urlscan.io logo urlscan.io
SecurityTrails logo

payments.paystation.co.nz Open in urlscan Pro
52.64.143.233  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://payments.chorus.co.nz/
Effective URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Submission: On February 10 via automatic, source certstream-suspicious — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 52.64.143.233, located in Sydney, Australia and belongs to AMAZON-02, US. The main domain is payments.paystation.co.nz.
TLS certificate: Issued by Amazon on May 16th 2022. Valid for: a year.
This is the only time payments.paystation.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 3.33.181.40 16509 (AMAZON-02)
6 52.64.143.233 16509 (AMAZON-02)
2 13.35.8.54 16509 (AMAZON-02)
8 2
Domain Requested by
6 payments.paystation.co.nz payments.paystation.co.nz
2 user-themes.paystation.co.nz payments.paystation.co.nz
1 payments.chorus.co.nz 1 redirects
8 3

This site contains no links.

Subject Issuer Validity Valid
*.prod.paystation.co.nz
Amazon		 2022-05-16 -
2023-06-13		 a year crt.sh
user-themes.paystation.co.nz
Amazon		 2022-04-12 -
2023-05-11		 a year crt.sh

This page contains 1 frames:

Primary Page: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Frame ID: 3B33E29A92B4FF4C872554DF30F615A7
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Paystation Hosted Payments

Page URL History Show full URLs

  1. https://payments.chorus.co.nz/ HTTP 302
    https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

226 kB
Transfer

220 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://payments.chorus.co.nz/ HTTP 302
    https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
payments.paystation.co.nz/pay/
Redirect Chain
  • https://payments.chorus.co.nz/
  • https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.64.143.233 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-64-143-233.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
9efe3325e6a8dfca5ca7e160b196b8256ff3f74f6290ebbc8b031589d88d3a94
Security Headers
Name Value
Content-Security-Policy default-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' user-themes.paystation.co.nz:*;img-src 'self' data: user-themes.paystation.co.nz:*;font-src 'self';connect-src 'self';frame-src *;frame-ancestors *;form-action *; script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

content-security-policy
default-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' user-themes.paystation.co.nz:*;img-src 'self' data: user-themes.paystation.co.nz:*;font-src 'self';connect-src 'self';frame-src *;frame-ancestors *;form-action *; script-src 'self' 'unsafe-inline'
content-type
text/html; charset=UTF-8
date
Fri, 10 Feb 2023 01:56:04 GMT
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; xr-spatial-tracking 'none'
referrer-policy
no-referrer
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

