haleon.sayso.health Open in urlscan Pro
57.128.165.232 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://haleon.sayso.health/
Effective URL:
https://haleon.sayso.health/
Submission: On October 11 via manual (October 11th 2023, 7:00:39 pm UTC) from US — Scanned from FR

Summary HTTP 31 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 10 domains to perform 31 HTTP transactions. The main IP is 57.128.165.232, located in France and belongs to OVH, FR. The main domain is haleon.sayso.health.
TLS certificate: Issued by R3 on October 8th 2023. Valid for: 3 months.

This is the only time haleon.sayso.health was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 14	57.128.165.232 57.128.165.232	16276 (OVH) (OVH)
1	52.95.149.125 52.95.149.125	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
3	99.86.4.76 99.86.4.76	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.118.109 146.75.118.109	54113 (FASTLY) (FASTLY)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c03::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
3	54.187.159.182 54.187.159.182	16509 (AMAZON-02) (AMAZON-02)
2	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
1	44.241.248.76 44.241.248.76	16509 (AMAZON-02) (AMAZON-02)
31	12

14 57.128.165.232 (France) 1 redirects

ASN16276 (OVH, FR)

haleon.sayso.health	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sayso.health	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.95.149.125 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: s3-w.eu-west-2.amazonaws.com

prd-sayso-media.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-76.fra6.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.118.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

extend.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c03::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.187.159.182 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-159-182.stripe.com

q.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.176 (United States)

ASN54113 (FASTLY, US)

m.stripe.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.241.248.76 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-241-248-76.us-west-2.compute.amazonaws.com

m.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	sayso.health 1 redirects haleon.sayso.health sayso.health	2 MB
7	stripe.com js.stripe.com — Cisco Umbrella Rank: 1487 q.stripe.com — Cisco Umbrella Rank: 8805 m.stripe.com — Cisco Umbrella Rank: 1382	139 KB
2	stripe.network m.stripe.network — Cisco Umbrella Rank: 1603	16 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	161 KB
1	google.fr www.google.fr — Cisco Umbrella Rank: 15360	408 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 98	256 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2714	256 B
1	vimeocdn.com extend.vimeocdn.com — Cisco Umbrella Rank: 11319	6 KB
1	amazonaws.com prd-sayso-media.s3.amazonaws.com	7 KB
31	10

	Domain	Requested by
10	sayso.health	haleon.sayso.health sayso.health
4	haleon.sayso.health	1 redirects sayso.health
3	q.stripe.com	haleon.sayso.health
3	js.stripe.com	sayso.health js.stripe.com
2	m.stripe.network	js.stripe.com m.stripe.network
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	haleon.sayso.health www.googletagmanager.com
1	m.stripe.com	m.stripe.network
1	www.google.fr	haleon.sayso.health
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	extend.vimeocdn.com	www.googletagmanager.com
1	prd-sayso-media.s3.amazonaws.com	haleon.sayso.health
31	13

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
getfirefox.com
google.com
www.linkedin.com
www.say-so.co.uk

Subject Issuer	Validity	Valid
sayso.health R3	`2023-10-08` - `2024-01-06`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-03-21` - `2023-12-19`	9 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2023-07-31` - `2023-11-30`	4 months	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-02-18` - `2024-03-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.fr GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.stripe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-10-09` - `2024-01-18`	3 months	crt.sh
m.stripe.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-05` - `2024-01-18`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://haleon.sayso.health/
Frame ID: 371A88CA3B163F6EBBFCC64B9E00790C
Requests: 23 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: D2BCF6CFD86F2726175B5F74F9FD8E2B
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: 62CDDBA46D29C7CC8745B3D98643C287
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Haleon - haleon.sayso.health icon-arrow-upicon-calendaricon-chevron-solidicon-chevronicon-clockicon-document--excelicon-document--imgicon-document--pdficon-document--ppticon-document--wordicon-documenticon-eyeicon-flag--solidicon-flagicon-left-arrowicon-linkicon-pin--solidicon-pinicon-printicon-replyicon-right-arrowicon-searchicon-shareicon-speech-bubbleicon-thumb-downicon-thumb-upicon-trashFacebookInstagramLinkedInTwitterVimeo

Page URL History Show full URLs

http://haleon.sayso.health/ HTTP 301
https://haleon.sayso.health/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

