urlscan.io logo urlscan.io
SecurityTrails logo

app.collectivebenefits.com Open in urlscan Pro
143.204.215.9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://s.prod.freely.dev/c/x0W0l
Effective URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Submission: On February 01 via manual from IL — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 25 IPs in 6 countries across 17 domains to perform 81 HTTP transactions. The main IP is 143.204.215.9, located in United States and belongs to AMAZON-02, US. The main domain is app.collectivebenefits.com.
TLS certificate: Issued by Amazon on December 9th 2022. Valid for: a year.
This is the only time app.collectivebenefits.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.170.130.96 16509 (AMAZON-02)
21 143.204.215.9 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
6 104.18.70.113 13335 (CLOUDFLAR...)
1 13.32.27.15 16509 (AMAZON-02)
1 104.18.72.113 13335 (CLOUDFLAR...)
7 99.86.4.122 16509 (AMAZON-02)
2 18.132.53.165 16509 (AMAZON-02)
4 65.9.66.54 16509 (AMAZON-02)
1 108.157.229.107 16509 (AMAZON-02)
1 143.204.215.65 16509 (AMAZON-02)
2 104.16.51.111 13335 (CLOUDFLAR...)
1 34.246.138.146 16509 (AMAZON-02)
2 34.110.224.99 396982 (GOOGLE-CL...)
2 2a00:1450:400... 15169 (GOOGLE)
14 54.187.159.182 16509 (AMAZON-02)
1 52.95.142.109 16509 (AMAZON-02)
1 2a00:1450:402... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 151.101.192.176 54113 (FASTLY)
1 44.233.128.132 16509 (AMAZON-02)
1 34.120.195.249 396982 (GOOGLE-CL...)
81 25
1    18.170.130.96 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-130-96.eu-west-2.compute.amazonaws.com
s.prod.freely.dev
21    143.204.215.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-9.fra53.r.cloudfront.net
app.collectivebenefits.com
2    2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:400d:806::200a (Ireland)

ASN15169 (GOOGLE, US)
maps.googleapis.com
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
6    104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
1    13.32.27.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-15.fra56.r.cloudfront.net
static.hotjar.com
1    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
ekr.zdassets.com
7    99.86.4.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-122.fra6.r.cloudfront.net
js.stripe.com
2    18.132.53.165 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-132-53-165.eu-west-2.compute.amazonaws.com
api-member-app.prod.freely.dev
4    65.9.66.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-54.fra56.r.cloudfront.net
locales.collectivebenefits.com
1    108.157.229.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-229-107.arn56.r.cloudfront.net
script.hotjar.com
1    143.204.215.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-65.fra53.r.cloudfront.net
vars.hotjar.com
2    104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)
collective-benefits.zendesk.com
1    34.246.138.146 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-138-146.eu-west-1.compute.amazonaws.com
in.hotjar.com
2    34.110.224.99 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 99.224.110.34.bc.googleusercontent.com
com-collectivebenefits-prod1.collector.snplow.net
2    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
14    54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com
q.stripe.com
r.stripe.com
1    52.95.142.109 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: s3.eu-west-2.amazonaws.com
s3.eu-west-2.amazonaws.com
1    2a00:1450:4025:401::9b (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.co.uk
2    151.101.192.176 (United States)

ASN54113 (FASTLY, US)
m.stripe.network
1    44.233.128.132 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-233-128-132.us-west-2.compute.amazonaws.com
m.stripe.com
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o356780.ingest.sentry.io
Apex Domain
Subdomains		 Transfer
25 collectivebenefits.com
app.collectivebenefits.com
locales.collectivebenefits.com
2 MB
22 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1059
q.stripe.com — Cisco Umbrella Rank: 6022
r.stripe.com — Cisco Umbrella Rank: 4175
m.stripe.com — Cisco Umbrella Rank: 1046
306 KB
7 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 1883
ekr.zdassets.com — Cisco Umbrella Rank: 2161
366 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34
maps.googleapis.com — Cisco Umbrella Rank: 361
190 KB
4 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 620
script.hotjar.com — Cisco Umbrella Rank: 815
vars.hotjar.com — Cisco Umbrella Rank: 855
in.hotjar.com — Cisco Umbrella Rank: 1661
73 KB
3 freely.dev
s.prod.freely.dev
api-member-app.prod.freely.dev
2 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1153
17 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 21
20 KB
2 snplow.net
com-collectivebenefits-prod1.collector.snplow.net
19 B
2 zendesk.com
collective-benefits.zendesk.com
2 KB
1 sentry.io
o356780.ingest.sentry.io
324 B
1 google.co.uk
www.google.co.uk — Cisco Umbrella Rank: 3254
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
359 B
1 amazonaws.com
s3.eu-west-2.amazonaws.com
2 KB
1 bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2258
7 KB
0 hotjar.io Failed
vc.hotjar.io Failed
81 17
Domain Requested by
21 app.collectivebenefits.com app.collectivebenefits.com
10 r.stripe.com js.stripe.com
7 js.stripe.com app.collectivebenefits.com
js.stripe.com
6 static.zdassets.com app.collectivebenefits.com
static.zdassets.com
4 q.stripe.com app.collectivebenefits.com
4 locales.collectivebenefits.com app.collectivebenefits.com
4 maps.googleapis.com app.collectivebenefits.com
maps.googleapis.com
2 m.stripe.network js.stripe.com
m.stripe.network
2 www.google-analytics.com app.collectivebenefits.com
2 com-collectivebenefits-prod1.collector.snplow.net app.collectivebenefits.com
2 collective-benefits.zendesk.com static.zdassets.com
2 api-member-app.prod.freely.dev app.collectivebenefits.com
2 fonts.googleapis.com app.collectivebenefits.com
1 o356780.ingest.sentry.io app.collectivebenefits.com
1 m.stripe.com m.stripe.network
1 www.google.co.uk
1 www.google.com
1 stats.g.doubleclick.net app.collectivebenefits.com
1 s3.eu-west-2.amazonaws.com app.collectivebenefits.com
1 in.hotjar.com app.collectivebenefits.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 ekr.zdassets.com static.zdassets.com
1 static.hotjar.com app.collectivebenefits.com
1 stackpath.bootstrapcdn.com app.collectivebenefits.com
1 s.prod.freely.dev 1 redirects
0 vc.hotjar.io Failed app.collectivebenefits.com
81 27

This site contains links to these domains. Also see Links.

Domain
collectivebenefits.com
Subject Issuer Validity Valid
*.prod.freely.dev
Amazon		 2022-12-09 -
2024-01-07		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
zdassets.com
Cloudflare Inc ECC CA-3		 2022-11-10 -
2023-11-09		 a year crt.sh
*.hotjar.com
Amazon		 2022-10-25 -
2023-11-23		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-01-10 -
2023-05-10		 4 months crt.sh
collective-benefits.zendesk.com
Cloudflare Inc ECC CA-3		 2023-01-28 -
2024-01-27		 a year crt.sh
com-collectivebenefits-prod1.collector.snplow.net
GTS CA 1D4		 2023-01-18 -
2023-04-18		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-11-12 -
2023-03-09		 4 months crt.sh
*.s3.eu-west-2.amazonaws.com
Amazon		 2022-09-21 -
2023-08-25		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
www.google.co.uk
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-08 -
2023-04-08		 3 months crt.sh
*.ingest.sentry.io
R3		 2022-12-18 -
2023-03-18		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Frame ID: D4E137E4092B77B20D3C0067FAC4D114
Requests: 49 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
Frame ID: 5C9A19C5A0FC03A73AAF4A44454DB3E3
Requests: 7 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-2722367854ce9702c28ea74c51e2a23f.html
Frame ID: 3006BE7F7D65BB3B95ACDD0F02B8B6DA
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
Frame ID: C920D5F8ECABA799A20FD591AF5E4B5E
Requests: 15 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Frame ID: 5A3CE88D9E4A2410A2DDAE41A1665BCE
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 91CCCDD9F03C2A6C61B7FDB0519B27B7
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Collective

Page URL History Show full URLs

  1. https://s.prod.freely.dev/c/x0W0l HTTP 302
    https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Page Statistics

