urlscan.io logo urlscan.io
SecurityTrails logo

www.hbf.com.au Open in urlscan Pro
23.41.77.94  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://hbfoptical.au/
Effective URL: https://www.hbf.com.au/
Submission: On April 19 via api from US — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 45 HTTP transactions. The main IP is 23.41.77.94, located in Hong Kong, Hong Kong and belongs to AKAMAI-AS, US. The main domain is www.hbf.com.au.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 31st 2023. Valid for: a year.
This is the only time www.hbf.com.au was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 203.153.228.167 4826 (VOCUS-BAC...)
27 23.41.77.94 16625 (AKAMAI-AS)
3 104.17.215.66 13335 (CLOUDFLAR...)
3 216.239.36.21 15169 (GOOGLE)
1 13.225.4.89 ()
1 74.125.24.94 ()
45 6
1    203.153.228.167 (Perth, Australia)

ASN4826 (VOCUS-BACKBONE-AS Vocus Connect International Backbone, AU)
PTR: 228.167-gw.amnet.net.au
hbfoptical.au
27    23.41.77.94 (Hong Kong, Hong Kong)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-77-94.deploy.static.akamaitechnologies.com
www.hbf.com.au
3    104.17.215.66 (None, )

ASN13335 (CLOUDFLARENET, US)
hbftest.report-uri.com
3    216.239.36.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: any-in-2415.1e100.net
metrics.hbf.com.au
1    13.225.4.89 (None, )

ASN- ()
try.abtasty.com
1    74.125.24.94 (None, )

ASN- ()
www.google.com.au
Domain Requested by
27 www.hbf.com.au www.hbf.com.au
3 metrics.hbf.com.au www.hbf.com.au
metrics.hbf.com.au
3 hbftest.report-uri.com www.hbf.com.au
metrics.hbf.com.au
try.abtasty.com
1 www.google.com.au www.hbf.com.au
1 try.abtasty.com www.hbf.com.au
try.abtasty.com
1 hbfoptical.au 1 redirects
0 stats.g.doubleclick.net Failed www.hbf.com.au
0 analytics.google.com Failed www.hbf.com.au
45 8
Subject Issuer Validity Valid
www.hbf.com.au
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-31 -
2024-08-13		 a year crt.sh
report-uri.com
E1		 2024-03-25 -
2024-06-23		 3 months crt.sh
metrics.hbf.com.au
R3		 2024-03-14 -
2024-06-12		 3 months crt.sh
*.abtasty.com
Amazon RSA 2048 M02		 2023-08-30 -
2024-09-27		 a year crt.sh
*.google.com.au
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.hbf.com.au/
Frame ID: 4C617565E2A44C6FE12DDD600672A8DA
Requests: 49 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HBF | Health Insurance

Page URL History Show full URLs

  1. https://hbfoptical.au/ HTTP 301
    https://www.hbf.com.au/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->

Page Statistics

45
Requests

78 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

6
IPs

4
Countries

1124 kB
Transfer

2504 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hbfoptical.au/ HTTP 301
    https://www.hbf.com.au/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.hbf.com.au/
Redirect Chain
  • https://hbfoptical.au/
  • https://www.hbf.com.au/
851 KB
223 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
530482899aa38b2029054d6e0438b4ea67755f83957173082447cd2575caf3c1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/html; charset=utf-8
date
Fri, 19 Apr 2024 04:23:53 GMT
expires
-1
pragma
no-cache
server
server-timing
dtSInfo;desc="1"
strict-transport-security
max-age=63072000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-oneagent-js-injection
true
x-ruxit-js-agent
true
x-xss-protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://www.hbf.com.au/
Server
BigIP
ruxitagentjs_ICANVfghqru_10287240325103108.js
www.hbf.com.au/ 		207 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10287240325103108.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8a90ec1c86639df0243ac45bf0bb2572c9367753ea7dd1ff06f98b670abae221
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=30925567
content-length
82052
x-xss-protection
1; mode=block
expires
Sat, 12 Apr 2025 02:50:01 GMT
VisitorIdentification.js
www.hbf.com.au/layouts/system/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/layouts/system/VisitorIdentification.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
126b381f32f601d12e517bff52589bd007f815ec05a422e22c118f6497a2abfc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
740
x-xss-protection
1; mode=block
last-modified
Thu, 14 Dec 2017 06:40:58 GMT
server
etag
"079b77fa674d31:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1981547
accept-ranges
bytes
expires
Sun, 12 May 2024 02:49:41 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
616 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Apr 2024 04:23:54 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
876a1f354ffb5d25-SYD
alt-svc
h3=":443"; ma=86400
content-length
0
gtm.js
metrics.hbf.com.au/ 		464 KB
151 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.36.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
any-in-2415.1e100.net
Software
/
Resource Hash
e137e4bca62843f66aa496264c5a6279afbf869cad0abdbcd4a2ea129120c439

