-qa.vestwell.com&ts=1717832032531&ubv=125.0.6422.141&upv=10.0.0&sch=1200&scw=1600&st=1717832032533
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.30.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-30-209.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 08 Jun 2024 07:33:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
css
fonts.googleapis.com/ 		9 KB
796 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito+Sans:400,600,700,800&display=swap
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/auth/static/css/main.78028192786ec519c524.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8a00d3bd471fc57d509d1db38cf64fd31e8de3af1d0a5e6b164968f4675e6cba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 08 Jun 2024 07:25:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 08 Jun 2024 07:33:52 GMT
css
fonts.googleapis.com/ 		1 KB
894 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Serif:400&display=swap
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/auth/static/css/main.78028192786ec519c524.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1aeeab09b8d840c5a773865010257d515f2428df229eb53e1efe2106ca852d0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 08 Jun 2024 07:33:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 08 Jun 2024 07:33:52 GMT
css
fonts.googleapis.com/ 		2 KB
672 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Mono:400&display=swap
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/auth/static/css/main.78028192786ec519c524.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6356b4d88d6f53df4e5e9e3afbc0122d0b2ff6aa696bcbdea1930b5b54dcbced
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 08 Jun 2024 07:33:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 08 Jun 2024 07:33:52 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 08 Jun 2024 07:33:52 GMT
swiper-bundle.min.css
cdn.jsdelivr.net/npm/swiper@8/ 		16 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/auth/static/css/main.78028192786ec519c524.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
322d15d99efb792c941a5202fa8fc7ee9e932847227383ff9605163338a08eac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 08 Jun 2024 07:33:52 GMT
x-content-type-options
nosniff
content-encoding
br
age
4357
x-jsd-version
8.4.7
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4878
x-served-by
cache-fra-eddf8230155-FRA, cache-cph2320051-CPH
x-jsd-version-type
version
etag
W/"406d-rwCOh5O6dcNGNg6U6W482jFM4n8"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
whitelabel
ms-qa.vestwell.com/api/ 		4 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/api/whitelabel
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/auth/static/js/shared.f4e8f858.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dd2b65fb9c7bed579c10ef2864e82bb5f1aa99c10f79ea46df133f404ca1dd9f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, deny
X-Xss-Protection 0, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
x-permitted-cross-domain-policies
none
content-security-policy-report-only
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-forwarded-proto
https
content-length
3587
x-xss-protection
0, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-frame-options
SAMEORIGIN, deny
x-ratelimit-remaining
99
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate
x-ratelimit-reset
0
x-ratelimit-limit
100
favicon.ico
ms-qa.vestwell.com/ 		3 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b9904b05f021c5ba3a694e1c33a37bf9e671a737613ec276d9738bc7c00cb164
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
1226
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jun 2024 18:41:16 GMT
server
nginx
etag
"6660b14c-4ca"
x-frame-options
deny
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:01 GMT
vestwell.webp
ms-qa.vestwell.com/images/banners/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ms-qa.vestwell.com/images/banners/vestwell.webp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
81c98ba7deee55d71e69a6cf1a554500f43e46cd727e76c60b0394e787ce2197

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:53 GMT
x-amz-version-id
yQ33_QcO4Lh9iD5IRInH5_5XbLsakGSD
last-modified
Tue, 04 Jun 2024 18:10:06 GMT
server
nginx
etag
"d87fe2478d75e65adb585e3a617e5ca7"
x-amz-server-side-encryption
AES256
content-type
image/webp
cache-control
max-age=315360000, public, max-age=3600
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
56488
expires
Thu, 31 Dec 2037 23:55:55 GMT
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:400,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://fonts.googleapis.com/
Origin
https://ms-qa.vestwell.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 07 Jun 2024 16:32:42 GMT
x-content-type-options
nosniff
age
54071
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 07 Jun 2025 16:32:42 GMT
whitelabel
ms-qa.vestwell.com/api/ 		4 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/api/whitelabel
Requested by
Host: ms-qa.vestwell.com
URL: https://ms-qa.vestwell.com/auth/static/js/shared.f4e8f858.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dd2b65fb9c7bed579c10ef2864e82bb5f1aa99c10f79ea46df133f404ca1dd9f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, deny
X-Xss-Protection 0, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
x-permitted-cross-domain-policies
none
content-security-policy-report-only
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-forwarded-proto
https
content-length
3587
x-xss-protection
0, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-frame-options
SAMEORIGIN, deny
x-ratelimit-remaining
99
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate
x-ratelimit-reset
0
x-ratelimit-limit
100
connect.ico
ms-qa.vestwell.com/images/favicons/ 		606 B
900 B 		Other
General
Check archive.org
Download Go to
Full URL
https://ms-qa.vestwell.com/images/favicons/connect.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.72.226.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-72-226-82.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2529d48b75a5f3a70393d6c50668c345867da97ee458e0ef652af4509cc62869

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ms-qa.vestwell.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 08 Jun 2024 07:33:53 GMT
x-amz-version-id
Lku3fBeJDQtK3yFLgCS9G118fViuWdzz
last-modified
Tue, 04 Jun 2024 18:10:31 GMT
server
nginx
etag
"547014b41511c843b9f10a09b6ba3d63"
x-amz-server-side-encryption
AES256
content-type
image/vnd.microsoft.icon
cache-control
public, max-age=3600
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
606

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| heap object| webpackChunk_vestwell_frontend_auth string| __reactRouterVersion function| _

3 Cookies

Domain/Path Name / Value
.vestwell.com/ Name: _hp2_id.1418109408
Value: %7B%22userId%22%3A%22322950505328263%22%2C%22pageviewId%22%3A%221305178548311276%22%2C%22sessionId%22%3A%223771326211571723%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.vestwell.com/ Name: _hp2_ses_props.1418109408
Value: %7B%22ts%22%3A1717832032531%2C%22d%22%3A%22ms-qa.vestwell.com%22%2C%22h%22%3A%22%2F%22%7D
.vestwell.com/ Name: Session
Value: 5fsHqiQDOupdZWs2IG7jbU712UzOSt3%2F5KtxA1UJ4IQbd2kN0lwaoOwTgeOynAWU%2FzGoBr5e8IlgG46oELygBulbBmEuJ1AA0uhQkd69Xb1%2FoChiMovK5Sh%2B.qMsGkmxI9Kx4EA3cY3s5uYLXXGJQs2IC

3 Console Messages

Source Level URL
Text
network error URL: https://ms-qa.vestwell.com/auth/static/js/shared.f4e8f858.js(Line 1)
Message:
WebSocket connection to 'wss://ms-qa.vestwell.com/hermes/?EIO=4&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 200
network error URL: https://ms-qa.vestwell.com/auth/static/js/shared.f4e8f858.js(Line 1)
Message:
WebSocket connection to 'wss://ms-qa.vestwell.com/hermes/?EIO=4&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 200
network error URL: https://ms-qa.vestwell.com/auth/static/js/shared.f4e8f858.js(Line 1)
Message:
WebSocket connection to 'wss://ms-qa.vestwell.com/hermes/?EIO=4&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 200

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://*.plaid.com/; img-src 'self' blob: data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block