81
Requests

99 %
HTTPS

28 %
IPv6

17
Domains

27
Subdomains

25
IPs

6
Countries

2763 kB
Transfer

9690 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://s.prod.freely.dev/c/x0W0l HTTP 302
    https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

81 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 7641c7f3-3f54-4eff-8928-45a3c49619f7
app.collectivebenefits.com/partner/invite/
Redirect Chain
  • https://s.prod.freely.dev/c/x0W0l
  • https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2cd0092eae64202d6b9b1ea73aa0360268daf934e722dff59a83b3b1b92088e3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-type
text/html
date
Wed, 01 Feb 2023 21:25:23 GMT
etag
W/"126a524426d6e7c5908bb2318b53b816"
last-modified
Wed, 01 Feb 2023 17:22:57 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-amz-cf-id
UdIuIu2wY8b5TcqUGd2TIc52snuDvhCA9j6UlWEgG6vpEL1tC-UmYw==
x-amz-cf-pop
FRA53-C1
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

apigw-requestid
frbOchIlrPEEJlQ=
content-length
216
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type
text/html; charset=utf-8
date
Wed, 01 Feb 2023 21:25:22 GMT
expect-ct
max-age=0
location
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
referrer-policy
no-referrer
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept, Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
css
fonts.googleapis.com/ 		784 B
800 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=DM+Serif+Display&display=swap
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
139d19311897ac39a02c066726101977c2f4cd71285a9830b51cd9acc54cd4ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 01 Feb 2023 21:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 01 Feb 2023 21:25:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 01 Feb 2023 21:25:23 GMT
icon
fonts.googleapis.com/ 		569 B
417 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 01 Feb 2023 21:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 01 Feb 2023 21:25:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 01 Feb 2023 21:25:23 GMT
js
maps.googleapis.com/maps/api/ 		168 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyCPtZ39bY3YWnQe0N-t4n6Mumo9KdaX-_4&libraries=places
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
6ae557ab23ee4dd3067e1341887baf42c2ec2d9c798c5a1f24b078a546e01a96
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
content-encoding
gzip
server
mafe
vary
Accept-Language
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
server-timing
gfet4t7; dur=39
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55713
x-xss-protection
0
expires
Wed, 01 Feb 2023 21:55:23 GMT
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
947
age
5061790
cdn-cachedat
11/22/2022 18:16:02
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"269550530cc127b6aa5a35925a7de6ce"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
2f2f9ac689a5d03e07074fc8ad3123be
timing-allow-origin
*
cdn-requestcountrycode
FR
cdn-status
200
cf-ray
792dc2636d6323ea-LHR
cdn-requestpullsuccess
True
lottie_light.min.js
app.collectivebenefits.com/ 		167 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/lottie_light.min.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
815192cd8c9bd3434a5c87f8b37558331ce2dde938acf5205a2a9d01737aca73
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:09 GMT
server
AmazonS3
etag
W/"686d4c84a84891280d410c7a2a48c344"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
lRu3A8u-YL0qlooXTkO8jFWC9LsHUZOmN3f_uwalsmRPlcRf2yxPGA==
config.js
app.collectivebenefits.com/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/config.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f6ed35a67d44bb44c1b4d0cf528df2082d06c202bff7121e9fb2319f53698d30
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 17:22:55 GMT
server
AmazonS3
etag
W/"ca382301d29d324dbef975d9a849e579"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
lTFr-N4dncbOkVt-iEM7VeGOUYD1SLMEcnKNZa9lrc_ChR0cS5_VNA==
config-documents.js
app.collectivebenefits.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/config-documents.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9f5c6e2480e1538c9ff68cec3bf07b4f956dc30126414bf844bfad1a3f9551a8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:55 GMT
server
AmazonS3
etag
W/"ac423646343b2ba766d3dc8eef1182d5"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
rGDfx1bnZWGl0DYgcJPJipMPu1YMsi7kX32wsL3-QItXA54kMFi6fA==
snippet.js
static.zdassets.com/ekr/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=07f03d17-2592-461b-ad3e-bc2046345d6b
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c71a7bdc6e1f2f8875556b690007a65be9e5ae1fb285f76d85180c89a3fa52d2
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
x-amz-version-id
TCAqq4sghBBBAAXd3MLZ8Fy8XIds..vO
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
G36PJSVP9HNX5YWJ
age
18
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
uwRaXi1H/HlfHIdCGJrGT6ER/XaZIBjldmOYc7q9SqlUhMXwaS1HvBvA0TMNGQNw+lzGAzTLwRg=
last-modified
Thu, 28 Jul 2022 23:44:02 GMT
server
cloudflare
etag
W/"5cae6ce528dce0c327b2bcbaad459fdb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mrNwq57IgO9PtCgyILG94uKZBmaNuvyf%2BEPa2VcAZ6HkjPoJtFKuZbXtW7mGLlCTzLPEHnuxxTxuQVEP%2BuGlqZsNNHgYZOK9NRfRGZ6N2ObfrPy32ryKo1fvjmPKsJ%2Fm1ge%2FBto%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
792dc263692324b8-LHR
styles.0e9c50c7c114e208.css
app.collectivebenefits.com/ 		543 KB
77 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/styles.0e9c50c7c114e208.css
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19c8f186ed5d9d1f7b16445505c1460053167670621c08bf7de71e784bfe76c7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:33 GMT
server
AmazonS3
etag
W/"b512871fa6fdc865759fede8a33d1ee8"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
x-amz-cf-id
ZNAZHbLGoMWCtHuOCj-a7Y2CqitS-VFjivvvBBxF-p7ZipIKPyqdtw==
main.1547866195782222.css
app.collectivebenefits.com/ 		127 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/main.1547866195782222.css
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d2fa087c24524b0ee8b2698866962f411be66eeca06d82a5c7fbd5f39fded9d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:05 GMT
server
AmazonS3
etag
W/"70dfdd1bdaee6e42463f21758be9706d"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
x-amz-cf-id
siR5EIieGA2p58XrkWHioVCiX2inxYR0d2PZ4wH_FRsfjXAVqJPC0A==
runtime.f93b9c918e03e88e.js
app.collectivebenefits.com/ 		6 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/runtime.f93b9c918e03e88e.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78d2c2821c44c6e2777d5611842e9672805dcf893f6f730967d5dcd96925765d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:22 GMT
server
AmazonS3
etag
W/"c2bdc24a20f1864bbddb7363d935efa7"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
uIqmEKnV6hBVjOYGZik6hLBPfndnPaT-528DPB4p-sUAQMKgnTv0yw==
polyfills.4cb4e593dedbc83c.js
app.collectivebenefits.com/ 		168 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/polyfills.4cb4e593dedbc83c.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9bbd8d0fb0f8613bfe6eb3e47cc80bbe853d0ba2a0d2bda3a717a029c40207fd
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:15 GMT
server
AmazonS3
etag
W/"f54634e166bc29e77ee8b68ff162b7d3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
QA2kMoKJhmPKr9bYGkz8HCkaKmwY5_69YVwgsbv_AOBZGd9na00WDQ==
main.13f7e0bcb2ceca4c.js
app.collectivebenefits.com/ 		5 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e10ebd6cc3f48e04a6a8d4bb9ce4a90dd171b02366780b493350ed81a8d08a6e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:09 GMT
server
AmazonS3
etag
W/"93e5c4404f02ac32889664f348737f5e"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
mJZ3aMQZVacHUWhZz1ykobaCcaAFU7CXTDxtfI98_KnVhDmqgzXQcw==
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCPtZ39bY3YWnQe0N-t4n6Mumo9KdaX-_4&libraries=places
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://app.collectivebenefits.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
hotjar-1821571.js
static.hotjar.com/c/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1821571.js?sv=6
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-15.fra56.r.cloudfront.net
Software
/
Resource Hash
b44a013bf42bc27201366c0bff436a81cc12cb572e053456c0e3929650b385fb
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Wed, 01 Feb 2023 21:24:24 GMT
via
1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
59
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/b909c206b140bc300f94ea63340daf81
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
PPjpNWwCgaQ_EfJemEhCqggALMQHgsWqqKuTCoYTg0V67AEftBnC8w==
07f03d17-2592-461b-ad3e-bc2046345d6b
ekr.zdassets.com/compose/ 		411 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/07f03d17-2592-461b-ad3e-bc2046345d6b
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=07f03d17-2592-461b-ad3e-bc2046345d6b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd419bca27c77973a2b9e98a83214f106c001b2594d6a8ece098f6c792e7807c
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
792880e7ed5a7701-SEA, 792880e7ed5a7701-SEA
x-runtime
0.004443
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"dd419bca27c77973a2b9e98a83214f10"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jq4mUj8et%2F39FQgEYnl0cJLYpsDSkcnzY5p%2BrVQFSBegxfobyj6hhbbCwKHnG8tjnROsDWzVEZMPx1rJiFY4GnPiYfy8b%2BNF4iU498CoxgEUS9iy%2FRjznKw%2BYanF0xZQeYM%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
max-age=600, public, stale-while-revalidate=600, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
vary
Origin, Accept-Encoding
cf-ray
792dc2658b7d889e-LHR
v3
js.stripe.com/ 		429 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
1e32172c8e0f43724b49982b5a37c2f868400620f12df226a7fe357b16f2a763
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Wed, 01 Feb 2023 21:25:11 GMT
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
12
x-cache
Hit from cloudfront
last-modified
Wed, 01 Feb 2023 19:59:21 GMT
server
Cloudfront
etag
W/"fb347ad0f1a7c0b62fe0d5ea9e83c76a"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
UIMys9MyI0k003HsaWH8SUThe7sQQaTmmQEptgvodB4HacQfIl5HBA==
user-details
api-member-app.prod.freely.dev/users/ 		26 B
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-member-app.prod.freely.dev/users/user-details
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.132.53.165 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-132-53-165.eu-west-2.compute.amazonaws.com
Software
/
Resource Hash
3e7db788e384631f8a9f299d1797e6f8af6d16d643a1c91f9e83ae15212de45c