31
Requests

100 %
HTTPS

42 %
IPv6

10
Domains

13
Subdomains

12
IPs

5
Countries

2071 kB
Transfer

3510 kB
Size

9
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.microsoft.com/edge
Title: Microsoft Edge

Search URL Search Domain Scan URL

URL: https://getfirefox.com/
Title: Firefox

Search URL Search Domain Scan URL

URL: https://google.com/chrome/
Title: Google Chrome

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/saysomedical/
Title: Connect with us

Search URL Search Domain Scan URL

URL: http://www.say-so.co.uk/
Title: here

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://haleon.sayso.health/ HTTP 301
https://haleon.sayso.health/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
haleon.sayso.health/
Redirect Chain

http://haleon.sayso.health/
https://haleon.sayso.health/

50 KB
16 KB

106ms
68ms

Document
text/html

57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://haleon.sayso.health/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

57.128.165.232 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

1faf096e7e273c867ba364e67e143f50d315cfb170f9c312632423e959de9d7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 11 Oct 2023 19:00:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
cache-control: no-cache
content-security-policy-report-only: connect-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; media-src 'self'; prefetch-src 'self'; font-src 'self'; default-src none; style-src 'self' 'unsafe-inline'; object-src 'unsafe-eval'
cross-origin-opener-policy: same-origin
etag: W/"2112038ecdf118d0834cdf4c80e4cd94"
referrer-policy: same-origin
strict-transport-security: max-age=2592000
vary: Cookie
x-content-type-options: nosniff
x-frame-options: DENY
x-wagtail-cache: skip

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Wed, 11 Oct 2023 19:00:33 GMT
Location: https://haleon.sayso.health/
Server: nginx

GET
H/1.1 200
OK style.1bdc06cd45e0.css
sayso.health/static/css/ 103 KB
19 KB 78ms
38ms Stylesheet
text/css 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/css/style.1bdc06cd45e0.css
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 63f7160ca40b02890d66553ac794eadec986e48f9274e10a8d1ff86cd6285c19

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 15:58:38 GMT
Server: nginx
ETag: W/"6526c62e-19d91"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: keep-alive
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H/1.1 200
OK footer-columns.f629cc163506.css
sayso.health/static/css/ 548 B
615 B 59ms
18ms Stylesheet
text/css 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/css/footer-columns.f629cc163506.css
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 020592e2d2ca571cf6d92687b2a784b514961b59e5020f3635e66ebd20de0328

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 15:58:38 GMT
Server: nginx
ETag: W/"6526c62e-224"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000, public
Connection: keep-alive
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H/1.1 200
OK polyfill-loader.b46c22cce9e4.js Show response
sayso.health/static/js/ 1 KB
962 B 60ms
20ms Script
application/javascript 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/js/polyfill-loader.b46c22cce9e4.js
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 7bd65400aa676e96541055786ba736515cbd708edb1ba780069cd4c80cdcf663

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 15:58:38 GMT
Server: nginx
ETag: W/"6526c62e-467"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000, public
Connection: keep-alive
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H/1.1 200
OK Untitled_design_42_Rk2rYkR.max-300x100.png
prd-sayso-media.s3.amazonaws.com/images/ 7 KB
7 KB 143ms
49ms Image
image/png 52.95.149.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prd-sayso-media.s3.amazonaws.com/images/Untitled_design_42_Rk2rYkR.max-300x100.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DZUYKBJE4QS473K%2F20231011%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231011T190033Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=6a10e017a41a60c5ce3a21d25e9d195cad59c36daf1b7f577bbaa6d892e2976a
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.149.125 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.eu-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash: 5cb34d9042a26d554811f57a193e190901d7e8e9c7fd09640125570ae0487c50

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:35 GMT
Last-Modified: Sun, 08 Oct 2023 12:35:22 GMT
Server: AmazonS3
x-amz-request-id: 6AANFCPGWTCJ8JNN
ETag: "00946036dcde33ca81067cfdf16ce54d"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6930
x-amz-id-2: dB/09la4wwfgqRJUm2fhbcZWJM27IeO+laDul7gVfKtzXvGInxO4YM5oqwqCREhfvpZbxJlWTxU=