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 04:23:56 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 19 Apr 2024 03:00:00 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
private, max-age=900
expires
Fri, 19 Apr 2024 04:38:11 GMT
hbf-logo-primary.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/hbf-logo-primary.svg?v=1.0.2.116
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c366a8d99c394ba19f44fb439273e2b92fea3e344987b76f5c6c05fbe6863d68
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
1490
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1981566
accept-ranges
bytes
expires
Sun, 12 May 2024 02:50:00 GMT
myhbflogin-mini_module-c7ead445ea.min.js
www.hbf.com.au/Resources/HBF.Modules.myHBF/scripts/submodule/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/HBF.Modules.myHBF/scripts/submodule/myhbflogin-mini_module-c7ead445ea.min.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5622fc3ad3311a018d775241213d8e1a62974695d4ab41378bafe5d7c3d4ff1c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="-1357162300"
content-length
1152
x-xss-protection
1; mode=block
last-modified
Tue, 09 Apr 2024 05:34:02 GMT
server
etag
"08165873f8ada1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1981522
accept-ranges
bytes
expires
Sun, 12 May 2024 02:49:16 GMT
myhbf-login-60ff54e052.css
www.hbf.com.au/Resources/HBF.Modules.myHBF/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.651
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c517be8f970a887f083d2766a5da6b37da8330e67c0556e5552bfb4789ca2974
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
668
x-xss-protection
1; mode=block
last-modified
Tue, 09 Apr 2024 05:34:02 GMT
server
etag
"08165873f8ada1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1981450
accept-ranges
bytes
expires
Sun, 12 May 2024 02:48:04 GMT
hbf-logo-2020.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/hbf-logo-2020.svg?v=1.0.2.116
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3826cab7a1d8668a2f60bf342e4a2466d70f0aa24e72b52b2f6f02531c67cc32
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
805
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1981517
accept-ranges
bytes
expires
Sun, 12 May 2024 02:49:11 GMT
notification-bar.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/notification-bar.css?v=1.0.5.1041
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aadd7bdd77d040996bf325fad42b7937fb2deb875f29e633771c8c34f528c833
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
874
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:24:42 GMT
server
etag
"06920e92d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1981519
accept-ranges
bytes
expires
Sun, 12 May 2024 02:49:13 GMT
hero-standard.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/hero-standard.css?v=1.0.5.1041
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dafe830772c603fe9336f3507fda5851388a25234be038066df4f92fd40bb02f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="305698483"
content-length
618
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:24:44 GMT
server
etag
"09651ea2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1981420
accept-ranges
bytes
expires
Sun, 12 May 2024 02:47:34 GMT
hero-box-list.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		2 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/hero-box-list.css?v=1.0.5.1041
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4432776d811fd53dbefc1c3aa183914349fd7c6d57a605c32fa40eedc7e09fc6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
735
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:24:46 GMT
server
etag
"0c382eb2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1981454
accept-ranges
bytes
expires
Sun, 12 May 2024 02:48:08 GMT
phi-exp.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		6 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/phi-exp.css?v=1.0.5.1041
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
485c538e127375752f83e43598e1852a0b21ce8fd094af85511ff4b0f254e6d3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:54 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
1269
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:25:00 GMT
server
etag
"0fedaf32d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1981484
accept-ranges
bytes
expires
Sun, 12 May 2024 02:48:38 GMT
footer-logo-app-store.svg
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer-logo-app-store.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bd72b31f37207cec5da3dcbdb28021bb7913c4c53ab863e88c2b5ce35ea074d9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:55 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
2379
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1981539
accept-ranges
bytes
expires
Sun, 12 May 2024 02:49:34 GMT
footer-logo-play-store.svg
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		11 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer-logo-play-store.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f1e2f9746163a355386bdc879d1bbe3eff37829e0bca044a59d38ed8efd1a60f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:55 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-length
3633
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1981482
accept-ranges
bytes
expires
Sun, 12 May 2024 02:48:37 GMT
icons-global.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		105 KB
35 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/icons-global.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7e908c6f63e11a32f61976b089e3e4e6304de32685441b68b5c8197ca2310cc5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:55 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
32799
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:25:02 GMT
server
etag
"02bcf52d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1989864
accept-ranges
bytes
expires
Sun, 12 May 2024 05:08:19 GMT
icons-lifestages.svg
www.hbf.com.au/Resources/hbf.com.au/images/ 		23 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/icons-lifestages.svg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fdf2e207fd7454d1b690d1a6cefe214c7056979df0d6a11be6ff72b60f7208cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:55 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
5417
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:24:46 GMT
server
etag
"0c382eb2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1989930
accept-ranges
bytes
expires
Sun, 12 May 2024 05:09:25 GMT
hbf.css
www.hbf.com.au/Resources/hbf.com.au/css/ 		82 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
13ebfb6715df8697c788b07202b0aeedda684552df5b35f79ce64a2142d21801
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:55 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
14148
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:25:00 GMT
server
etag
"0fedaf32d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1989887
accept-ranges
bytes
expires
Sun, 12 May 2024 05:08:42 GMT
my_logo_small.png
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		664 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/my_logo_small.png
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.651
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
36c892ed0f3984edc6b7f72cc13ef87e6ced849e60b434ca9b7f62b5487f87b0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/Resources/HBF.Modules.myHBF/css/myhbf-login-60ff54e052.css?v=1.0.4.651
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1989799
server-timing
dtSInfo;desc="1"
accept-ranges
bytes
content-length
664
x-xss-protection
1; mode=block
expires
Sun, 12 May 2024 05:07:14 GMT
truncated
/ 		301 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1241114ef793919ce5616c035f031dc79262697abe666df83a73e3ecd343f26b