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-origin
https://app.collectivebenefits.com
date
Wed, 01 Feb 2023 21:25:23 GMT
www-authenticate
Bearer
content-length
26
vary
origin
apigw-requestid
frbOnj7_rPEEJfg=
content-type
application/json
global.json
locales.collectivebenefits.com/public/locales/en/ 		31 KB
32 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://locales.collectivebenefits.com/public/locales/en/global.json
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-54.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ed0d9ff22f3c1170f747561c88037e8a98126cf702a1af177af858d73715a2aa

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
via
1.1 afb3db4ac63e94a7684b97827417941c.cloudfront.net (CloudFront)
last-modified
Wed, 01 Feb 2023 15:53:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"ad9df66e83aa0811b191f5fcf6e60d43"
vary
Accept-Encoding, Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.collectivebenefits.com
accept-ranges
bytes
content-length
31902
x-amz-cf-id
LwteSt8BOnIstRog2wfWL3QzNsssDHIGCNSniLJDPml6Bk2j-C8SHA==
420d916f7dd81e85.svg
app.collectivebenefits.com/ 		319 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.collectivebenefits.com/420d916f7dd81e85.svg
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.1547866195782222.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/main.1547866195782222.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
319
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:47 GMT
server
AmazonS3
etag
"6dedd5515bb05f7aca59d855b24820c5"
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-cf-id
d3oOheZkPzyxvUWAaZAv7cgtrT_rErWhBkF2xxXhGaP81JjkJzRXIQ==
modules.4b160a4831adaf5337e6.js
script.hotjar.com/ 		262 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.4b160a4831adaf5337e6.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1821571.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.229.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-229-107.arn56.r.cloudfront.net
Software
/
Resource Hash
fb91850a461b7442ca8310a0758898710eca3b52a1c61a27b00db609725c3696
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 16:06:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 a1883601a786b7317faec0d94ef154f2.cloudfront.net (CloudFront)
x-amz-cf-pop
ARN56-P2
age
191957
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
68316
last-modified
Mon, 30 Jan 2023 16:05:37 GMT
etag
"3315b6999637291711ab85ba678211fa"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
VtWoClhaj0xTO3p0_IEjDHjwDOZkjNJFPRlRDW2FM1sVMpwjEn86HQ==
web-widget-framework-c82fe813e62b58e096bc.js
static.zdassets.com/web_widget/latest/ Frame 5C9A 		158 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=07f03d17-2592-461b-ad3e-bc2046345d6b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af4a6d9424e18ced13b9ab3ee007ef3d54a0e23d19c21d1747e73b43465d6563
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
x-amz-version-id
1cCOlxhNqu17ys_QySYbf1YbpGnPAUXV
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
MJRQ4GC8JSVSC2CD
age
56551
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
0kEyOCPHFouWQwe+IpHDCXjaNPjAvQN7vv4OoEw5xcSAcljTRM5wsxIt/GSgckkJqZY5YJG/g0Q=
last-modified
Mon, 30 Jan 2023 01:09:01 GMT
server
cloudflare
etag
W/"5c97db2a2d29c595e26430d1c8358d6a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2B%2BPwVjIL3y3OVoGCtXW77%2FBkTcBfO3QoxWQY74t2Vgee%2BRXK9wth5xPDOxf3VFe4HBBh0nzgaOuKtBWjt3AjWu5sx3566vVTYjA%2B09%2B8xg7BLlCbBFBjnW4yGzY18bk41h3b8U%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
792dc2679fa524b8-LHR
expires
Tue, 30 Jan 2024 01:09:00 GMT
box-2722367854ce9702c28ea74c51e2a23f.html
vars.hotjar.com/ Frame 3006 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-2722367854ce9702c28ea74c51e2a23f.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1821571.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-65.fra53.r.cloudfront.net
Software
/
Resource Hash
2a053c986d53b05149da4b99719fd4c913e4c8a885824b7ded13f070fb13ff6b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
191957
cache-control
max-age=31536000
content-encoding
br
content-length
1035
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 30 Jan 2023 16:06:06 GMT
etag
"8665e233ef6caaf010ca89793f27b6f8"
last-modified
Mon, 30 Jan 2023 16:05:37 GMT
strict-transport-security
max-age=2592000; includeSubDomains
vary
Accept-Encoding
via
1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
x-amz-cf-id
Efzi2ClNBgZi0rgc88ks7fm83rK3vI1-4irYTTcooX-XlvsuKwSg-w==
x-amz-cf-pop
FRA53-C1
x-cache
Hit from cloudfront
x-robots-tag
none
config
collective-benefits.zendesk.com/embeddable/ Frame 5C9A 		643 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://collective-benefits.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
279e8fc42afa7d0d086eb0cff1e5b6d600f69544096ad9dca6df0f2db6969ff5