GET
H/1.1 200
OK homepage-hero.1865d81ebca1.jpg
sayso.health/static/img/ 20 KB
21 KB 25ms
24ms Image
image/jpeg 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sayso.health/static/img/homepage-hero.1865d81ebca1.jpg
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: a65905cc25f19476e3f285060bbecde009276c56ab221ee10ca147a0ead6bdcc

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Last-Modified: Sun, 25 Jun 2023 17:27:40 GMT
Server: nginx
ETag: "6498790c-51dc"
Content-Type: image/jpeg
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20956
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H/1.1 200
OK logo-with-gradient.afb9185ca1ce.svg
sayso.health/static/img/ 4 KB
2 KB 18ms
18ms Image
image/svg+xml 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sayso.health/static/img/logo-with-gradient.afb9185ca1ce.svg
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 084757c6e796dbbb1f51b76430cfc44bf39b0332a1a6337b5cc27d3ba40d4583

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Content-Encoding: gzip
Last-Modified: Sun, 25 Jun 2023 17:27:40 GMT
Server: nginx
ETag: W/"6498790c-fc9"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H/1.1 200
OK bundle.d9b5eca6f0ad.js Show response
sayso.health/static/js/ 681 KB
177 KB 40ms
39ms Script
application/javascript 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: a0eef492f118c75f0e1ec6ae9127ed0bd4bb49dff556a7031fecce13ba1bd559

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 15:58:38 GMT
Server: nginx
ETag: W/"6526c62e-aa4e7"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000, public
Connection: keep-alive
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 198 KB
71 KB 107ms
44ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN

Requested by

Host: haleon.sayso.health
URL: https://haleon.sayso.health/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0b3e9b26602e1d7caf2c1943fe85efb95e6e8fd165610c0d80541d72c6e56f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 19:00:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72464
x-xss-protection: 0
last-modified: Wed, 11 Oct 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Oct 2023 19:00:34 GMT

GET
H/1.1 200
OK gradient--blue-green.png
sayso.health/static/img/ 118 KB
119 KB 42ms
35ms Image
image/png 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sayso.health/static/img/gradient--blue-green.png?4a2e7532fcc5be3d644746623d2f2ed4
Requested by: Host: sayso.health
URL: https://sayso.health/static/css/style.1bdc06cd45e0.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 0b2122d95de3f209d3842f244e3de631be66cd67f3ce5f797b34d763c3a55a31

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://sayso.health/static/css/style.1bdc06cd45e0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Last-Modified: Wed, 11 Oct 2023 15:58:37 GMT
Server: nginx
ETag: "6526c62d-1d9ea"
Content-Type: image/png
Cache-Control: max-age=31536000, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 121322
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H/1.1 200
OK verdana_bold.ttf
sayso.health/static/font/ 153 KB
153 KB 71ms
35ms Font
application/octet-stream 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/font/verdana_bold.ttf?4822ae379fe7b2e91c509e2551fbdb35
Requested by: Host: sayso.health
URL: https://sayso.health/static/css/style.1bdc06cd45e0.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: bba4571a7cc83c0ccc8b96035e2b165526946b1d45baf73d1b402c65ed48de62

Request headers

Referer: https://sayso.health/static/css/style.1bdc06cd45e0.css
Origin: https://haleon.sayso.health
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Last-Modified: Wed, 11 Oct 2023 15:58:37 GMT
Server: nginx
ETag: "6526c62d-262b4"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 156340

GET
H/1.1 206
Partial Content homepage-hero-vid.aa3136ccf9a7.mp4
sayso.health/static/video/ 1 MB
1 MB 19ms
19ms Media
video/mp4 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/video/homepage-hero-vid.aa3136ccf9a7.mp4
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: 9e5226af71a64f9ed5d0239293f11f7b79072c2b6bc7b47f1b3f7cda349385d3

Request headers

Referer: https://haleon.sayso.health/
Accept-Encoding: identity;q=1, *;q=0
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Range: bytes=0-

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Last-Modified: Sun, 25 Jun 2023 17:27:40 GMT
Server: nginx
ETag: "6498790c-12e56a"
Content-Type: video/mp4
Content-Range: bytes 0-1238377/1238378
Cache-Control: max-age=31536000, public
Connection: keep-alive
Content-Length: 1238378
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H/1.1 200
OK / Show response
haleon.sayso.health/payments/config/ 124 B
972 B 24ms
23ms Fetch
application/json 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://haleon.sayso.health/payments/config/

