urlscan.io logo urlscan.io
SecurityTrails logo

www.nationwide.co.uk Open in urlscan Pro
155.131.144.68  Public Scan

Go To Rescan Add Verdict Report
URL: http://www.nationwide.co.uk/pgp
Submission: On August 03 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 155.131.144.68, located in Swindon, United Kingdom and belongs to , GB. The main domain is www.nationwide.co.uk.
This is the only time www.nationwide.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 155.131.144.68 13114 ()
1 155.131.128.24 13114 ()
1 66.117.29.4 15224 (OMNITURE)
1 66.235.148.133 15224 (OMNITURE)
2 104.109.75.169 20940 (AKAMAI-ASN1)
19 6
13    155.131.144.68 (Swindon, United Kingdom)

ASN13114 (, GB)
PTR: ndc.aggregator.nationet.com
www.nationwide.co.uk
1    155.131.128.24 (Swindon, United Kingdom)

ASN13114 (, GB)
PTR: du14.onlinebanking.nationwide.co.uk
onlinebanking.nationwide.co.uk
1    66.117.29.4 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
nationwidebuildingso.tt.omtrdc.net
1    66.235.148.133 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.d2.sc.omtrdc.net
metrics.nationwide.co.uk
2    104.109.75.169 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-75-169.deploy.static.akamaitechnologies.com
pixel.mathtag.com
Domain Requested by
13 www.nationwide.co.uk www.nationwide.co.uk
2 pixel.mathtag.com www.nationwide.co.uk
pixel.mathtag.com
1 metrics.nationwide.co.uk www.nationwide.co.uk
1 nationwidebuildingso.tt.omtrdc.net www.nationwide.co.uk
1 onlinebanking.nationwide.co.uk www.nationwide.co.uk
19 5
Subject Issuer Validity Valid
onlinebanking.nationwide.co.uk
Symantec Class 3 EV SSL CA - G3		 2015-10-14 -
2017-10-14		 2 years crt.sh
*.tt.omtrdc.net
DigiCert SHA2 High Assurance Server CA		 2014-07-29 -
2017-11-03		 3 years crt.sh
pixel.mathtag.com
Symantec Class 3 Secure Server CA - G4		 2017-02-06 -
2018-02-06		 a year crt.sh

This page contains 2 frames:

Primary Page: http://www.nationwide.co.uk/pgp
Frame ID: 29913.1
Requests: 21 HTTP requests in this frame

Frame: https://pixel.mathtag.com/sync/iframe?mt_uuid=c0585984-a6e2-4c00-980e-e35059f3c513&no_iframe=1&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mt_exid=10068
Frame ID: 29913.2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

19
Requests

21 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

6
IPs

3
Countries

579 kB
Transfer

1219 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 16
  • http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/s59728915197208?AQB=1&ndh=1&pf=1&t=3%2F7%2F2017%2022%3A42%3A42%204%200&fid=7BC8E96C4B2D107A-11D044B07F4B102D&ce=UTF-8&ns=nationwide&c...
  • http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/s59728915197208?AQB=1&pccr=true&vidn=2CC1D37105313EAC-6000012AA00082AC&&ndh=1&pf=1&t=3%2F7%2F2017%2022%3A42%3A42%204%200&fid=7BC8E96C...
Request 18
  • https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2...
  • https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2...