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-55866f4ccc-69z29
x-cached
STALE
x-request-id
792db0a5db6a54d0-DUB
x-runtime
0.001999
last-modified
Wed, 01 Feb 2023 21:23:31 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpu2WkBYMo%2FvXgd9SvQT0u6E5ET6vH%2FMkbTtAd5dxXSR8kNGQKr%2Fhq4bS1PD5kOOrXkNEupp4K4prgfzru%2FRXWJZo9jcNnQLWGtl1OQfqo6%2BG1g3J6WNav6pnFETITAIU2lRWCUPgovdzWM0Kq6XtgI%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
792dc2689ad324d5-LHR
controller-ac9bd0b70130006c09a7e09f8847e3ab.html
js.stripe.com/v3/ Frame C920 		325 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
a35990ef68dc8acbd1fc04eeee2591b5b1ef132fb73ca422d8b2d099e371013b
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1
cache-control
max-age=60
content-length
325
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 01 Feb 2023 21:25:24 GMT
etag
"ac9bd0b70130006c09a7e09f8847e3ab"
last-modified
Wed, 01 Feb 2023 19:34:21 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-id
AIlQvYZyNzSnlKjqh5My92RR1x8ZUWg0A7Y-UxXCUbQlejnAYPqnfw==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
common.b2bd8955f6550265.css
app.collectivebenefits.com/ 		918 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/common.b2bd8955f6550265.css
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/runtime.f93b9c918e03e88e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
455049f9214da0dc92a84b2134916773c14504d80f1dab6a3d8097da8962d10a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
918
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:53 GMT
server
AmazonS3
etag
"2a6317aa8ec42268135612710af0f811"
x-frame-options
DENY
content-type
text/css
cache-control
public, max-age=86400
x-amz-cf-id
2qs6wMzUynpHJuqcoi13voA8y4-kZUphGFyIoPFLlY9MWtAllftgKQ==
common.a2242e1f88cf2151.js
app.collectivebenefits.com/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/common.a2242e1f88cf2151.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/runtime.f93b9c918e03e88e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1a1760c546241313f5c95af3f3e75b96a7c898aa094256e36c1287eb79433cf6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:54 GMT
server
AmazonS3
etag
W/"3e0873b4d5363c8d4995a8f9ea0c3431"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
6OgpK0BiiusQ-R267gp4OYYyGUNfq75YOmgcKjEikj0Sql-Gu8HZyw==
41.6c81d876635a9c2d.css
app.collectivebenefits.com/ 		5 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/41.6c81d876635a9c2d.css
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/runtime.f93b9c918e03e88e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9beaa3b4f98adbcc4840bb421ab9ae6cad8cb7d37a5d4947774c2d6117ce37c5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:48 GMT
server
AmazonS3
etag
W/"7d1c9cfc2ac5880f01235535ef54867f"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=86400
x-amz-cf-id
uI5PHphslUlnwFC5U0Y7YjMBbYr1UUgSKEn4_W27lp3RwrOutaqWrg==
41.f414b5f28fab1228.js
app.collectivebenefits.com/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/41.f414b5f28fab1228.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/runtime.f93b9c918e03e88e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
82f2fb60046c8352f4a6d66202c5782537d4762abfa56bf8e5dedf54b4704d1c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:48 GMT
server
AmazonS3
etag
W/"02f40c8f598f447f162c96edc54cef84"
x-frame-options
DENY
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400
x-amz-cf-id
Vv243kG7QH2q0ArQMr38PPViN6PatZLveZhi42LwGATsgJ9bRIqRhA==
misc.json
locales.collectivebenefits.com/public/locales/en/ 		6 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://locales.collectivebenefits.com/public/locales/en/misc.json
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-54.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9d29113e839b6252d872a98ff005473cc79b403521c3428fec7cd196557b62ec

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
via
1.1 afb3db4ac63e94a7684b97827417941c.cloudfront.net (CloudFront)
last-modified
Wed, 01 Feb 2023 15:53:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"899e9cb996900ac46a02c0994794f229"
vary
Accept-Encoding, Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.collectivebenefits.com
accept-ranges
bytes
content-length
6373
x-amz-cf-id
TXChYEr1rGg1UIIc2xI5iD23jLQU7chBhKy_0Boy2YfgwMktLimOEg==
visit-data
in.hotjar.com/api/v2/client/sites/1821571/ 		148 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in.hotjar.com/api/v2/client/sites/1821571/visit-data?sv=6
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.246.138.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-246-138-146.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
07664fd6a9195b3edd30b67c88838d1322752e5ae983c4bca5ae5fad4b6b4f34

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-encoding
br
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store
access-control-allow-credentials
true
1821571
vc.hotjar.io/sessions/ 		0
0
web-widget-classic-34c91d3.js
static.zdassets.com/web_widget/latest/classic/ Frame 5C9A 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-34c91d3.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a0bdf45fbd7fe2f35c5223090b4fc7cbe0c17a6bb1d1c723f278eff3d5773f3
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
x-amz-version-id
XHJDUaBKxE89UxJh6.a92Af8FUc8mhAA
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
8SCE3AQMV389GXJK
age
56551
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
iPQObs1LmPcTHawRj8yd7X8rq+FKU7eb1vHkvw7EcrxVlGgroIdAb+m9Swt9a3v3QosDbjkp3+0=
last-modified
Mon, 30 Jan 2023 01:11:44 GMT
server
cloudflare
etag
W/"9f439f16bdd7a42b3da820fde4e96890"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3vqowFKkvY9c79y7oww9mgCCB1VGYjVoYHEQ0m4sBJ8nihM0xoEQylNrfN3AXDCX0K%2BsNu4L83vh%2FT8Noo9jB8b3VeQcWBxHYXUcVCuly%2FhhXRaC8TSLzLQpOo6b1cNwhF3dgU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
792dc2694a7924b8-LHR
expires
Tue, 30 Jan 2024 01:11:43 GMT
web-widget-8165-34c91d3.js
static.zdassets.com/web_widget/latest/classic/ Frame 5C9A 		663 KB
190 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-8165-34c91d3.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-34c91d3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbee8bfe903d4ea9f71b1de60e45e2226d77fe1ff3101cb9f0362f20b44fd96a
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
x-amz-version-id
tYOSfzpt5WjSOWaRj9efQMLiLa0r_8B0
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
8SC5063BRT4VZ3N4
age
56551
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
scaJtaQ7pl5ECjACK4LBe+8dpyYQht7oKoYSmFpt7sr5C6UHIRHJDZgLK3uVk263lJLgFPVATCZxfQTvffWp8Q==
last-modified
Mon, 30 Jan 2023 01:11:44 GMT
server
cloudflare
etag
W/"d519ea27f763cb6ec80aeec5b45213a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wp6IwskLtQRGTNtuDLFop2hMOhvgUclXRu%2FFSmkq7Oud1m4EQE3HGU9%2BNbEUXj%2F6ZXYyRXUnBEPZinchzmI%2FyVpJgbzgzgLRgXu%2FY6Z9FnUOxDtZIzGByQoTIMdPyz66VSkgwcU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
792dc2698ae624b8-LHR
expires
Tue, 30 Jan 2024 01:11:43 GMT
web-widget-5324-34c91d3.js
static.zdassets.com/web_widget/latest/classic/ Frame 5C9A 		493 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-5324-34c91d3.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-34c91d3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f5562e93178aa7ee1deb15cb8d45229e8efbfe2707982ada0c7ac1902e14191
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
x-amz-version-id
6AuBmSIJ32qDXiB1mw4Drv9aAUt8ZDjH
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
8SCEHM635RXGNZWN
age
56551
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
J17rUI71e6JkQ+MbyYsdVpi/9pmCF8YWAixNRoTCI1+Gcaj/S4XkSI48RojNUn4y3k60H5zP7hw=
last-modified
Mon, 30 Jan 2023 01:11:44 GMT
server
cloudflare
etag
W/"e40ffe6686756f7ae653217693dadaac"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ag8dIRoM11ZOlj3cllGHVhDrtYdjguTaLgFGKJiMjWvchPGUlfo66SfzVKVAc5AiI6lVXmScTlic6pb7EnlvbcN1pvALk5zPSHKYKJY3otHFyJDiC1CgnxSLzADz8Yr1BBqaCAA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
792dc2698aea24b8-LHR
expires
Tue, 30 Jan 2024 01:11:43 GMT
cookie-icon.svg
app.collectivebenefits.com/images/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.collectivebenefits.com/images/cookie-icon.svg
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0939be83fd3bbfa34d2ad5e852844931de925ffa7c9eae7ea1c6d104b37b3bba
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:57 GMT
server
AmazonS3
etag
W/"215c6f2f25e3272cb22d1bfa5b1befc1"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-cf-id
FD1WdjK3UJYR_Hrx9gwfZKz6T73FoXGfRNKc-7hpu5bEOwSKRn4dLQ==
tp2
com-collectivebenefits-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://com-collectivebenefits-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.110.224.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.224.110.34.bc.googleusercontent.com
Software
akka-http /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.collectivebenefits.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://app.collectivebenefits.com
access-control-max-age
5
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 01 Feb 2023 21:25:23 GMT
server
akka-http
via
1.1 google
font.woff
app.collectivebenefits.com/fonts/GalanoGrotesqueSemiBold/ 		28 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/fonts/GalanoGrotesqueSemiBold/font.woff
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1ff18ea246fccccf53085ac9b5360598fd64996814b06c949d4148d36d964651
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
28779
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:54 GMT
server
AmazonS3
etag
"bdad1a38b36f77209606091c10f25127"
x-frame-options
DENY
content-type
font/woff
cache-control
public, max-age=86400
x-amz-cf-id
4CTOjykZJwitaOP-NhjvK6E5U_lP38nOVy1mmLbcbDlbBg2yn6wXLw==
GalanoGrotesque-Regular.4844029190e68bd36694.woff
app.collectivebenefits.com/ 		30 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/GalanoGrotesque-Regular.4844029190e68bd36694.woff
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50008f898b19b167a54e563dcd55b790f4a96a78df41ecee246e4d45e2fb1d36
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
30372
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:53 GMT
server
AmazonS3
etag
"1f5ec07a7e8f0db19d144ea94856b839"
x-frame-options
DENY
content-type
font/woff
cache-control
public, max-age=86400
x-amz-cf-id
MEQ6IDmZZsbV3ioJe-iNc2Frc94tJ3_hstH5Zfi5IpXVUEnZzxJumg==
tp2
com-collectivebenefits-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ 		2 B
19 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://com-collectivebenefits-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.110.224.99 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
99.224.110.34.bc.googleusercontent.com
Software
akka-http /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