Requested by

Host: sayso.health
URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

57.128.165.232 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

a3698e487111433ab9984263d6e28c0db5673015120955485417c1f0a88e5961

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://haleon.sayso.health/
accept-language: fr-FR,fr;q=0.9
x-csrftoken: undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
strict-transport-security: max-age=2592000
x-content-type-options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
content-security-policy-report-only: object-src 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self'; prefetch-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline'; media-src 'self'; default-src none; img-src 'self'
Connection: keep-alive
X-XSS-Protection: 1; mode=block
referrer-policy: same-origin, no-referrer-when-downgrade
Server: nginx
cross-origin-opener-policy: same-origin
etag: W/"a68e068d7e9cea5e60dfcb37d9751955"
Vary: Accept-Encoding, Cookie
x-frame-options: DENY
Content-Type: application/json
cache-control: max-age=0
expires: Wed, 11 Oct 2023 19:00:34 GMT

GET
H2 200 v3 Show response
js.stripe.com/ 539 KB
134 KB 116ms
40ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: sayso.health
URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

97cd2b5c1a4ec41f473967d55acaeb6a11548fce8e512099b71531fb070b668f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Wed, 11 Oct 2023 18:59:50 GMT
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 46
x-cache: Hit from cloudfront
last-modified: Wed, 11 Oct 2023 17:15:02 GMT
server: Cloudfront
etag: W/"e234714e6d5f6ca86cfcc1316c86a3e4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: nZowWCCkSFE4lhgsYC7NrJEayYSahf53TtaJRr4HBKdaQFYuYzy7zA==

GET
H/1.1 200
OK tzdetect.min.cbab13600a82.js Show response
sayso.health/static/tz_detect/js/ 978 B
890 B 18ms
18ms Script
application/javascript 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://sayso.health/static/tz_detect/js/tzdetect.min.cbab13600a82.js
Requested by: Host: haleon.sayso.health
URL: https://haleon.sayso.health/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 57.128.165.232 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx /
Resource Hash: bd6e8d266552a16b2b3d7ef67e2aee11c03d4a1b7b0f37379eae9540730ffd31

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 11 Oct 2023 15:58:38 GMT
Server: nginx
ETag: W/"6526c62e-3d2"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000, public
Connection: keep-alive
Expires: Thu, 10 Oct 2024 19:00:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 87ms
26ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 11 Oct 2023 17:51:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4141
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 11 Oct 2023 19:51:33 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 266 KB
90 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

438b1804dd935ec26719749b363d7fcff0766ed784c6a75cd3408394e72b1579

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Wed, 11 Oct 2023 19:00:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91603
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 11 Oct 2023 19:00:34 GMT

GET
H2 200 98581854.js Show response
extend.vimeocdn.com/ga/ 17 KB
6 KB 88ms
25ms Script
text/javascript 146.75.118.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://extend.vimeocdn.com/ga/98581854.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.118.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: Apache /
Resource Hash: 6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-cache-hits: 132631
date: Wed, 11 Oct 2023 19:00:34 GMT
content-encoding: gzip
via: 1.1 varnish
age: 30717437
x-cache: HIT
content-length: 5579
x-served-by: cache-fra-eddf8230070-FRA
last-modified: Thu, 20 Oct 2022 22:49:15 GMT
server: Apache
x-timer: S1697050834.376137,VS0,VE0
etag: "421e-5eb7f2274b0c0-gzip"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
x-vimeo-dc: ge
x-bapp-server: assets-769d499c7b-6rkpw
cache-control: max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Oct 2032 06:23:15 GMT

POST
H/1.1 200
OK / Show response
haleon.sayso.health/tz_detect/set/ 2 B
892 B 33ms
33ms XHR
text/html 57.128.165.232
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://haleon.sayso.health/tz_detect/set/

Requested by

Host: sayso.health
URL: https://sayso.health/static/tz_detect/js/tzdetect.min.cbab13600a82.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