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request pgp
www.nationwide.co.uk/ 		133 KB
133 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
048fcaea709b88404eb509fccb7a89a0636f6a4178ad45b93577ea18bf225a5c
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Date
Thu, 03 Aug 2017 22:42:41 GMT
x-frame-options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store,max-age=300
Content-Length
136080
x-xss-protection
1; mode=block
Expires
-1
default.min.css
www.nationwide.co.uk/assets/main-site/style/ 		564 KB
95 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/style/default.min.css
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
61680a510eb319139c8f12cbe8299487e253acada434889b3ce844e36815a9b8
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 17 Jul 2017 15:26:48 GMT
ETag
"0ec41b11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
97344
x-xss-protection
1; mode=block
meganavflyout.hotfix.css
www.nationwide.co.uk/~/media/MainSite/css/ 		105 B
211 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/~/media/MainSite/css/meganavflyout.hotfix.css
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
429799489f780dafff620c295b42cead691065094774a492e1ed70a4a1155e05
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Fri, 05 May 2017 12:11:12 GMT
Date
Thu, 03 Aug 2017 22:42:40 GMT
x-frame-options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800,max-age=300
Content-Disposition
attachment; filename="meganavflyout.hotfix.css"
Accept-Ranges
bytes
Content-Length
211
x-xss-protection
1; mode=block
Expires
Thu, 10 Aug 2017 22:42:41 GMT
hero.css
www.nationwide.co.uk/~/css/assets/main-site/generated/css/ 		1 KB
384 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/~/css/assets/main-site/generated/css/hero.css?id=5736BF6F685C48B5BB16C59EA40B9568
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
1c07fa7b892a6a35b3c569cc783cd8cc68abc8d88abaf2b96c99248ee8267e6a
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding
gzip
x-frame-options
SAMEORIGIN
Date
Thu, 03 Aug 2017 22:42:41 GMT
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
private,max-age=300
Content-Length
384
x-xss-protection
1; mode=block
logo2xtrans.png
www.nationwide.co.uk/~/media/System/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.nationwide.co.uk/~/media/System/logo2xtrans.png?h=83&w=320
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
6bf007f26e6ef3afceb0f3d750714b9f63c34f50960b9fd6d1f92539e9c83724
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified
Thu, 18 Aug 2016 09:09:42 GMT
Date
Thu, 03 Aug 2017 22:42:41 GMT
x-frame-options
SAMEORIGIN
Content-Type
image/png
Cache-Control
private, max-age=604800,max-age=300
Content-Disposition
inline; filename="logo2xtrans.png"
Accept-Ranges
bytes
Content-Length
2294
x-xss-protection
1; mode=block
Expires
Thu, 10 Aug 2017 22:42:41 GMT
nbs-homepage.min.js
www.nationwide.co.uk/assets/main-site/script/bundle/ 		181 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
20517d0d02ea8e192b36380e183b3e1ba77ef43b4fce69139599c225ee2f1bc9
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 17 Jul 2017 15:26:48 GMT
ETag
"0ec41b11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
59338
x-xss-protection
1; mode=block
nbs-combined.min.js
www.nationwide.co.uk/assets/main-site/script/bundle/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-combined.min.js
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
0feecd1a5abc131d99067b87d4ac8830e84a4fc209810112c0395cb8297f8034
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 17 Jul 2017 15:26:48 GMT
ETag
"0ec41b11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
4261
x-xss-protection
1; mode=block
/
onlinebanking.nationwide.co.uk/ 		12 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://onlinebanking.nationwide.co.uk/
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
155.131.128.24 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
du14.onlinebanking.nationwide.co.uk
Software
/
Resource Hash
9b4bf2dac37abc0809a6e45c6109a0ffff77d094ae42c81ee3afce41e1d50816

Request headers

Purpose
prefetch
Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 03 Aug 2017 22:42:42 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
r
35.0.35026.2
Expires
-1
standard
nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nationwidebuildingso.tt.omtrdc.net/m2/nationwidebuildingso/mbox/standard?mboxHost=www.nationwide.co.uk&mboxPage=9b07e2f6f9fa42f589c287939a702ca0&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=0&colorDepth=24&mboxSession=9b07e2f6f9fa42f589c287939a702ca0&mboxXDomain=enabled&mboxCount=1&mboxTime=1501800162023&page_name=bw%3Aerror&mbox=bw%3Aglobal%20mbox&mboxId=0&mboxURL=http%3A%2F%2Fwww.nationwide.co.uk%2Fpgp&mboxReferrer=&mboxVersion=61
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.4 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
Test & Target /
Resource Hash
5cac661b899714b3ce802f20f40c5ca721529c06d2f7082f836bcea6a9d6a306