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
truncated
/ 		303 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
23b900ba3978824ea16bbbb2e217af8d59c04d1420dac46198bf8fa431a4e27e

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
how-to-guide2.jpg
www.hbf.com.au/-/media/images/hbf/navigation/ 		88 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/navigation/how-to-guide2.jpg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
208f60d350ad338397cf51522aff076f426bb9771f6942f2c56a1c3922d9e950
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Mar 2024 04:09:26 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=2054019
content-disposition
inline; filename="how-to-guide2.jpg"
server-timing
dtSInfo;desc="0", dtRpid;desc="964101641"
accept-ranges
bytes
content-length
90047
x-xss-protection
1; mode=block
expires
Sun, 12 May 2024 22:57:34 GMT
aff50-1920x600.jpg
www.hbf.com.au/-/media/images/hbf/banners/hero-banners/2022/ 		170 KB
173 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/banners/hero-banners/2022/aff50-1920x600.jpg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b2845a589fde5ad084f46980e781f2ff1663a91b08aabc59d267e44c1ec9c647
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 28 Jun 2022 02:55:54 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=2206892
content-disposition
inline; filename="AFF50-1920x600.jpg"
server-timing
dtSInfo;desc="0", dtRpid;desc="-457174641"
accept-ranges
bytes
content-length
173768
x-xss-protection
1; mode=block
expires
Tue, 14 May 2024 17:25:27 GMT
young-couple-researching.jpg
www.hbf.com.au/-/media/images/hbf/articles/thumbnails/ 		34 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/-/media/images/hbf/articles/thumbnails/young-couple-researching.jpg
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
eae90f1241d79313d015130627a7e4bfe5a7b50b03e9e3bd8ef4d1f2dd116747
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jun 2020 07:40:39 GMT
server
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=2044683
content-disposition
inline; filename="young couple researching.jpg"
server-timing
dtSInfo;desc="0", dtRpid;desc="1441441504"
accept-ranges
bytes
content-length
34835
x-xss-protection
1; mode=block
expires
Sun, 12 May 2024 20:21:58 GMT
truncated
/ 		284 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
234e5b495b6340239b025103bdde1ebdcf13d1c1cbdc3e69acd062ead6f33ab2

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
footer_social.png
www.hbf.com.au/Resources/hbf.com.au/images/global/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/global/footer_social.png
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f3a3a9a22cc2feeee816992d5b31a6757308c9badd626fca1b2dc7be8d2b864f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=1989864
server-timing
dtSInfo;desc="1"
accept-ranges
bytes
content-length
1531
x-xss-protection
1; mode=block
expires
Sun, 12 May 2024 05:08:19 GMT
exclamation_functionality_missing.png
www.hbf.com.au/Resources/hbf.com.au/images/icons/ 		882 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/images/icons/exclamation_functionality_missing.png
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4dcab93a5283f441441ee1e00001c09b30c55c06a8580f4d748a328eb9bf8c9c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2061306
server-timing
dtSInfo;desc="0", dtRpid;desc="58392559"
accept-ranges
bytes
content-length
882
x-xss-protection
1; mode=block
expires
Mon, 13 May 2024 00:59:01 GMT
browser-update2.js
www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/ 		9 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/scripts/thirdparty/browser-update2.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
22adfe14c7c2fd4bef80affabeab68931048c70e03d66108eb8538110ee651f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 19 Apr 2024 04:23:55 GMT
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1"
content-length
3620
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:30 GMT
server
etag
"0b765b2d65da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1989898
accept-ranges
bytes
expires
Sun, 12 May 2024 05:08:53 GMT
truncated
/ 		250 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f69f6e6240becaf47a6a1c7b5c8e48ff55d1a7e5fa047a8efcb1d9b9f07f8c4