date
Wed, 01 Feb 2023 21:25:23 GMT
via
1.1 google
server
akka-http
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://app.collectivebenefits.com
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 01 Feb 2023 20:54:50 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
1834
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Wed, 01 Feb 2023 22:54:50 GMT
mark-logo-navy.svg
app.collectivebenefits.com/images/ 		634 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.collectivebenefits.com/images/mark-logo-navy.svg
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
af2264f3682787f6c8c60706f649492e0f530ee374f2372ba7859ff069751312
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
634
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:05 GMT
server
AmazonS3
etag
"5f27fd3bd8c5d48cdcf870a668b7ecad"
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-cf-id
tooOQ31WJpHhoDrqKZzXCloragmeozXp0s_QvBo3iViRXxC89MT_kw==
icon-close-ref.svg
app.collectivebenefits.com/images/ 		348 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.collectivebenefits.com/images/icon-close-ref.svg
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
154fbd2e9caa25156b61458ef02e554e100709515d1ca4999284fbbbffa8441f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
348
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:39:04 GMT
server
AmazonS3
etag
"9cc34deb0266fb2c333d9f8a34064598"
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-cf-id
LrqrFe8aQ5wrLjvxbCGnrNgI2iQ2tHAbs9nj73sSm52u3-Wi-5ea_w==
7641c7f3-3f54-4eff-8928-45a3c49619f7
api-member-app.prod.freely.dev/users/invite-details/ 		559 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-member-app.prod.freely.dev/users/invite-details/7641c7f3-3f54-4eff-8928-45a3c49619f7
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.132.53.165 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-132-53-165.eu-west-2.compute.amazonaws.com
Software
/
Resource Hash
83f702481d4659c67aa110dc8cd57817e7b424fa481918bb31ee2cf8697b4a67
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
content-security-policy
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
content-length
559
apigw-requestid
frbOrgBHrPEEJag=
x-xss-protection
0
referrer-policy
no-referrer
etag
W/"22f-txcc0wP/7NTFRGCbbPkNrYQtVHo"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.collectivebenefits.com
x-download-options
noopen
embeddable_blip
collective-benefits.zendesk.com/ Frame 5C9A 		0
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collective-benefits.zendesk.com/embeddable_blip?type=analytics&data=eyJhbmFseXRpY3MiOnsidmFsdWUiOnsicmF3Q2xpZW50TG9jYWxlIjoiZW4tVVMiLCJyYXdTZXJ2ZXJMb2NhbGUiOiJlbi1HQiIsImNsaWVudExvY2FsZSI6ImVuLXVzIiwic2VydmVyTG9jYWxlIjoiZW4tZ2IiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA5LjAuNTQxNC4xMTkgU2FmYXJpLzUzNy4zNiIsImlzTW9iaWxlIjpmYWxzZX0sImFjdGlvbiI6ImxvY2FsZU1pc21hdGNoIiwiY2F0ZWdvcnkiOiJsb2NhbGUifSwiYnVpZCI6Ijk3Y2Q4MmRhZjMzOTQ5OWZiZDJiZmVmYjMxNzI3ZTBhIiwic3VpZCI6IjlkNjFhOWUxN2E3NDQ5YzhhNTE0MjFlYThlOTU5MWIxIiwidmVyc2lvbiI6IjM0YzkxZDMiLCJ0aW1lc3RhbXAiOiIyMDIzLTAyLTAxVDIxOjI1OjI0LjI3NFoiLCJ1cmwiOiJodHRwczovL2FwcC5jb2xsZWN0aXZlYmVuZWZpdHMuY29tL3BhcnRuZXIvaW52aXRlLzc2NDFjN2YzLTNmNTQtNGVmZi04OTI4LTQ1YTNjNDk2MTlmNyJ9
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-c82fe813e62b58e096bc.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
cf-cache-status
MISS
last-modified
Wed, 01 Feb 2023 21:25:24 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-zendesk-zorg
yes
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ycJojy9dal0%2FWfHRQsMzhTDIXzoRz8qgSSAwunYYRBsuRLWQtiXT09k3f%2FkB6%2BN843z5YzqfLdy2RbMcdn8clusHnhkW5OU6%2BSSqfbcpbftpANGTIZyslmK98f4xUeuqpXJLX8x7NLfiouXPkqQQyY8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
accept-ranges
bytes
cf-ray
792dc26acdf324d5-LHR
content-length
0
x-request-id
792dc26acdf324d5-LHR
en-gb-json-34c91d3.js
static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/ Frame 5C9A 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/en-gb-json-34c91d3.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-34c91d3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
238e821958d0ecef0d0269874f71bac51799ba6e6d10e9b8a02aa378f10ee3f2
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
x-amz-version-id
CFkp5vq7cwjjVXVkZ8F17kzrXy0A_moz
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
8SCCQ3R8P6X65FV0
age
56551
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ViIBpo0YG2+BanPyPmU+kndWxWN6liNv5+IbAl76hVTaMJgRgUMPE2lfS0zBHIHHtufXruXByp4=
last-modified
Mon, 30 Jan 2023 01:11:45 GMT
server
cloudflare
etag
W/"fc34d9299292d11ef728cfd7257af0ea"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CV0C%2FXp1bsW06e4W%2B4YB4xah9wYLfDwnLWMcwYFL4C5L3aE%2FPp0NbXXlqPEXDlis2Cg1sM5lS2%2Fe%2FNRqmAI5A1fqTY6el9OAlS197wmAW%2FM5f7BU45anvyFxx32aBrLBIpalnpU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
792dc26aed6f24b8-LHR
expires
Tue, 30 Jan 2024 01:11:44 GMT
csp-report
q.stripe.com/ Frame C920 		0
600 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
shared-b45dbb4369bee7dae6e57b3176415614.js
js.stripe.com/v3/fingerprinted/js/ Frame C920 		300 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
1568ece78b653838dad5bcf7fa6517542488b809a8eca9594dea400527901734
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 01 Feb 2023 20:36:03 GMT
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
2970
x-cache
Hit from cloudfront
last-modified
Wed, 01 Feb 2023 19:34:31 GMT
server
Cloudfront
etag
W/"5a67cb7d2bbd274b1db7327f38cf3688"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
x-amz-cf-id
54RsrLlgarzSsMeUFIMpvHaBI9d7V3yRLD4u18ISIyIO78QmOFKkwQ==
controller-6032a0c1f80b3b0e4569cda649e76be3.js
js.stripe.com/v3/fingerprinted/js/ Frame C920 		462 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/controller-6032a0c1f80b3b0e4569cda649e76be3.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
c68eb0b32013b6a73b865630725ba694c9f9aad2fad0ceed85a0e14f50c2c1bf
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 01 Feb 2023 20:36:03 GMT
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
2970
x-cache
Hit from cloudfront
last-modified
Wed, 01 Feb 2023 19:34:29 GMT
server
Cloudfront
etag
W/"947762ccf6dce6763894ebc86f1e0e44"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
x-amz-cf-id
v6o3Ffgn-o6pLMhXl3ZfGzRUpnFt8cKUhiP-u5jaF8PAYC0ViCjWVQ==
f14fe29b9077f2bc44bcb88b8e57c766.svg
s3.eu-west-2.amazonaws.com/static.collectivebenefits.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.eu-west-2.amazonaws.com/static.collectivebenefits.com/f14fe29b9077f2bc44bcb88b8e57c766.svg
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.142.109 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.eu-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
1bce80e747742be0df88d83ec978b12e5cdb9f219b5ba69a6be81d00edfc1a91