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Thu, 03 Aug 2017 22:42:41 GMT
content-encoding
gzip
server
Test & Target
vary
Accept-Encoding
p3p
CP="NOI DSP CURa OUR STP COM", CP="NOI DSP CURa OUR STP COM"
status
200
cache-control
no-cache
content-type
text/javascript;charset=utf-8
page-body.png
www.nationwide.co.uk/assets/main-site/images/background/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.nationwide.co.uk/assets/main-site/images/background/page-body.png
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
17561150e865649a9aeeee94cb0f7a17d5e77147d3f2edefbee566f95128ddb3
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/assets/main-site/style/default.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified
Mon, 17 Jul 2017 15:26:50 GMT
ETag
"019361c11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
2100
x-xss-protection
1; mode=block
nbs-medium-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 		33 KB
33 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/fonts/nbs-medium-webfont.woff
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
154f369084c28c7ceaf71531663e84382b0f3ac78fffa7f91c4543499b8ee41b
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
http://www.nationwide.co.uk/assets/main-site/style/default.min.css
Origin
http://www.nationwide.co.uk

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified
Mon, 17 Jul 2017 15:26:54 GMT
ETag
"073981e11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
34084
x-xss-protection
1; mode=block
nbs-bold-webfont.woff
www.nationwide.co.uk/assets/main-site/fonts/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/fonts/nbs-bold-webfont.woff
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
5cfc1d72a6c4c817544222468ad1a2f27ed404481f529f223c05c1c52bb3ba2c
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
http://www.nationwide.co.uk/assets/main-site/style/default.min.css
Origin
http://www.nationwide.co.uk

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified
Mon, 17 Jul 2017 15:26:54 GMT
ETag
"073981e11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
33208
x-xss-protection
1; mode=block
nbs-icons-lite.woff
www.nationwide.co.uk/assets/main-site/fonts/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/fonts/nbs-icons-lite.woff
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
d016d0dc536eb220dcd2de00269ecb518f0ba7dfdb9b5c60624a49556854a4cb
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36
Referer
http://www.nationwide.co.uk/assets/main-site/style/default.min.css
Origin
http://www.nationwide.co.uk

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified
Mon, 17 Jul 2017 15:26:56 GMT
ETag
"0a0c91f11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
application/x-font-woff
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
7612
x-xss-protection
1; mode=block
truncated
/ 		83 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c3b918df3d0dc8ce11328cd21f8d9defc5858231b70bb11cd896f2f0bf5ae46

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif;charset=UTF-8
error-page-1200.jpg
www.nationwide.co.uk/~/media/MainSite/images/shared/hero-banners/ 		196 KB
196 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://www.nationwide.co.uk/~/media/MainSite/images/shared/hero-banners/error-page-1200.jpg?h=690&w=1200
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
cdf32b7f2f7ba43e9b5cc1654a71f23e11134bde482642828f89d7fe26fbca0b
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/~/css/assets/main-site/generated/css/hero.css?id=5736BF6F685C48B5BB16C59EA40B9568
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Last-Modified
Fri, 28 Feb 2014 21:30:54 GMT
Date
Thu, 03 Aug 2017 22:42:41 GMT
x-frame-options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
private, max-age=604800,max-age=300
Content-Disposition
inline; filename="error-page-1200.jpg"
Accept-Ranges
bytes
Content-Length
200866
x-xss-protection
1; mode=block
Expires
Thu, 10 Aug 2017 22:42:42 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
698294585a9b44f5abd3073732325a0436f19bfa7b3ae2b89c88653803011c95

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif;charset=UTF-8
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
387cfaa1ebcfdd7d3495a7372cf6381ea76fcd37fc500663f9799e896d537d6c