Request headers

Accept-Language
en-AU,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
FSMeWeb-Regular.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 		21 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Regular.woff2
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7e4cc6e5e28d810f888a5b05d3568e3fd01b26d274a62ccf2511666c2960ba1d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin
https://www.hbf.com.au
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="0", dtRpid;desc="379594157", dtTao;desc="1"
content-length
21060
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:29 GMT
server
etag
"0b765b2d65da1:0:dtagent10287240325103108i+nH"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=2061141
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 13 May 2024 00:56:16 GMT
FSMeWeb-Bold.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 		44 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Bold.woff2
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6cb037948167b19b7b593a8b268023cf3f9db51ae5f5f20c2f4d33a51acdbd8c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin
https://www.hbf.com.au
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1", dtTao;desc="1"
content-length
45188
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:29 GMT
server
etag
"0b765b2d65da1:0:dtagent10287240325103108i+nH"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=1989843
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 May 2024 05:07:58 GMT
FSMeWeb-Light.woff2
www.hbf.com.au/Resources/hbf.com.au/fonts/ 		44 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/Resources/hbf.com.au/fonts/FSMeWeb-Light.woff2
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c0e1b82c4eae6c29292f6dc53ff355c918c83de935c78218579879ac8f9412a9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/Resources/hbf.com.au/css/hbf.css
Origin
https://www.hbf.com.au
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:23:55 GMT
x-content-type-options
nosniff
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
server-timing
dtSInfo;desc="1", dtTao;desc="1"
content-length
45220
x-xss-protection
1; mode=block
last-modified
Thu, 22 Feb 2024 01:18:29 GMT
server
etag
"0b765b2d65da1:0:dtagent10287240325103108i+nH"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
cache-control
max-age=1989864
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 12 May 2024 05:08:19 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Apr 2024 04:23:57 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
876a1f472d2e5d25-SYD
alt-svc
h3=":443"; ma=86400
content-length
0
js
metrics.hbf.com.au/gtag/ 		307 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=d2c2a5d6eb0c2c95eacca7b4cd2825da4d6716e770beef5c3570061dd572102b_20240419
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.36.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
any-in-2415.1e100.net
Software
/
Resource Hash
c72005e68ae60a2cfafedd62d7dac444d3d8b5cee5ef301ead603c1636606469