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 21:25:25 GMT
Last-Modified
Mon, 21 Jun 2021 12:54:49 GMT
Server
AmazonS3
x-amz-request-id
TNQ1QSRPDAHDJSES
ETag
"a2c83f54f52466d035ca9642ed15c9f8"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
2097
x-amz-id-2
FxPkU65SREtbyDpo6LenoCJUhZkPbFCjdJZvApFjv/QTTfqfNcMAwVEtDFl3V0mxOG1zGCUC1sg=
contacticon-new.svg
app.collectivebenefits.com/images/ 		17 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.collectivebenefits.com/images/contacticon-new.svg
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0197af0e28ed75f03ee828925a314bf9673030838d56a75d117686676028e1e0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:57 GMT
server
AmazonS3
etag
W/"ad0af5d61761ca828c9d56e337a2f47e"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=86400
x-amz-cf-id
-MXaCsiztXj616r5fYBej4AlhssnXvAnWxRHG5a8rMA3ryB8EjRCRg==
global.json
locales.collectivebenefits.com/public/locales/he/ 		35 KB
35 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://locales.collectivebenefits.com/public/locales/he/global.json
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-54.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3d472c5c67f0964a1f839ac63e940778f879627c0120953260f9472224a567dd

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
via
1.1 afb3db4ac63e94a7684b97827417941c.cloudfront.net (CloudFront)
last-modified
Wed, 01 Feb 2023 15:53:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"d12eb3a87e1af89362e768c72359e7fd"
vary
Accept-Encoding, Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.collectivebenefits.com
accept-ranges
bytes
content-length
35418
x-amz-cf-id
ZSQrUJDzmbx8Z2ANNmGYigk9D-lV_n8frVooJg-8P0_obMO4s3nk_w==
misc.json
locales.collectivebenefits.com/public/locales/he/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://locales.collectivebenefits.com/public/locales/he/misc.json
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-54.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b96a2561d639e0771a0e653aaa9323ed45ed0b61d81dce1ea5c7dc48b4f29ad0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
via
1.1 afb3db4ac63e94a7684b97827417941c.cloudfront.net (CloudFront)
last-modified
Wed, 01 Feb 2023 15:53:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-C1
etag
"3a27206f96130c039a79d5e8f9f12ab2"
vary
Accept-Encoding, Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.collectivebenefits.com
accept-ranges
bytes
content-length
1749
x-amz-cf-id
TYHp6YeUiWIccOQYSM1i1TIAEZFuU-BC08gZyVq1tjgH4cOnYlPzkA==
collect
www.google-analytics.com/j/ 		4 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1428694561&t=pageview&_s=1&dl=https%3A%2F%2Fapp.collectivebenefits.com%2Fpartner%2Finvite%2F7641c7f3-3f54-4eff-8928-45a3c49619f7&dp=%2Fpartner%2Finvite%2F7641c7f3-3f54-4eff-8928-45a3c49619f7&ul=en-us&de=UTF-8&dt=Collective&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1519609177&gjid=860587641&cid=1778329346.1675286724&tid=UA-149635695-2&_gid=768938329.1675286724&_r=1&_slc=1&z=2098044058
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 01 Feb 2023 21:25:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://app.collectivebenefits.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
.deploy_status_henson.json
js.stripe.com/v3/ Frame C920 		474 B
864 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/.deploy_status_henson.json
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
485fcaef5b0b6af7fa97598295f8036277e51647a725ed677719a511d8540c0c

Request headers

Accept
application/json
Referer
https://js.stripe.com/v3/controller-ac9bd0b70130006c09a7e09f8847e3ab.html
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Wed, 01 Feb 2023 21:24:57 GMT
via
1.1 78059242182c195ff7f26013772da09a.cloudfront.net (CloudFront)
last-modified
Wed, 01 Feb 2023 19:59:22 GMT
server
Cloudfront
x-amz-cf-pop
FRA6-C1
age
42
etag
"c1b1ca86abc0cfb60f9d1c9bdd3894d2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
content-length
474
x-amz-cf-id
jPmWAHS-qV5f3IRjVoxh73KXlV7aDqNnVLMLwtaKHqpIcd2RNta-cA==
m-outer-93afeeb17bc37e711759584dbfc50d47.html
js.stripe.com/v3/ Frame 5A3C 		200 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1059
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 01 Feb 2023 21:07:56 GMT
etag
"93afeeb17bc37e711759584dbfc50d47"
last-modified
Fri, 20 Jan 2023 19:49:38 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-id
xb1f-ohrNse9cbcfOkceAEDmTWXH18_2hdNt3KjM9UFWGytP4Bv4Pw==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
collect
stats.g.doubleclick.net/j/ 		7 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-149635695-2&cid=1778329346.1675286724&jid=1519609177&gjid=860587641&_gid=768938329.1675286724&_u=IEBAAEAAAAAAACAAI~&z=55805397
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4025:401::9b Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 01 Feb 2023 21:25:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://app.collectivebenefits.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7
expires
Fri, 01 Jan 1990 00:00:00 GMT
font.woff
app.collectivebenefits.com/fonts/GalanoGrotesqueRegular/ 		28 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.collectivebenefits.com/fonts/GalanoGrotesqueRegular/font.woff
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-9.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
50754890b719b0f4c8f67f5b4bfb4a05c79544553cc9a3287e5fcad79e346e76
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Origin
https://app.collectivebenefits.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
content-security-policy
default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
via
1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
content-length
28983
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 01 Feb 2023 14:38:54 GMT
server
AmazonS3
etag
"bd15ae57e5b819860b352824f778224a"
x-frame-options
DENY
content-type
font/woff
cache-control
public, max-age=86400
x-amz-cf-id
hCmUrxCKmeMuMukDnotZgPWGNj4gD_C4yVsMQihA_ysgCX0ch3V7HQ==
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
0
r.stripe.com/ Frame C920 		0
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://r.stripe.com/0
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/shared-b45dbb4369bee7dae6e57b3176415614.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://js.stripe.com
x-stripe-bg-intended-route-color
green
date
Wed, 01 Feb 2023 21:25:24 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
content-type
text/plain
csp-report
q.stripe.com/ Frame 5A3C 		0
599 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame 5A3C 		0
599 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 01 Feb 2023 21:25:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
content-length
0
x-stripe-bg-intended-route-color
blue
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://js.stripe.com
access-control-expose-headers
Server, Range, Content-Type
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-8cb24ab2d649fd36a488d04d8c457933.js
js.stripe.com/v3/fingerprinted/js/ Frame 5A3C 		631 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-122.fra6.r.cloudfront.net
Software
Cloudfront /
Resource Hash
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://js.stripe.com/v3/m-outer-93afeeb17bc37e711759584dbfc50d47.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Wed, 01 Feb 2023 20:44:35 GMT
x-content-type-options
nosniff
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
2458
x-cache
Hit from cloudfront
content-length
631
last-modified
Fri, 13 Jan 2023 19:40:57 GMT
server
Cloudfront
etag
"f8f6a4584135f737b26927596ce6e0a7"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
rGKGnJoLEicqDtdGP2ORgKwp2nk2YsGDrv_OMmLw7jGBvGWdVTpRaw==
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-149635695-2&cid=1778329346.1675286724&jid=1519609177&_u=IEBAAEAAAAAAACAAI~&z=1456133069
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Feb 2023 21:25:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.uk/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-149635695-2&cid=1778329346.1675286724&jid=1519609177&_u=IEBAAEAAAAAAACAAI~&z=1456133069
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 01 Feb 2023 21:25:24 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
inner.html
m.stripe.network/ Frame 91CC 		930 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-8cb24ab2d649fd36a488d04d8c457933.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
219
cache-control
max-age=300, public
content-encoding
gzip
content-length
527
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-e/Jqu4k9Gk1ZCWO6StAsfhF3i7qgIwfuitaD1g9DyvE='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 01 Feb 2023 21:25:24 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 varnish
x-cache
HIT
x-cache-hits
174
x-content-type-options
nosniff
x-request-id
7bb8be4a-a544-4a6a-9f03-e118f82245e9
x-served-by
cache-lhr7357-LHR
x-timer
S1675286725.862294,VS0,VE0
csp-report
q.stripe.com/ Frame 91CC 		0
373 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/partner/invite/7641c7f3-3f54-4eff-8928-45a3c49619f7
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-159-182.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/csp-report