57.128.165.232 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx /

Resource Hash

565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://haleon.sayso.health/
accept-language: fr-FR,fr;q=0.9
x-csrftoken: rbzmznKICISmkxGgSc40ziNUT7b3fDCSKf4QIutZyxVnRELchTwcCeNubNL7MH5s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 11 Oct 2023 19:00:34 GMT
strict-transport-security: max-age=2592000
x-content-type-options: nosniff
referrer-policy: same-origin, no-referrer-when-downgrade
x-wagtail-cache: skip
Server: nginx
cross-origin-opener-policy: same-origin
x-frame-options: DENY
vary: Cookie
Content-Type: text/html; charset=utf-8
content-security-policy-report-only: connect-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; media-src 'self'; prefetch-src 'self'; font-src 'self'; default-src none; style-src 'self' 'unsafe-inline'; object-src 'unsafe-eval'
cache-control: no-cache
Connection: keep-alive
Content-Length: 2
X-XSS-Protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 67ms
23ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-RPGN3JYHWG&gtm=45je3a90&_p=2015867554&_gaz=1&cid=733642324.1697050834&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697050834&sct=1&seg=0&dl=https%3A%2F%2Fhaleon.sayso.health%2F&dt=Haleon%20-%20haleon.sayso.health&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Oct 2023 19:00:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://haleon.sayso.health
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 72ms
23ms Ping
text/plain 2a00:1450:400c:c03::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RPGN3JYHWG&cid=733642324.1697050834&gtm=45je3a90&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c03::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Oct 2023 19:00:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://haleon.sayso.health
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.fr/ads/ 42 B
408 B 125ms
65ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.fr/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RPGN3JYHWG&cid=733642324.1697050834&gtm=45je3a90&aip=1&z=647212522

Requested by

Host: haleon.sayso.health
URL: https://haleon.sayso.health/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://haleon.sayso.health/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Oct 2023 19:00:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
210 B 33ms
33ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2015867554&t=pageview&_s=1&dl=https%3A%2F%2Fhaleon.sayso.health%2F&ul=en-us&de=UTF-8&dt=Haleon%20-%20haleon.sayso.health&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=549570183&gjid=2035323120&cid=733642324.1697050834&tid=UA-146432266-1&_gid=622879745.1697050834&_r=1&_slc=1&gtm=45He3a90n81K39DDXN&z=121947369

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://haleon.sayso.health/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Oct 2023 19:00:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://haleon.sayso.health
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m-outer-27c67c0d52761104439bb051c7856ab1.html Show response
js.stripe.com/v3/ Frame D2BC 200 B
1 KB 27ms
27ms Document
text/html 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://haleon.sayso.health/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2688
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 11 Oct 2023 18:18:10 GMT
etag: "27c67c0d52761104439bb051c7856ab1"
last-modified: Fri, 06 Oct 2023 20:54:34 GMT
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
x-amz-cf-id: vClaGCkOmnJe34NV1AzcVgXVsVdnZzSeGvKahE9JyfUfQdJEnnS8jw==
x-amz-cf-pop: FRA6-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 m-outer-6576085ca35ee42f2f484cda6763e4aa.js Show response
js.stripe.com/v3/fingerprinted/js/ Frame D2BC 631 B
1 KB 27ms
26ms Script
text/javascript 99.86.4.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.76 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-76.fra6.r.cloudfront.net

Software

Cloudfront /

Resource Hash

f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 11 Oct 2023 18:25:28 GMT
x-content-type-options: nosniff
via: 1.1 d357d5d597708d2b41e0fea397aa2620.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 2106
x-cache: Hit from cloudfront
content-length: 631
last-modified: Fri, 06 Oct 2023 20:54:32 GMT
server: Cloudfront
etag: "70cacf09ae81711ac6dcbc5ee59750c4"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: 0bB6MGQx_kT-g929cLEEsuMeLUWE1S57qjJ1p4ylU4XernSB-gUWcA==

POST
H2 200 csp-report
q.stripe.com/ Frame D2BC 0
716 B 508ms
167ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: haleon.sayso.health
URL: https://haleon.sayso.health/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 11 Oct 2023 19:00:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1697050835027685
x-envoy-upstream-service-time: 4
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 1
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1697050835026513
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

POST
H2 200 csp-report
q.stripe.com/ Frame D2BC 0
717 B 505ms
164ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: haleon.sayso.health
URL: https://haleon.sayso.health/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 11 Oct 2023 19:00:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1697050835026793
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms: 0
access-control-allow-origin: https://js.stripe.com
x-stripe-client-envoy-start-time-us: 1697050835026457
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers: Server, Range, Content-Type
x-robots-tag: none
access-control-allow-headers: Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires: 0