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
application/javascript; charset=UTF-8
date
Fri, 19 Apr 2024 04:23:57 GMT
cache-control
private, max-age=900
content-encoding
gzip
via
1.1 google
vary
Accept-Encoding
expires
Fri, 19 Apr 2024 04:38:24 GMT
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
582 B 		Other
General
Check archive.org
Download Go to
Full URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 19 Apr 2024 04:23:57 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
876a1f472d305d25-SYD
alt-svc
h3=":443"; ma=86400
content-length
0
ebcb9988d27d098b750d78077da8ce75.js
try.abtasty.com/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.4.89 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
233476b8bcfe23a306b66aaa03f39b57bd467bc3ac92c5c23c099bf9f83d0e3e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
p05h8E_XflV8.KKRcWsHd9Y8o1mG_nD8
content-encoding
br
via
1.1 04dc362d25cca9424ae2d9ab2a32ba70.cloudfront.net (CloudFront)
date
Thu, 18 Apr 2024 10:09:16 GMT
x-amz-cf-pop
SIN52-C2
age
69174
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 17 Apr 2024 09:10:59 GMT
server
AmazonS3
etag
W/"eb79ccbfd0af9b88c007ed34773eb340"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=86400,max-age=30
x-amz-cf-id
kFeXK1lVeZp0x1u16I9TDJM-b6QefuCUMQbLl-tEH6cbhiwIK6G5CQ==
collect
metrics.hbf.com.au/g/ 		671 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.hbf.com.au/g/collect?v=2&tid=G-MYCH9D7CM5&gtm=45he44h0v878992725z8832402519za200&_p=1713500634008&gcd=13l3l3l3l2&npa=0&dma=0&cid=1410238586.1713500638&ecid=603191450&ul=en-au&sr=1600x1200&_fplc=0&ur=AU-NSW&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&sst.gse=1&sst.etld=google.com.au&sst.gcd=13l3l3l3l2&sst.tft=1713500634008&sst.ude=0&_s=1&dl=https%3A%2F%2Fwww.hbf.com.au%2F&dr=&dp=%2F&sid=1713500638&sct=1&seg=0&dt=HBF%20%7C%20Health%20Insurance&en=page_view&_fv=1&_nsi=1&_ss=1&ep.landing_page=%2F&ep.gtm_container=GTM-5H9BG3M&ep.gtm_version=179&ep.success_event=Action&ep.page_hostname=www.hbf.com.au&ep.fragment=&ep.pagination=0&epn.last_event_delay=7.983&ep.navigation_type=landing&ep.channel=Direct&epn.viewport_width=1600&epn.viewport_height=1200&epn.session_clicks=-1&ep.is_member=NON-MEMBER&ep.event_id=gtm.js.1713500634008.58&ep.type=Pageview&epn.value=7.982&up.member=NON-MEMBER&up.member_like=UNKNOWN&up.switcher_like=UNKNOWN&upn.viewport_height=1200&upn.viewport_width=1600&up.color_theme=light&up.page_path=%2F&up.page_hostname=www.hbf.com.au&up.landing_page=%2F&up.gtm_container=GTM-5H9BG3M&up.gtm_version=179&up.state_selection=NSW&upn.visitor_scale=0&up.visitor_type=unknown&tfd=9174&richsstsse
Requested by
Host: metrics.hbf.com.au
URL: https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=d2c2a5d6eb0c2c95eacca7b4cd2825da4d6716e770beef5c3570061dd572102b_20240419
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.36.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
any-in-2415.1e100.net
Software
/
Resource Hash
f2736eaaef1148265598c2dae67f0f12363cfbd011b7766e5dcac408861ca905
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 19 Apr 2024 04:23:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 google
vary
Accept-Encoding
content-type
text/plain
access-control-allow-origin
https://www.hbf.com.au
cache-control
no-cache
access-control-allow-credentials
true
collect
analytics.google.com/g/s/ 		0
0
ga-audiences
www.google.com.au/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=0&tid=G-MYCH9D7CM5&cid=1410238586.1713500638&gtm=45h91e44h0h1v878992725z8832402519z9896432850za200&aip=1&z=1003427622
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.24.94 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 19 Apr 2024 04:23:59 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
0
rb_bf04700wip
www.hbf.com.au/ 		118 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.hbf.com.au/rb_bf04700wip?type=js3&sn=v_4_srv_6_sn_13CBA143BB5E4D956876926C959CD063_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0&svrid=6&flavor=post&vi=GMVNJRAKLHSLLJPPQTFTCENONPAMKQRC-0&modifiedSince=1713316216224&rf=https%3A%2F%2Fwww.hbf.com.au%2F&bp=3&app=2cc8b170ae18fec1&crc=767197554&en=un4hjmv8&end=1
Requested by
Host: www.hbf.com.au
URL: https://www.hbf.com.au/ruxitagentjs_ICANVfghqru_10287240325103108.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