Response headers

x-stripe-bg-intended-route-color
blue
pragma
no-cache
date
Wed, 01 Feb 2023 21:25:24 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
cross-origin-opener-policy
same-origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
x-robots-tag
none
content-length
0
expires
0
out-4.5.42.js
m.stripe.network/ Frame 91CC 		86 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.42.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.192.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
date
Wed, 01 Feb 2023 21:25:24 GMT
x-content-type-options
nosniff
content-encoding
gzip
via
1.1 varnish
age
62
x-cache
HIT
content-length
16031
x-request-id
09c32f7e-0c41-4707-92a3-c5c9d588c34d
x-served-by
cache-lhr7357-LHR
server
Fastly
x-timer
S1675286725.918670,VS0,VE0
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
accept-ranges
bytes
x-cache-hits
113
6
m.stripe.com/ Frame 91CC 		156 B
552 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.42.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.233.128.132 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-233-128-132.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
63afc5c9d55bf8a24fa659d2a769d53e4e9fb173a0d1c2d842a1629cd8c20abc
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Wed, 01 Feb 2023 21:25:25 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
server
nginx
content-type
application/json;charset=utf-8
access-control-allow-origin
https://m.stripe.network
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
/
o356780.ingest.sentry.io/api/4504326872236032/envelope/ 		41 B
324 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o356780.ingest.sentry.io/api/4504326872236032/envelope/?sentry_key=71207c32d5074045975b22e81cdfb3d2&sentry_version=7&sentry_client=sentry.javascript.react%2F7.26.0
Requested by
Host: app.collectivebenefits.com
URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
8bd364f33dc4b85c260f837ebc68f50b64c1090fd83a296c2e764ebd0308aeac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.collectivebenefits.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 01 Feb 2023 21:25:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://app.collectivebenefits.com
access-control-expose-headers
x-sentry-rate-limits, x-sentry-error, retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
common.js
maps.googleapis.com/maps-api-v3/api/js/51/8/intl/en_gb/ 		271 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/8/intl/en_gb/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCPtZ39bY3YWnQe0N-t4n6Mumo9KdaX-_4&libraries=places
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c644b47f212fd0574d0482094646acb318f57579b6c07f129045813a4239ba15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 18:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9856
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77262
x-xss-protection
0
last-modified
Tue, 31 Jan 2023 18:44:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 01 Feb 2024 18:41:12 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/51/8/intl/en_gb/ 		159 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/51/8/intl/en_gb/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCPtZ39bY3YWnQe0N-t4n6Mumo9KdaX-_4&libraries=places
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
417682461e43a8a51131ba3cfe6abf9cb332cd64b3c33336aad0e28150e96ea1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Wed, 01 Feb 2023 18:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9856
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
59677
x-xss-protection
0
last-modified
Tue, 31 Jan 2023 18:44:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 01 Feb 2024 18:41:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
vc.hotjar.io
URL
https://vc.hotjar.io/sessions/1821571?s=0.25&r=0.00419382668978141

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| oncontentvisibilityautostatechange object| google object| module$contents$mapsapi$overlay$overlayView_OverlayView object| config object| contentDocConfig object| zEWebpackACJsonp function| zE function| zEmbed function| hj object| _hjSettings object| webpackChunk function| clearImmediate function| setImmediate object| __SENTRY__ number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ boolean| zEACLoaded object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| bodymovin object| lottie object| webpackChunkStripeJSouter function| noop function| Stripe string| GoogleAnalyticsObject function| ga function| $zopim object| google_tag_data object| gaplugins object| gaGlobal object| gaData

15 Cookies

Domain/Path Name / Value
app.collectivebenefits.com/partner/invite Name: chosen-language
Value: he
.collectivebenefits.com/ Name: _hjSessionUser_1821571
Value: eyJpZCI6ImU2Y2RiNWM1LTVlNzAtNTNlNC1iNTA0LWRiMDAxMjYzNDgzZCIsImNyZWF0ZWQiOjE2NzUyODY3MjQwMTcsImV4aXN0aW5nIjpmYWxzZX0=
.collectivebenefits.com/ Name: _hjFirstSeen
Value: 1
app.collectivebenefits.com/ Name: _hjIncludedInSessionSample
Value: 0
.collectivebenefits.com/ Name: _hjSession_1821571
Value: eyJpZCI6IjI0YjNiMzI1LWU1YmItNDVjYi1iZjNiLTcyMTdmYjJlZWM3YSIsImNyZWF0ZWQiOjE2NzUyODY3MjQwMjcsImluU2FtcGxlIjpmYWxzZX0=
app.collectivebenefits.com/ Name: _hjIncludedInPageviewSample
Value: 1
.collectivebenefits.com/ Name: _hjAbsoluteSessionInProgress
Value: 1
app.collectivebenefits.com/ Name: _sp_ses.de91
Value: *
app.collectivebenefits.com/ Name: _sp_id.de91
Value: e7e6f39a-8d03-42b3-888e-ff1b81faa982.1675286724.1.1675286724..2d775812-4015-4b8d-9751-0afc98ec1935..88035aa4-4efd-47da-a901-babeb9bccff8.1675286724147.1
.collectivebenefits.com/ Name: _ga
Value: GA1.2.1778329346.1675286724
.collectivebenefits.com/ Name: _gid
Value: GA1.2.768938329.1675286724
.collectivebenefits.com/ Name: _gat
Value: 1
m.stripe.com/ Name: m
Value: 00ea9d57-ee58-4998-88c5-dcbd87bd764f134c8d
.app.collectivebenefits.com/ Name: __stripe_mid
Value: 1973f19a-8d5e-477d-b68e-34c6c2c9825dcd48c8
.app.collectivebenefits.com/ Name: __stripe_sid
Value: f1014f44-3cc4-4dbf-b008-660c809c56e3daf029