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
s59728915197208
metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/
Redirect Chain
  • http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/s59728915197208?AQB=1&ndh=1&pf=1&t=3%2F7%2F2017%2022%3A42%3A42%204%200&fid=7BC8E96C4B2D107A-11D044B07F4B102D&ce=UTF-8&ns=nationwide&c...
  • http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/s59728915197208?AQB=1&pccr=true&vidn=2CC1D37105313EAC-6000012AA00082AC&&ndh=1&pf=1&t=3%2F7%2F2017%2022%3A42%3A42%204%200&fid=7BC8E96C...
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/s59728915197208?AQB=1&pccr=true&vidn=2CC1D37105313EAC-6000012AA00082AC&&ndh=1&pf=1&t=3%2F7%2F2017%2022%3A42%3A42%204%200&fid=7BC8E96C4B2D107A-11D044B07F4B102D&ce=UTF-8&ns=nationwide&cdp=3&fpCookieDomainPeriods=3&pageName=bw%3Aservererror%3A404&g=http%3A%2F%2Fwww.nationwide.co.uk%2Fpgp&c.&page.&nbs_cms_page_version=7&.page&nbs_version_sc=a%3A1.6.3_v%3Ana_m%3A61_d%3Ana_20170608_001&.c&cc=GBP&ch=Brochureware&tnt=89541%3A1%3A0%2C&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Aerror&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Server
66.235.148.133 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.d2.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 03 Aug 2017 22:42:42 GMT
X-C
ms-5.4.0
P3P
CP="This is not a P3P policy"
Connection
Keep-Alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 04 Aug 2017 22:42:42 GMT
Server
Omniture DC/2.0.0
xserver
www170
ETag
"5983A6E2-BEE5-42A8760C"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Keep-Alive
timeout=15
Expires
Wed, 02 Aug 2017 22:42:42 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 03 Aug 2017 22:42:42 GMT
Last-Modified
Fri, 04 Aug 2017 22:42:42 GMT
Server
Omniture DC
Access-Control-Allow-Origin
*
xserver
www285
X-C
ms-5.4.0
P3P
CP="This is not a P3P policy"
Location
http://metrics.nationwide.co.uk/b/ss/nationwidelive1/1/JS-1.6.3/s59728915197208?AQB=1&pccr=true&vidn=2CC1D37105313EAC-6000012AA00082AC&&ndh=1&pf=1&t=3%2F7%2F2017%2022%3A42%3A42%204%200&fid=7BC8E96C4B2D107A-11D044B07F4B102D&ce=UTF-8&ns=nationwide&cdp=3&fpCookieDomainPeriods=3&pageName=bw%3Aservererror%3A404&g=http%3A%2F%2Fwww.nationwide.co.uk%2Fpgp&c.&page.&nbs_cms_page_version=7&.page&nbs_version_sc=a%3A1.6.3_v%3Ana_m%3A61_d%3Ana_20170608_001&.c&cc=GBP&ch=Brochureware&tnt=89541%3A1%3A0%2C&c71=D%3Ds_vi&c73=largeDesktop%20site%7Clandscape&c74=bw%3Aerror&v74=D%3Dc74&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Connection
Keep-Alive
Content-Type
text/plain
Keep-Alive
timeout=15
Content-Length
0
Expires
Wed, 02 Aug 2017 22:42:42 GMT
nbs-lazy-load.min.js
www.nationwide.co.uk/assets/main-site/script/bundle/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-lazy-load.min.js?v=20170205
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/assets/main-site/script/bundle/nbs-homepage.min.js?v=20160812
Protocol
HTTP/1.1
Server
155.131.144.68 Swindon, United Kingdom, ASN13114 (, GB),
Reverse DNS
ndc.aggregator.nationet.com
Software
/
Resource Hash
e8d0cd8c849950bf2c46dbe98b00b5bcae187f2d7abbd42b80e370fc409eb57d
Security Headers
Name Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Content-Security-Policy
default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 17 Jul 2017 15:26:48 GMT
ETag
"0ec41b11ffd21:0"
x-frame-options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
max-age=300
Date
Thu, 03 Aug 2017 22:42:41 GMT
Accept-Ranges
bytes
Content-Length
7001
x-xss-protection
1; mode=block
js
pixel.mathtag.com/sync/
Redirect Chain
  • https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2...
  • https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2...
 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.75.169 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-75-169.deploy.static.akamaitechnologies.com
Software
MT3 1.15.11.0 033507e RELEASE cdg-pixel-x13 /
Resource Hash
5faf8e5c2378f00352b7d49c69a153623a184e7193e811b72292ee5007c663ed

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 03 Aug 2017 22:42:42 GMT
Server
MT3 1.15.11.0 033507e RELEASE cdg-pixel-x13
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript
Content-Length
1790
Expires
Thu, 03 Aug 2017 22:42:41 GMT