23.41.77.94 Hong Kong, Hong Kong, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-77-94.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0d532de9eb870466b65ad9f193712815f5d13b2a13e6d1e2ace738d064f7e13a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.hbf.com.au/
Accept-Language
en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=63072000
date
Fri, 19 Apr 2024 04:24:00 GMT
x-content-type-options
nosniff
server
x-frame-options
SAMEORIGIN
content-security-policy-report-only
connect-src 'self' data s.yimg.com hbf.sitecore localhost:* *.doubleclick.net pubsub.googleapis.com wss://*.visitors.live wss://visitors.live *.visitors.live *.liveperson.net *.akamaihd.net *.lkqd.net ads.adaptv.advertising.com public-auth-dot-lucky-orange.appspot-preview.com *.google-analytics.com settings.luckyorange.net *.pingdom.net *.hbf.com.au *.google.com createsend.com everydayhero.com trc.taboola.com www.googletagmanager.com api.luckyorange.com distillery.wistia.com pipedream.wistia.com *.litix.io bat.bimg.com trc-events.taboola.com www.facebook.com cm.teads.tv t.teads.tv analytics.tiktok.com pips.taboola.com cds.taboola.com;default-src 'self' blob data *.hbf.com.au sik1i8c69.cloudfront.net d10lpsik1i8c69.cloudfront.net *.pingdom.net settings.luckyorange.net fast.wistia.net lpcdn.lpsnmedia.net;frame-src 'self' www.youtube.com www.facebook.com connect.facebook.net *.flashtalking.com fast.wistia.net *.doubleclick.net *.lpsnmedia.net *.google.com *.yahoo.com *.liveperson.net gateway.zscloud.net pwm-image.trendmicro.com tpc.googlesyndication.com *.googletagmanager.com fast.wistia.com platform.twitter.com syndication.twitter.com platform.twitter.com;object-src 'self' *.hbf.com.au *.hbfrun.com.au;style-src 'self' 'unsafe-inline' *.google.com maxcdn.bootstrapcdn.com fonts.googleapis.com d10lpsik1i8c69.cloudfront.net *.liveperson.net cdn.loop11.com pwm-image.trendmicro.com s.cmptch.com s.pmqzads.com platform.twitter.com;script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co;img-src 'self' *.hbf.com.au *.gstatic.com maps.gstatic.com *.adsymptotic.com *.outbrain.com bat.bing.com cx.atdmt.com maps.googleapis.com www.google.co.nz lpcdn.lpsnmedia.net secure.adnxs.com d10lpsik1i8c69.cloudfront.net ds-aksb-a.akamaihd.net *.eloqua.com data: t.co *.cloudfront.net *.facebook.com *.google.com.au *.google.com *.googletagmanager.com *.bing.com *.google-analytics.com *.doubleclick.net *.hbffitness.com.au *.google.com.sg syndication.twitter.com *.twimg.com platform.twitter.com i.imgur.com fast.wistia.com px.ads.linkedin.com gateway.zscaler.net *.akamaihd.net *.goole.co.in *.google.co.uk *.google.be blank t.teads.tv cds.taboola.com pixel.quantserve.com;font-src data: 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com *.googleusercontent.com s3.amazonaws.com;child-src blob; report-uri https://hbftest.report-uri.com/r/d/csp/reportOnly
content-type
text/plain; charset=utf-8
content-length
118
x-xss-protection
1; mode=block
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
0
commons.9b20dd57c6f12e1beb80.js
try.abtasty.com/shared/ 		0
0
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
0
main.3beeafdd122bb2b5b4e1.js
try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/ 		0
0
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
0
me.7d4a349527f92fc578d9.js
try.abtasty.com/shared/ 		0
0
reportOnly
hbftest.report-uri.com/r/d/csp/ 		0
0
analytics.b639a00525b267e898ca.js
try.abtasty.com/shared/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
analytics.google.com
URL
https://analytics.google.com/g/s/collect?dma=0&gtm=45h91e44h0h1v878992725z8832402519z9896432850za200&_gsid=MYCH9D7CM5IUS5lD6C5frNNI3fqgXJbQ
Domain
stats.g.doubleclick.net
URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&tid=G-MYCH9D7CM5&cid=1410238586.1713500638&gtm=45h91e44h0h1v878992725z8832402519z9896432850za200&aip=1
Domain
hbftest.report-uri.com
URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Domain
try.abtasty.com
URL
https://try.abtasty.com/shared/commons.9b20dd57c6f12e1beb80.js
Domain
hbftest.report-uri.com
URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Domain
try.abtasty.com
URL
https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3beeafdd122bb2b5b4e1.js
Domain
hbftest.report-uri.com
URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Domain
try.abtasty.com
URL
https://try.abtasty.com/shared/me.7d4a349527f92fc578d9.js
Domain
hbftest.report-uri.com
URL
https://hbftest.report-uri.com/r/d/csp/reportOnly
Domain
try.abtasty.com
URL
https://try.abtasty.com/shared/analytics.b639a00525b267e898ca.js