cache-control
public, max-age=3600
content-length
265
content-security-policy
default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content
content-type
text/html; charset=iso-8859-1
date
Fri, 10 Feb 2023 01:56:03 GMT
location
https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=()
referrer-policy
no-referrer
server
Apache
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
deny
x-permitted-cross-domain-policies
none
responsive.css
payments.paystation.co.nz/hosted/elements/css/ 		10 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payments.paystation.co.nz/hosted/elements/css/responsive.css?20230102
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.64.143.233 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-64-143-233.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
0affccefaac66cae21d8b7684eb1b87b394b68597246214397ead88646384a3b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:05 GMT
content-security-policy
script-src 'self' 'unsafe-inline'
referrer-policy
no-referrer
strict-transport-security
max-age=63072000; includeSubdomains; preload
last-modified
Mon, 30 Jan 2023 03:44:41 GMT
server
nginx
x-content-type-options
nosniff
etag
"63d73d29-273f"
content-type
text/css
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
10047
x-xss-protection
1; mode=block
62216ffebdff4style_2
user-themes.paystation.co.nz/ 		445 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://user-themes.paystation.co.nz/62216ffebdff4style_2?20230102
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.8.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-8-54.sin5.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf90f5d5aa6cb568f28e6c3ee4fef8851a9b47f8250b90bd0938bbdac8582349
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; font-src 'self'; script-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'none'; worker-src 'self' blob:; connect-src 'self'
Strict-Transport-Security max-age= 63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:07 GMT
x-amz-version-id
null
x-content-type-options
nosniff
strict-transport-security
max-age= 63072000; includeSubdomains; preload
via
1.1 6744df903aaebd8a225f5410dbe17efc.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; img-src 'self'; font-src 'self'; script-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'none'; worker-src 'self' blob:; connect-src 'self'
x-amz-cf-pop
SIN5-C1
x-cache
Miss from cloudfront
content-length
445
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Sun, 10 Apr 2022 21:26:40 GMT
server
AmazonS3
etag
"9619caca44ed8fc9aa5fa79bde2157a7"
x-frame-options
DENY
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
O8u7kkr3D2rxkpjgtrckEq6Za0MC6ypaDexqLExEdRUr6AxSh0Xiuw==
jquery-3.3.1.min.js
payments.paystation.co.nz/hosted/elements/js/ 		85 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.paystation.co.nz/hosted/elements/js/jquery-3.3.1.min.js
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.64.143.233 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-64-143-233.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:05 GMT
content-security-policy
script-src 'self' 'unsafe-inline'
referrer-policy
no-referrer
strict-transport-security
max-age=63072000; includeSubdomains; preload
last-modified
Mon, 30 Jan 2023 03:44:41 GMT
server
nginx
x-content-type-options
nosniff
etag
"63d73d29-1538f"
content-type
application/javascript
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
86927
x-xss-protection
1; mode=block
cleave.min.js
payments.paystation.co.nz/hosted/elements/js/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.paystation.co.nz/hosted/elements/js/cleave.min.js
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.64.143.233 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-64-143-233.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
7eb194c2648de022cb8f29399b9f4409d5ec0cc5314d6e4eea175c78d1d5089a
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:05 GMT
content-security-policy
script-src 'self' 'unsafe-inline'
referrer-policy
no-referrer
strict-transport-security
max-age=63072000; includeSubdomains; preload
last-modified
Mon, 30 Jan 2023 03:44:41 GMT
server
nginx
x-content-type-options
nosniff
etag
"63d73d29-528d"
content-type
application/javascript
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
21133
x-xss-protection
1; mode=block
paystation.js
payments.paystation.co.nz/hosted/elements/js/ 		37 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payments.paystation.co.nz/hosted/elements/js/paystation.js?20230102
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.64.143.233 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-64-143-233.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
aab0b090423d9907c2543fa191987acf7dabd310011f026b452ea5ed2a9d125c
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:05 GMT
content-security-policy
script-src 'self' 'unsafe-inline'
referrer-policy
no-referrer
strict-transport-security
max-age=63072000; includeSubdomains; preload
last-modified
Mon, 30 Jan 2023 03:44:41 GMT
server
nginx
x-content-type-options
nosniff
etag
"63d73d29-95b7"
content-type
application/javascript
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
38327
x-xss-protection
1; mode=block
62216ffebdff4logo
user-themes.paystation.co.nz/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://user-themes.paystation.co.nz/62216ffebdff4logo
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/pay/IY9gew721inWnMze_57gThY-LbRloC3y6yR2GTCFjpM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.8.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-8-54.sin5.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
444c821c0098ca77c66323f93e2de724524d65b690c55aa767c10566141cbb31
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; font-src 'self'; script-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'none'; worker-src 'self' blob:; connect-src 'self'
Strict-Transport-Security max-age= 63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:07 GMT
x-amz-version-id
null
x-content-type-options
nosniff
strict-transport-security
max-age= 63072000; includeSubdomains; preload
via
1.1 6744df903aaebd8a225f5410dbe17efc.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; img-src 'self'; font-src 'self'; script-src 'self'; style-src 'self' 'unsafe-hashes' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; object-src 'none'; worker-src 'self' blob:; connect-src 'self'
x-amz-cf-pop
SIN5-C1
x-cache
Miss from cloudfront
content-length
49695
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Sun, 10 Apr 2022 21:25:04 GMT
server
AmazonS3
etag
"ecc6458d2638ac94d72d86bb002869b2"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
x-amz-cf-id
om5fAWuion1ut1SiJg4DL_m5j5U5qyzLstDQl48O0xaTMOAiqQPfPw==
paystation_logo.svg
payments.paystation.co.nz/hosted/elements/img/ 		15 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payments.paystation.co.nz/hosted/elements/img/paystation_logo.svg
Requested by
Host: payments.paystation.co.nz
URL: https://payments.paystation.co.nz/hosted/elements/css/responsive.css?20230102
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.64.143.233 Sydney, Australia, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-64-143-233.ap-southeast-2.compute.amazonaws.com
Software
nginx /
Resource Hash
a6ba2e449832cfc373ee943c2c9c88576778398a9a5fe3189f077d8382828a77
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36

Response headers

date
Fri, 10 Feb 2023 01:56:06 GMT
content-security-policy
script-src 'self' 'unsafe-inline'
referrer-policy
no-referrer
strict-transport-security
max-age=63072000; includeSubdomains; preload
last-modified
Mon, 30 Jan 2023 03:44:41 GMT
server
nginx
x-content-type-options
nosniff
etag
"63d73d29-3bd9"
content-type
image/svg+xml
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; oversized-images 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
15321
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery function| Cleave object| _css string| _ajaxUrl string| _backgroundColour object| _lookupTimeout boolean| _futurePay boolean| _saveOnly boolean| _enforceCVC boolean| _enforceExpiry object| _initialResponse boolean| _polling boolean| _demoMode boolean| _isSafari boolean| _debug boolean| _shopify boolean| _doChallengeRetry function| writeToConsole function| setStyle function| luhnCheckSum function| getCardType function| formatFourPadding function| setNumericInput function| setExpiryDateInput function| inIframe function| setHostedKey function| setBackgroundColour function| confirmExit function| pollPaymentLookup function| setInputValid function| validateExpiry function| validateCardInput function| postThreedsCheck function| onPaymentSubmit function| validateCvcInput function| onCardDetailsResponse function| setDisplayAmount function| setResultMessage function| showResult function| transactionTimedOut function| htmlEncode function| stopPolling function| onPaymentLookupResponse function| onPaymentButtonResponse function| ifTransactionFinishedDisplayResult function| isValidHttpUrl function| post function| setPaymentMethod function| initPaymentPage function| closeIframe function| onCheckVersionResponse function| paymentWithBrowserData function| toggleLoaderScreen function| togglePaymentScreen function| verify3DSResponse function| cardDetails function| paymentLookup function| submitForm function| poliTransaction function| unionPayTransaction function| visaCheckoutTransaction function| getBrowserData function| determineChallengeWindow

0 Cookies

9 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'oversized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'publickey-credentials'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unoptimized-images'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'unsized-media'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' user-themes.paystation.co.nz:*;img-src 'self' data: user-themes.paystation.co.nz:*;font-src 'self';connect-src 'self';frame-src *;frame-ancestors *;form-action *; script-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block