GET
H2 200 inner.html Show response
m.stripe.network/ Frame 62CD 930 B
1 KB 73ms
21ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/inner.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://js.stripe.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 181
cache-control: max-age=300, public
content-encoding: br
content-length: 540
content-security-policy: base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Wed, 11 Oct 2023 19:00:34 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: Accept-Encoding, Origin
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 278
x-content-type-options: nosniff
x-request-id: 3687c6d0-7362-4372-978c-9bd77e78527e
x-served-by: cache-lcy-eglc8600070-LCY
x-timer: S1697050835.670337,VS0,VE0

POST
H2 200 csp-report
q.stripe.com/ Frame 62CD 0
490 B 425ms
165ms Other
text/plain 54.187.159.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://q.stripe.com/csp-report

Requested by

Host: haleon.sayso.health
URL: https://haleon.sayso.health/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.187.159.182 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-54-187-159-182.stripe.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Wed, 11 Oct 2023 19:00:35 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1697050835026919
x-envoy-upstream-service-time: 1
content-length: 0
x-stripe-bg-intended-route-color: blue
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
cross-origin-opener-policy: same-origin
x-stripe-server-envoy-upstream-service-time-ms: 0
x-stripe-client-envoy-start-time-us: 1697050835026528
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-robots-tag: none
expires: 0

GET
H2 200 out-4.5.43.js Show response
m.stripe.network/ Frame 62CD 87 KB
15 KB 18ms
18ms Script
text/javascript 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.network/out-4.5.43.js

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/inner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://m.stripe.network/inner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31556926; includeSubDomains; preload
date: Wed, 11 Oct 2023 19:00:34 GMT
x-content-type-options: nosniff
content-encoding: br
via: 1.1 varnish
age: 140
x-cache: HIT
content-length: 15509
x-request-id: 8c6e2c0a-2784-4112-b10a-9b845ac5a907
x-served-by: cache-lcy-eglc8600070-LCY
server: Fastly
x-timer: S1697050835.694727,VS0,VE0
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=300, public
accept-ranges: bytes
x-cache-hits: 205

POST
H2 200 6 Show response
m.stripe.com/ Frame 62CD 156 B
669 B 504ms
170ms XHR
application/json 44.241.248.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://m.stripe.com/6

Requested by

Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.241.248.76 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-241-248-76.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

2b5221b93f930651c89a22e7bce7cab553c067d0f7eb83d0bc83ef230e098bcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://m.stripe.network/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color: green
date: Wed, 11 Oct 2023 19:00:35 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
x-stripe-server-envoy-start-time-us: 1697050835173650
server: nginx
content-type: application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms: 4
access-control-allow-origin: https://m.stripe.network
x-stripe-client-envoy-start-time-us: 1697050835173088
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 156

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
haleon.sayso.health/	1970-01-21 00:08:20	Name: csrftoken Value: teFEjhTr6ZdbHhf6zRCmd6aKsQKeHeDK
.sayso.health/	1970-01-20 15:44:20	Name: sessionid Value: ogusvha0di72scpmuowaywj77fzwrlcz
.sayso.health/	1970-01-21 01:00:10	Name: _ga_RPGN3JYHWG Value: GS1.1.1697050834.1.0.1697050834.60.0.0
.sayso.health/	1970-01-21 01:00:10	Name: _ga Value: GA1.2.733642324.1697050834
.sayso.health/	1970-01-20 15:25:37	Name: _gid Value: GA1.2.622879745.1697050834
.sayso.health/	1970-01-20 15:24:10	Name: _gat_UA-146432266-1 Value: 1
m.stripe.com/	1970-01-21 01:00:10	Name: m Value: bc9dc924-a29f-40ae-8647-74a3cfabd17333eeeb
.haleon.sayso.health/	1970-01-21 00:09:46	Name: __stripe_mid Value: cb15493a-1f57-4034-acaf-fbf13d168c0d5ea788
.haleon.sayso.health/	1970-01-20 15:24:12	Name: __stripe_sid Value: 9de5c9fc-7f25-4283-8a84-39796ee391fb21df26