Redirect headers

Date
Thu, 03 Aug 2017 22:42:42 GMT
Server
MT3 1.15.11.0 033507e RELEASE cdg-pixel-x13
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://pixel.mathtag.com/sync/js?sync=auto&mt_exid=10068&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mm_bnc&mm_bct
Cache-Control
no-cache
Connection
keep-alive
Content-Type
text/javascript
Content-Length
0
Expires
Thu, 03 Aug 2017 22:42:41 GMT
img
pixel.mathtag.com/misc/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mathtag.com/misc/img?mm_bnc&bcdv=0
Requested by
Host: www.nationwide.co.uk
URL: http://www.nationwide.co.uk/pgp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.109.75.169 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a104-109-75-169.deploy.static.akamaitechnologies.com
Software
MT3 1.15.11.0 033507e RELEASE cdg-pixel-x1 /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
http://www.nationwide.co.uk/pgp
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date
Thu, 03 Aug 2017 22:42:42 GMT
Server
MT3 1.15.11.0 033507e RELEASE cdg-pixel-x1
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 03 Aug 2017 22:42:41 GMT
iframe
pixel.mathtag.com/sync/ Frame 2991 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
pixel.mathtag.com
URL
https://pixel.mathtag.com/sync/iframe?mt_uuid=c0585984-a6e2-4c00-980e-e35059f3c513&no_iframe=1&exsync=http%3A%2F%2Fmetrics.nationwide.co.uk%2Fb%2Fss%2Fnationwidelive1%2F0%3FAQB%3D1%26pageName%3Dmediamath-sync-pixel%26pe%3Dlnk_o%26pev2%3Dmediamath-sync-pixel%26c.user.nbs_media_math_id%3D%5BMM_UUID%5D%26AQE%3D1&mt_exid=10068

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Domain/Path Name / Value
www.nationwide.co.uk/ Name: ASP.NET_SessionId
Value: 3uaspsfxu43kd4h4z3jtxyc1
.nationwide.co.uk/ Name: mbox
Value: check#true#1501800223|session#9b07e2f6f9fa42f589c287939a702ca0#1501802023|PC#9b07e2f6f9fa42f589c287939a702ca0.26_31#1509576163
.www.nationwide.co.uk/ Name: TS01313aa2
Value: 011d4cac900d8e0bbff7cfef8d3c7e034bbe3f6e6e463636b74d4b16c6bf8e9cf3ecc9f5ca57df0d060cc0aab26b8d2fa3ae618139
.nationwide.co.uk/ Name: s_ppv
Value: bw%253Aservererror%253A404%2C59%2C59%2C1200
.nationwide.co.uk/ Name: s_cc
Value: true
www.nationwide.co.uk/ Name: SC_ANALYTICS_GLOBAL_COOKIE
Value: bcf1c5f73ad94c0b9c037ab81144960b
www.nationwide.co.uk/ Name: SC_ANALYTICS_SESSION_COOKIE
Value: B2FC9C7B7D2748E08C13E32FCFEFFAB7|0|3uaspsfxu43kd4h4z3jtxyc1
.nationwide.co.uk/ Name: s_vi
Value: [CS]v1|2CC1D37105313EAC-6000012AA00082AC[CE]
.nationwide.co.uk/ Name: gpv_p19
Value: bw%3Aservererror%3A404
.www.nationwide.co.uk/ Name: du
Value: duNB
www.nationwide.co.uk/ Name: TS01c25f62
Value: 011d4cac9013539b678ce17e833cfba5beba94b43f57d8e9dbc286531b1c0ebd33e9c2a3b914d1545e690c8c3d899c60984ddb57ecb49f55b46f5f3b492bdff344f4dbd751d5d3a36fc6a9b175a396391d4439e91d
.nationwide.co.uk/ Name: s_fid
Value: 7BC8E96C4B2D107A-11D044B07F4B102D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *.bing.com 'self'; connect-src http://cdn.decibelinsight.net dpm.demdex.net http://metrics.nationwide.co.uk/ https://cdn.decibelinsight.net 'self' https://ws.sessioncam.com *.virtualearth.net; font-src data: 'self'; frame-src accounts.google.com apis.google.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net https://www.youtube.com platform.twitter.com https://pixel.mathtag.com https://accounts.google.com https://apis.google.com https://s-static.ak.facebook.com https://static.ak.facebook.com https://www.facebook.com 'self' s-static.ak.facebook.com static.ak.facebook.com www.facebook.com www.google.com *.youtube.com; img-src data: https://proactive.nationwide.co.uk 'self' *; object-src 'self' http://d2oh4tlt9mrke9.cloudfront.net; script-src apis.google.com assets.kampyle.com *.bing.com https://www.adobetag.com clients1.google.com connect.facebook.net cse.google.com data: dpm.demdex.net ipv4.google.com *.nationwide.co.uk *.omtrdc.net platform.linkedin.com platform.twitter.com https://proactive.nationwide.co.uk *.reevoo.com rsaparaturetest.prod.parature.com https://cdn.decibelinsight.net https://pixel.mathtag.com https://apis.google.com https://cse.google.com https://platform.linkedin.com https://platform.twitter.com https://static.ak.facebook.com https://www.google.com 'self' http://d2oh4tlt9mrke9.cloudfront.net https://ws.sessioncam.com static.ak.facebook.com *.virtualearth.net 'unsafe-eval' 'unsafe-inline' http://nationwidebuildingso.tt.omtrdc.net https://nationwidebuildingso.tt.omtrdc.net http://www.google.com http://www.googleadservices.com http://metrics.nationwide.co.uk/; style-src assets.kampyle.com *.bing.com cse.google.com *.nationwide.co.uk *.reevoo.com 'self' *.virtualearth.net https://www.google.com 'unsafe-inline' http://www.google.com/;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