3 Console Messages

Source Level URL
Text
network error URL: https://api-member-app.prod.freely.dev/users/user-details
Message:
Failed to load resource: the server responded with a status of 401 ()
security error URL: https://app.collectivebenefits.com/main.13f7e0bcb2ceca4c.js(Line 1)
Message:
Refused to connect to 'https://vc.hotjar.io/sessions/1821571?s=0.25&r=0.00419382668978141' because it violates the following Content Security Policy directive: "connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; connect-src 'self' locales.collectivebenefits.com https://api-member-app.prod.freely.dev wss://ws13.hotjar.com wss://ws17.hotjar.com api-member-app-auth0.prod.freely.dev collective-benefits.aventus.cloud api.finmo.co.uk https://collective-member-prod.eu.auth0.com cognito-identity.eu-west-2.amazonaws.com cognito-idp.eu-west-2.amazonaws.com stats.g.doubleclick.net www.google-analytics.com https://heapanalytics.com in.hotjar.com api-iam.intercom.io https://uploads.intercomcdn.com ekr.zdassets.com https://id.zopim.com collective-benefits.zendesk.com wss://widget-mediator.zopim.com wss://nexus-websocket-a.intercom.io jointhecollective.cdn.prismic.io *.ingest.sentry.io *.ex.co *.playbuzz.com cdn.contentful.com *.split.io https://*.googleapis.com https://com-collectivebenefits-prod1.mini.snplow.net https://com-collectivebenefits-prod1.collector.snplow.net *.hotjar.com; font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://heapanalytics.com js.intercomcdn.com; frame-src 'self' vars.hotjar.com intercom-sheets.com jointhecollective.prismic.io js.stripe.com www.youtube.com *.ex.co *.playbuzz.com www.google.com doubleclick.net *.vimeo.com; img-src 'self' data: gift.wegift.io y5jmrt8nb9.execute-api.eu-west-1.amazonaws.com s3.eu-west-2.amazonaws.com deals-cdn.collectivebenefits.com perks-cdn.collectivebenefits.com www.google.co.uk www.google.com www.google-analytics.com https://heapanalytics.com static.intercomassets.com downloads.intercomcdn.com js.intercomcdn.com gift.wegift.io jointhecollective.cdn.prismic.io images.prismic.io *.ex.co *.playbuzz.com *.avplayer.com *.ctfassets.net hooks.stripe.com/ *.ytimg.com vumbnail.com https://*.googleapis.com https://*.gstatic.com; manifest-src 'self'; media-src 'self' data: blob: js.intercomcdn.com static.zdassets.com *.ex.co *.playbuzz.com *.ctfassets.net; script-src 'self' 'unsafe-inline' www.google-analytics.com https://heapanalytics.com https://cdn.heapanalytics.com script.hotjar.com static.hotjar.com widget.intercom.io js.intercomcdn.com static.zdassets.com ekr.zdassets.com static.cdn.prismic.io js.stripe.com *.ex.co *.playbuzz.com *.avplayer.com www.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com www.youtube.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com https://heapanalytics.com; worker-src 'self'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-member-app.prod.freely.dev
app.collectivebenefits.com
collective-benefits.zendesk.com
com-collectivebenefits-prod1.collector.snplow.net
ekr.zdassets.com
fonts.googleapis.com
in.hotjar.com
js.stripe.com
locales.collectivebenefits.com
m.stripe.com
m.stripe.network
maps.googleapis.com
o356780.ingest.sentry.io
q.stripe.com
r.stripe.com
s.prod.freely.dev
s3.eu-west-2.amazonaws.com
script.hotjar.com
stackpath.bootstrapcdn.com
static.hotjar.com
static.zdassets.com
stats.g.doubleclick.net
vars.hotjar.com
vc.hotjar.io
www.google-analytics.com
www.google.co.uk
www.google.com
vc.hotjar.io
104.16.51.111
104.18.70.113
104.18.72.113
108.157.229.107
13.32.27.15
143.204.215.65
143.204.215.9
151.101.192.176
18.132.53.165
18.170.130.96
2606:4700::6812:bcf
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:831::200e
2a00:1450:400d:806::200a
2a00:1450:400d:80c::200a
2a00:1450:4025:401::9b
34.110.224.99
34.120.195.249
34.246.138.146
44.233.128.132
52.95.142.109
54.187.159.182
65.9.66.54
99.86.4.122
0197af0e28ed75f03ee828925a314bf9673030838d56a75d117686676028e1e0
07664fd6a9195b3edd30b67c88838d1322752e5ae983c4bca5ae5fad4b6b4f34
0939be83fd3bbfa34d2ad5e852844931de925ffa7c9eae7ea1c6d104b37b3bba
139d19311897ac39a02c066726101977c2f4cd71285a9830b51cd9acc54cd4ab
154fbd2e9caa25156b61458ef02e554e100709515d1ca4999284fbbbffa8441f
1568ece78b653838dad5bcf7fa6517542488b809a8eca9594dea400527901734
19c8f186ed5d9d1f7b16445505c1460053167670621c08bf7de71e784bfe76c7
1a1760c546241313f5c95af3f3e75b96a7c898aa094256e36c1287eb79433cf6
1bce80e747742be0df88d83ec978b12e5cdb9f219b5ba69a6be81d00edfc1a91
1e32172c8e0f43724b49982b5a37c2f868400620f12df226a7fe357b16f2a763
1ff18ea246fccccf53085ac9b5360598fd64996814b06c949d4148d36d964651
238e821958d0ecef0d0269874f71bac51799ba6e6d10e9b8a02aa378f10ee3f2
250a0782da875705bd206ee23c2a46abf90656645a81e084126c5e8c53eeb9d6
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
279e8fc42afa7d0d086eb0cff1e5b6d600f69544096ad9dca6df0f2db6969ff5
2a053c986d53b05149da4b99719fd4c913e4c8a885824b7ded13f070fb13ff6b
2cd0092eae64202d6b9b1ea73aa0360268daf934e722dff59a83b3b1b92088e3
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3d472c5c67f0964a1f839ac63e940778f879627c0120953260f9472224a567dd
3e7db788e384631f8a9f299d1797e6f8af6d16d643a1c91f9e83ae15212de45c
417682461e43a8a51131ba3cfe6abf9cb332cd64b3c33336aad0e28150e96ea1
455049f9214da0dc92a84b2134916773c14504d80f1dab6a3d8097da8962d10a
485fcaef5b0b6af7fa97598295f8036277e51647a725ed677719a511d8540c0c
50008f898b19b167a54e563dcd55b790f4a96a78df41ecee246e4d45e2fb1d36
50754890b719b0f4c8f67f5b4bfb4a05c79544553cc9a3287e5fcad79e346e76
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a0bdf45fbd7fe2f35c5223090b4fc7cbe0c17a6bb1d1c723f278eff3d5773f3
63afc5c9d55bf8a24fa659d2a769d53e4e9fb173a0d1c2d842a1629cd8c20abc
6ae557ab23ee4dd3067e1341887baf42c2ec2d9c798c5a1f24b078a546e01a96
6d2fa087c24524b0ee8b2698866962f411be66eeca06d82a5c7fbd5f39fded9d
6f5562e93178aa7ee1deb15cb8d45229e8efbfe2707982ada0c7ac1902e14191
78d2c2821c44c6e2777d5611842e9672805dcf893f6f730967d5dcd96925765d
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
815192cd8c9bd3434a5c87f8b37558331ce2dde938acf5205a2a9d01737aca73
82f2fb60046c8352f4a6d66202c5782537d4762abfa56bf8e5dedf54b4704d1c
83f702481d4659c67aa110dc8cd57817e7b424fa481918bb31ee2cf8697b4a67
8bd364f33dc4b85c260f837ebc68f50b64c1090fd83a296c2e764ebd0308aeac
9bbd8d0fb0f8613bfe6eb3e47cc80bbe853d0ba2a0d2bda3a717a029c40207fd
9beaa3b4f98adbcc4840bb421ab9ae6cad8cb7d37a5d4947774c2d6117ce37c5
9d29113e839b6252d872a98ff005473cc79b403521c3428fec7cd196557b62ec
9f5c6e2480e1538c9ff68cec3bf07b4f956dc30126414bf844bfad1a3f9551a8
a35990ef68dc8acbd1fc04eeee2591b5b1ef132fb73ca422d8b2d099e371013b
a5f27af9c0c6f37979ebafcac22eb3a613841a3d4e728f4577baf94e64d42f35
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af2264f3682787f6c8c60706f649492e0f530ee374f2372ba7859ff069751312
af4a6d9424e18ced13b9ab3ee007ef3d54a0e23d19c21d1747e73b43465d6563
b44a013bf42bc27201366c0bff436a81cc12cb572e053456c0e3929650b385fb
b96a2561d639e0771a0e653aaa9323ed45ed0b61d81dce1ea5c7dc48b4f29ad0
c644b47f212fd0574d0482094646acb318f57579b6c07f129045813a4239ba15
c68eb0b32013b6a73b865630725ba694c9f9aad2fad0ceed85a0e14f50c2c1bf
c71a7bdc6e1f2f8875556b690007a65be9e5ae1fb285f76d85180c89a3fa52d2
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
dbee8bfe903d4ea9f71b1de60e45e2226d77fe1ff3101cb9f0362f20b44fd96a
dd419bca27c77973a2b9e98a83214f106c001b2594d6a8ece098f6c792e7807c
e10ebd6cc3f48e04a6a8d4bb9ce4a90dd171b02366780b493350ed81a8d08a6e
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed0d9ff22f3c1170f747561c88037e8a98126cf702a1af177af858d73715a2aa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f22005da41e15b7adb453814b37a794f7c6b955f086a6c5fc9980e3c3f6c8bca
f445ee14f2454d974293d28677213ae002e9ac17721fc04b2fdeb037e083b083
f6ed35a67d44bb44c1b4d0cf528df2082d06c202bff7121e9fb2319f53698d30
fb91850a461b7442ca8310a0758898710eca3b52a1c61a27b00db609725c3696