278 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://haleon.sayso.health/ Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://haleon.sayso.health/(Line 53) Message: [Report Only] Refused to load the script 'https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://haleon.sayso.health/(Line 68) Message: [Report Only] Refused to load the image 'https://sayso.health/static/img/favicon.df314595c4d6.png' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/(Line 69) Message: [Report Only] Refused to load the image 'https://sayso.health/static/img/apple-touch-icon.df314595c4d6.png' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/(Line 72) Message: [Report Only] Refused to load the stylesheet 'https://sayso.health/static/css/style.1bdc06cd45e0.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://haleon.sayso.health/(Line 73) Message: [Report Only] Refused to load the stylesheet 'https://sayso.health/static/css/footer-columns.f629cc163506.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the script 'https://sayso.health/static/js/polyfill-loader.b46c22cce9e4.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://haleon.sayso.health/(Line 156) Message: [Report Only] Refused to load the image 'https://prd-sayso-media.s3.amazonaws.com/images/Untitled_design_42_Rk2rYkR.max-300x100.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA6DZUYKBJE4QS473K%2F20231011%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20231011T190033Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=6a10e017a41a60c5ce3a21d25e9d195cad59c36daf1b7f577bbaa6d892e2976a' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/(Line 186) Message: [Report Only] Refused to load the image 'https://sayso.health/static/img/homepage-hero.1865d81ebca1.jpg' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/(Line 252) Message: [Report Only] Refused to load the image 'https://sayso.health/static/img/logo-with-gradient.afb9185ca1ce.svg' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the script 'https://sayso.health/static/js/bundle.d9b5eca6f0ad.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the font 'https://sayso.health/static/font/ziaHW.ttf?e11b6ab5fbbdbeabeec4515d8c2abc32' because it violates the following Content Security Policy directive: "font-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the font 'https://sayso.health/static/font/verdana_bold.ttf?4822ae379fe7b2e91c509e2551fbdb35' because it violates the following Content Security Policy directive: "font-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the font 'https://sayso.health/static/font/Raleway-VariableFont_wght.ttf?3ec1aa8901bbee53c49cc8b4e011a0e1' because it violates the following Content Security Policy directive: "font-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the font 'https://sayso.health/static/font/Freight-Text-Medium.ttf?49d733ba930ed1a06ff413291db1449c' because it violates the following Content Security Policy directive: "font-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the image 'https://sayso.health/static/img/gradient--blue-green.png?4a2e7532fcc5be3d644746623d2f2ed4' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the image 'https://sayso.health/static/img/homepage-hero.1865d81ebca1.jpg' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load media from 'https://sayso.health/static/video/homepage-hero-vid.aa3136ccf9a7.mp4' because it violates the following Content Security Policy directive: "media-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load media from 'https://sayso.health/static/video/homepage-hero-vid.aa3136ccf9a7.mp4' because it violates the following Content Security Policy directive: "media-src 'self'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://sayso.health/static/js/bundle.d9b5eca6f0ad.js(Line 1) Message: [Report Only] Refused to load the script 'https://js.stripe.com/v3' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://haleon.sayso.health/(Line 586) Message: [Report Only] Refused to load the script 'https://sayso.health/static/tz_detect/js/tzdetect.min.cbab13600a82.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN(Line 70) Message: [Report Only] Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN(Line 70) Message: [Report Only] Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-K39DDXN(Line 456) Message: [Report Only] Refused to load the script 'https://extend.vimeocdn.com/ga/98581854.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c(Line 179) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-RPGN3JYHWG&gtm=45je3a90&_p=2015867554&_gaz=1&cid=733642324.1697050834&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697050834&sct=1&seg=0&dl=https%3A%2F%2Fhaleon.sayso.health%2F&dt=Haleon%20-%20haleon.sayso.health&en=page_view&_fv=1&_nsi=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c(Line 179) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-RPGN3JYHWG&gtm=45je3a90&_p=2015867554&_gaz=1&cid=733642324.1697050834&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1697050834&sct=1&seg=0&dl=https%3A%2F%2Fhaleon.sayso.health%2F&dt=Haleon%20-%20haleon.sayso.health&en=page_view&_fv=1&_nsi=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c(Line 179) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RPGN3JYHWG&cid=733642324.1697050834&gtm=45je3a90&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-RPGN3JYHWG&l=dataLayer&cx=c(Line 179) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-RPGN3JYHWG&cid=733642324.1697050834&gtm=45je3a90&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://haleon.sayso.health/ Message: [Report Only] Refused to load the image 'https://www.google.fr/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-RPGN3JYHWG&cid=733642324.1697050834&gtm=45je3a90&aip=1&z=647212522' because it violates the following Content Security Policy directive: "img-src 'self'".
security	error	URL: https://www.google-analytics.com/analytics.js(Line 35) Message: [Report Only] Refused to connect to 'https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2015867554&t=pageview&_s=1&dl=https%3A%2F%2Fhaleon.sayso.health%2F&ul=en-us&de=UTF-8&dt=Haleon%20-%20haleon.sayso.health&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=549570183&gjid=2035323120&cid=733642324.1697050834&tid=UA-146432266-1&_gid=622879745.1697050834&_r=1&_slc=1&gtm=45He3a90n81K39DDXN&z=121947369' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://js.stripe.com/v3 Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://js.stripe.com/ Message: [Report Only] Refused to frame 'https://js.stripe.com/' because it violates the following Content Security Policy directive: "default-src none". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://js.stripe.com/ Message: [Report Only] Refused to frame 'https://js.stripe.com/' because it violates the following Content Security Policy directive: "default-src none". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=2592000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