metrics.nationwide.co.uk
nationwidebuildingso.tt.omtrdc.net
onlinebanking.nationwide.co.uk
pixel.mathtag.com
www.nationwide.co.uk
pixel.mathtag.com
104.109.75.169
155.131.128.24
155.131.144.68
66.117.29.4
66.235.148.133
048fcaea709b88404eb509fccb7a89a0636f6a4178ad45b93577ea18bf225a5c
0feecd1a5abc131d99067b87d4ac8830e84a4fc209810112c0395cb8297f8034
154f369084c28c7ceaf71531663e84382b0f3ac78fffa7f91c4543499b8ee41b
17561150e865649a9aeeee94cb0f7a17d5e77147d3f2edefbee566f95128ddb3
1c07fa7b892a6a35b3c569cc783cd8cc68abc8d88abaf2b96c99248ee8267e6a
20517d0d02ea8e192b36380e183b3e1ba77ef43b4fce69139599c225ee2f1bc9
2c3b918df3d0dc8ce11328cd21f8d9defc5858231b70bb11cd896f2f0bf5ae46
387cfaa1ebcfdd7d3495a7372cf6381ea76fcd37fc500663f9799e896d537d6c
429799489f780dafff620c295b42cead691065094774a492e1ed70a4a1155e05
5cac661b899714b3ce802f20f40c5ca721529c06d2f7082f836bcea6a9d6a306
5cfc1d72a6c4c817544222468ad1a2f27ed404481f529f223c05c1c52bb3ba2c
5faf8e5c2378f00352b7d49c69a153623a184e7193e811b72292ee5007c663ed
61680a510eb319139c8f12cbe8299487e253acada434889b3ce844e36815a9b8
698294585a9b44f5abd3073732325a0436f19bfa7b3ae2b89c88653803011c95
6bf007f26e6ef3afceb0f3d750714b9f63c34f50960b9fd6d1f92539e9c83724
9b4bf2dac37abc0809a6e45c6109a0ffff77d094ae42c81ee3afce41e1d50816
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
cdf32b7f2f7ba43e9b5cc1654a71f23e11134bde482642828f89d7fe26fbca0b
d016d0dc536eb220dcd2de00269ecb518f0ba7dfdb9b5c60624a49556854a4cb
e8d0cd8c849950bf2c46dbe98b00b5bcae187f2d7abbd42b80e370fc409eb57d