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| $buoop object| dT_ object| dtrum object| dynatrace function| subscribeEvent function| unsubscribeEvent function| startActivityHandler function| placeCheckerRequest function| placeCssAspxRequest function| timeoutSleep function| getMetatagContent function| DeferRes function| DeferScript object| hbf number| readyStateCheckInterval object| SuccessEvents object| $jscomp object| $jscomp$this function| throttle object| sc function| trackEvent function| setRegion function| changeLocation function| addProp function| addProcessProp function| setCompare object| products function| setProducts function| addProduct function| writeProducts object| components function| addComponent function| writeComponents function| addPageProp function| addBlogProp function| sendPageProp function| pageBottom object| SCTracking function| $ function| jQuery object| angular function| Spinner object| Ladda function| dayjs function| dayjs_plugin_customParseFormat function| moment function| svg4everybody object| PointerEventsPolyfill function| anime function| Popper function| tippy function| CountUp function| LazyLoad function| customSelect function| $buo_f function| $bu_getBrowser function| $buo function| docReady object| _buorgres object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| _NT object| VSscale object| _ET number| SEa number| abtiming function| onYouTubeIframeAPIReady object| gaGlobal

21 Cookies

Domain/Path Name / Value
www.hbf.com.au/ Name: sc_device
Value: Desktop
www.hbf.com.au/ Name: sc_loc
Value: NSW
www.hbf.com.au/ Name: sc_locp
Value: NSW
www.hbf.com.au/ Name: ASP.NET_SessionId
Value: ch4klv5r2vm4wx4izebmk2ia
www.hbf.com.au/ Name: SC_ANALYTICS_GLOBAL_COOKIE
Value: d215cdef90af4b63b211c437154bef35|False
www.hbf.com.au/ Name: quote
Value: quoteid=bjAD7N8jyEKC/kTvgjHcMg==&quote=lxbINwMPwndH88S7BynRDrXzSqrYGq3G+uGaOHdjmJuFFmskBtd3GEGFTjVOKatql/gP0PIsUsXCjo705OvT6CixPNpO3Fb0G5EfZOOoAOJc+gBLona/A/EmbNnvq9rDQrlJgIbnkK6jaaTL0Miqk9AV3jsjoxxvbd7TF3p8T1ccibW1bXOWJaiojTO7ldio
www.hbf.com.au/ Name: Bootstrap
Value: 1
www.hbf.com.au/ Name: __RequestVerificationToken
Value: nsDhrSGCAE7DpjGYRzn2s4uNz-07eH5dvYaVnGZuGdMNlMcmRflMFBs-08pnwJ78LBNA88WXKU7KeDp15ljzGtNGcU66zcUk8P0GCc3kwak1
.hbf.com.au/ Name: dtCookie
Value: v_4_srv_6_sn_13CBA143BB5E4D956876926C959CD063_perc_100000_ol_0_mul_1_app-3A2cc8b170ae18fec1_1_rcs-3Acss_0
www.hbf.com.au/ Name: HBFCOMAU
Value: 1493834156.20480.0000
.hbf.com.au/ Name: rxVisitor
Value: 1713500634769S4EHFNBSBDKIU8JCIEAOBJ332QM2ELFI
.hbf.com.au/ Name: dtPC
Value: 6$500634766_921h1vGMVNJRAKLHSLLJPPQTFTCENONPAMKQRC-0e0
.hbf.com.au/ Name: dtSa
Value: -
.hbf.com.au/ Name: rxvt
Value: 1713502434781|1713500634772
.hbf.com.au/ Name: _gcl_au
Value: 1.1.1055502677.1713500637
.hbf.com.au/ Name: _ga_MYCH9D7CM5
Value: GS1.1.1713500638.1.0.1713500638.0.0.603191450
.hbf.com.au/ Name: _ga
Value: GA1.1.1410238586.1713500638
.metrics.hbf.com.au/ Name: FPID
Value: FPID2.4.ALV2O9WaTUxyEfWMx7mZLsNPcPWb9eNJPhlYcSzQBsQ%3D.1713500638
.hbf.com.au/ Name: FPLC
Value: Ul5LOwN6zAR4jYSr9yrRs%2FIo2JUrRN7CTdFqpGewFv4XTRSYkFUNjEV8yuuuMq5apCGshkdKD1tBENqFclF%2B1QVrjgm4JJQZBr9HO1v%2F%2Fh0NN8oRuHTJzsRJVhE4hg%3D%3D
.hbf.com.au/ Name: FPAU
Value: 1.1.1055502677.1713500637
.hbf.com.au/ Name: FPGSID
Value: 1.1713500638.1713500638.G-MYCH9D7CM5.IUS5lD6C5frNNI3fqgXJbQ