extend.vimeocdn.com
haleon.sayso.health
js.stripe.com
m.stripe.com
m.stripe.network
prd-sayso-media.s3.amazonaws.com
q.stripe.com
region1.analytics.google.com
sayso.health
stats.g.doubleclick.net
www.google-analytics.com
www.google.fr
www.googletagmanager.com
146.75.118.109
151.101.192.176
2001:4860:4802:34::36
2a00:1450:4001:806::200e
2a00:1450:4001:80b::2008
2a00:1450:4001:829::2003
2a00:1450:400c:c03::9b
44.241.248.76
52.95.149.125
54.187.159.182
57.128.165.232
99.86.4.76
020592e2d2ca571cf6d92687b2a784b514961b59e5020f3635e66ebd20de0328
084757c6e796dbbb1f51b76430cfc44bf39b0332a1a6337b5cc27d3ba40d4583
0b2122d95de3f209d3842f244e3de631be66cd67f3ce5f797b34d763c3a55a31
0b3e9b26602e1d7caf2c1943fe85efb95e6e8fd165610c0d80541d72c6e56f2c
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1faf096e7e273c867ba364e67e143f50d315cfb170f9c312632423e959de9d7f
2b5221b93f930651c89a22e7bce7cab553c067d0f7eb83d0bc83ef230e098bcb
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
438b1804dd935ec26719749b363d7fcff0766ed784c6a75cd3408394e72b1579
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5cb34d9042a26d554811f57a193e190901d7e8e9c7fd09640125570ae0487c50
63f7160ca40b02890d66553ac794eadec986e48f9274e10a8d1ff86cd6285c19
6c649cc3d4aee7683250622541a6045ad4ac3beb93df1fcdd3ec1f7f12a1ff44
7bd65400aa676e96541055786ba736515cbd708edb1ba780069cd4c80cdcf663
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
97cd2b5c1a4ec41f473967d55acaeb6a11548fce8e512099b71531fb070b668f
9e5226af71a64f9ed5d0239293f11f7b79072c2b6bc7b47f1b3f7cda349385d3
a0eef492f118c75f0e1ec6ae9127ed0bd4bb49dff556a7031fecce13ba1bd559
a3698e487111433ab9984263d6e28c0db5673015120955485417c1f0a88e5961
a65905cc25f19476e3f285060bbecde009276c56ab221ee10ca147a0ead6bdcc
bba4571a7cc83c0ccc8b96035e2b165526946b1d45baf73d1b402c65ed48de62
bd6e8d266552a16b2b3d7ef67e2aee11c03d4a1b7b0f37379eae9540730ffd31
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947

haleon.sayso.health Open in urlscan Pro 57.128.165.232 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

31 Requests

100 %HTTPS

42 %IPv6

10 Domains

13 Subdomains

12 IPs

5 Countries

2071 kBTransfer

3510 kBSize

9 Cookies

5 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

haleon.sayso.health Open in urlscan Pro
57.128.165.232 Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

100 %
HTTPS

42 %
IPv6

10
Domains

13
Subdomains

12
IPs

5
Countries

2071 kB
Transfer

3510 kB
Size

9
Cookies

31 HTTP transactions
0 data transactions