7 Console Messages

Source Level URL
Text
security error URL: https://www.hbf.com.au/(Line 87)
Message:
[Report Only] Refused to load the script 'https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://metrics.hbf.com.au/gtm.js?id=GTM-5H9BG3M(Line 162)
Message:
[Report Only] Refused to load the script 'https://metrics.hbf.com.au/gtag/js?id=G-MYCH9D7CM5&l=dataLayer&cx=c&sign=d2c2a5d6eb0c2c95eacca7b4cd2825da4d6716e770beef5c3570061dd572102b_20240419' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/commons.9b20dd57c6f12e1beb80.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75/main.3beeafdd122bb2b5b4e1.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/me.7d4a349527f92fc578d9.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://try.abtasty.com/ebcb9988d27d098b750d78077da8ce75.js
Message:
[Report Only] Refused to load the script 'https://try.abtasty.com/shared/analytics.b639a00525b267e898ca.js' because it violates the following Content Security Policy directive: "script-src 'self' blob 'unsafe-eval' 'unsafe-inline' data: www.youtube.com *.google.com maps.googleapis.com tracker.departapp.com api.microsofttranslator.com s.ytimg.com sbx-media.com z.moatads.com ad.lkqd.net ds-aksb-a.akamaihd.net *.outbrain.com d10lpsik1i8c69.cloudfront.net fls.doubleclick.net img.en25.com analytics.twitter.com static.ads-twitter.com ajax.googleapis.com *.cloudfront.net *.demdex.net bat.bing.com accdn.lpsnmedia.net assets.adobedtm.com connect.facebook.net googleads.g.doubleclick.net lpcdn.lpsnmedia.net lptag.liveperson.net rum-collector-2.pingdom.net rum-static.pingdom.net s.yimg.com smetrics.hbf.com.au sp.analytics.yahoo.com stats.g.doubleclick.net sy.v.liveperson.net www.facebook.com www.google-analytics.com www.google.com www.google.com.au www.googleadservices.com www.googletagmanager.com www.sbx-media.com *.liveperson.net *.trendmicro.com cdn-javascript.net cdn-js.net cdnjs.cloudflare.com colextidapp.com snap.licdn.com fast.wistia.com fast.wistia.net fp166.digitaloptout.com gateway.zscalerone.net intext.nav-links.com majuwe.com mobiclean.xyz *.cmptch.com tpc.googlesyndication.com cdn.taboola.com ssl.bing.com platform.twitter.com cdn.syndication.twimg.com trc.taboola.com p.teads.tv analytics.tiktok.com secure.quantserve.com app.lifesight.io rules.quantcount.com cm.teads.tv www.linkedin.com i.ibb.co". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
hbfoptical.au
hbftest.report-uri.com
metrics.hbf.com.au
stats.g.doubleclick.net
try.abtasty.com
www.google.com.au
www.hbf.com.au
analytics.google.com
hbftest.report-uri.com
stats.g.doubleclick.net
try.abtasty.com
104.17.215.66
13.225.4.89
203.153.228.167
216.239.36.21
23.41.77.94
74.125.24.94
0d532de9eb870466b65ad9f193712815f5d13b2a13e6d1e2ace738d064f7e13a
1241114ef793919ce5616c035f031dc79262697abe666df83a73e3ecd343f26b
126b381f32f601d12e517bff52589bd007f815ec05a422e22c118f6497a2abfc
13ebfb6715df8697c788b07202b0aeedda684552df5b35f79ce64a2142d21801
1f69f6e6240becaf47a6a1c7b5c8e48ff55d1a7e5fa047a8efcb1d9b9f07f8c4
208f60d350ad338397cf51522aff076f426bb9771f6942f2c56a1c3922d9e950
22adfe14c7c2fd4bef80affabeab68931048c70e03d66108eb8538110ee651f6
233476b8bcfe23a306b66aaa03f39b57bd467bc3ac92c5c23c099bf9f83d0e3e
234e5b495b6340239b025103bdde1ebdcf13d1c1cbdc3e69acd062ead6f33ab2
23b900ba3978824ea16bbbb2e217af8d59c04d1420dac46198bf8fa431a4e27e
36c892ed0f3984edc6b7f72cc13ef87e6ced849e60b434ca9b7f62b5487f87b0
3826cab7a1d8668a2f60bf342e4a2466d70f0aa24e72b52b2f6f02531c67cc32
4432776d811fd53dbefc1c3aa183914349fd7c6d57a605c32fa40eedc7e09fc6
485c538e127375752f83e43598e1852a0b21ce8fd094af85511ff4b0f254e6d3
4dcab93a5283f441441ee1e00001c09b30c55c06a8580f4d748a328eb9bf8c9c
530482899aa38b2029054d6e0438b4ea67755f83957173082447cd2575caf3c1
5622fc3ad3311a018d775241213d8e1a62974695d4ab41378bafe5d7c3d4ff1c
6cb037948167b19b7b593a8b268023cf3f9db51ae5f5f20c2f4d33a51acdbd8c
7e4cc6e5e28d810f888a5b05d3568e3fd01b26d274a62ccf2511666c2960ba1d
7e908c6f63e11a32f61976b089e3e4e6304de32685441b68b5c8197ca2310cc5
8a90ec1c86639df0243ac45bf0bb2572c9367753ea7dd1ff06f98b670abae221
aadd7bdd77d040996bf325fad42b7937fb2deb875f29e633771c8c34f528c833
b2845a589fde5ad084f46980e781f2ff1663a91b08aabc59d267e44c1ec9c647
bd72b31f37207cec5da3dcbdb28021bb7913c4c53ab863e88c2b5ce35ea074d9
c0e1b82c4eae6c29292f6dc53ff355c918c83de935c78218579879ac8f9412a9
c366a8d99c394ba19f44fb439273e2b92fea3e344987b76f5c6c05fbe6863d68
c517be8f970a887f083d2766a5da6b37da8330e67c0556e5552bfb4789ca2974
c72005e68ae60a2cfafedd62d7dac444d3d8b5cee5ef301ead603c1636606469
dafe830772c603fe9336f3507fda5851388a25234be038066df4f92fd40bb02f
e137e4bca62843f66aa496264c5a6279afbf869cad0abdbcd4a2ea129120c439
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae90f1241d79313d015130627a7e4bfe5a7b50b03e9e3bd8ef4d1f2dd116747
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e2f9746163a355386bdc879d1bbe3eff37829e0bca044a59d38ed8efd1a60f
f2736eaaef1148265598c2dae67f0f12363cfbd011b7766e5dcac408861ca905
f3a3a9a22cc2feeee816992d5b31a6757308c9badd626fca1b2dc7be8d2b864f
fdf2e207fd7454d1b690d1a6cefe214c7056979df0d6a11be6ff72b60f7208cd