urlscan.io logo urlscan.io
SecurityTrails logo

my.ovoenergy.com Open in urlscan Pro
2606:4700::6812:906  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://email.mail.ovoenergy.com/c/eJxlU02P2yAQ_TXOjQgGMPiQw3ajlXropV2pUi8RH4OX1oYIk6zy74s33WTbSpblmfE83ps3-J1HyzZxBxSAchioZpyJrX...
Effective URL: https://my.ovoenergy.com/login
Submission: On April 11 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main IP is 2606:4700::6812:906, located in United States and belongs to CLOUDFLARENET, US. The main domain is my.ovoenergy.com. The Cisco Umbrella rank of the primary domain is 572519.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 28th 2021. Valid for: a year.
This is the only time my.ovoenergy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.58.43.37 16509 (AMAZON-02)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 9 2606:4700::68... 13335 (CLOUDFLAR...)
7 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
19 4
1    52.58.43.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-43-37.eu-central-1.compute.amazonaws.com
email.mail.ovoenergy.com
1    2606:4700::6810:465b (United States)

ASN13335 (CLOUDFLARENET, US)
smartpaym.ovoenergy.com
1    2606:4700::6812:11a2 (United States)

ASN13335 (CLOUDFLARENET, US)
account.ovoenergy.com
9    2606:4700::6812:906 (United States)

ASN13335 (CLOUDFLARENET, US)
my.ovoenergy.com
7    2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-ukwest.onetrust.com
2    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
12 ovoenergy.com
email.mail.ovoenergy.com
smartpaym.ovoenergy.com
account.ovoenergy.com
my.ovoenergy.com — Cisco Umbrella Rank: 572519
247 KB
7 onetrust.com
cdn-ukwest.onetrust.com — Cisco Umbrella Rank: 6560
125 KB
2 gstatic.com
fonts.gstatic.com
75 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
2 KB
19 4
Domain Requested by
9 my.ovoenergy.com 1 redirects my.ovoenergy.com
7 cdn-ukwest.onetrust.com my.ovoenergy.com
cdn-ukwest.onetrust.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com my.ovoenergy.com
1 account.ovoenergy.com 1 redirects
1 smartpaym.ovoenergy.com 1 redirects
1 email.mail.ovoenergy.com 1 redirects
19 7

This site contains links to these domains. Also see Links.

Domain
account-activation.ovoenergy.com
www.ovoenergy.com
onetrust.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-28 -
2022-06-27		 a year crt.sh
*.onetrust.com
DigiCert SHA2 Secure Server CA		 2020-05-21 -
2022-07-27		 2 years crt.sh
upload.video.google.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-03-21 -
2022-06-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://my.ovoenergy.com/login
Frame ID: 5E9B1C1DB6F64ABF562968B60796E21A
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OVO PortalBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://email.mail.ovoenergy.com/c/eJxlU02P2yAQ_TXOjQgGMPiQw3ajlXropV2pUi8RH4OX1oYIk6zy74s33WTbSpblmfE83ps3-J... HTTP 302
    https://smartpaym.ovoenergy.com/payments/direct-debit/change-amount?utm_source=email&utm_medium=email&utm_ca... HTTP 301
    https://account.ovoenergy.com/payments/direct-debit/change-amount?utm_source=email&utm_medium=email&utm_ca... HTTP 302
    https://my.ovoenergy.com/?redirect=https://account.ovoenergy.com/payments/direct-debit/change-amount?... HTTP 303
    https://my.ovoenergy.com/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • otSDKStub\.js

Page Statistics

19
Requests

100 %
HTTPS

86 %
IPv6

4
Domains

7
Subdomains

4
IPs

2
Countries

444 kB
Transfer

1519 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://email.mail.ovoenergy.com/c/eJxlU02P2yAQ_TXOjQgGMPiQw3ajlXropV2pUi8RH4OX1oYIk6zy74s33WTbSpblmfE83ps3-J1HyzZxBxSAchioZpyJrXHKOMuFhUE7j9AJOps4bfM5Y8IyXrYuz5uXHUplBXrOQXvURvkQaB-sQd0DgJabafdS63Hp-EMHT-1ZZlPq0Vzmv6FaZU1iqkv79LGgq6RRi7WF7sWkEYmZ8ynVjj-d6nxY8qk47PgeV14d9GtyRh9P8z9JZ-ajiWNqae8LO5xNicZO-F7OqeIKu381qR5qPvh8iPWQ8uvGnZaa512nPnUArqCp6B8aI3iTA-vMCOUEhmeqW4rx9SW2AEyrXlH-Y_0VHtfmNyQsn_2tu-kn1wG02A8AAhgQLXkggjlLtDOSBEO1pYFJtLRTj0AH4IKKG24txuFz_oXphustgdCL4BpGL71a0TixsoEjeN1LcBSYulMzyZTLtT2YacE_yDgfpyb4i0kx4PKu-m0U8a5isFwH7wNxlFIiAigyeOMJygGld9YJw25HnbEsMd-pMr2la6D213psVpRkpuf_VbVlDNILRoD6gYihibMInEglg2KIRkL_YSpxHLF8u-7IO8SxgZKUawzRmdp4LLeGUCImP132uLgSj_Ujyf3-K54jvj74n83EdUW_m5JiGu8TzPP8wVilFDU9V4T1zUFB9UC08M1aygdJBQ9U6KvqTdm5PE1YK25rvmC7ZW6M6334Db4jEd8 HTTP 302
    https://smartpaym.ovoenergy.com/payments/direct-debit/change-amount?utm_source=email&utm_medium=email&utm_campaign=ddr1_variable&utm_content=want_to_do_it_now HTTP 301
    https://account.ovoenergy.com/payments/direct-debit/change-amount?utm_source=email&utm_medium=email&utm_campaign=ddr1_variable&utm_content=want_to_do_it_now HTTP 302
    https://my.ovoenergy.com/?redirect=https://account.ovoenergy.com/payments/direct-debit/change-amount?utm_source%3Demail%26utm_medium%3Demail%26utm_campaign%3Dddr1_variable%26utm_content%3Dwant_to_do_it_now HTTP 303
    https://my.ovoenergy.com/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
my.ovoenergy.com/
Redirect Chain
  • https://email.mail.ovoenergy.com/c/eJxlU02P2yAQ_TXOjQgGMPiQw3ajlXropV2pUi8RH4OX1oYIk6zy74s33WTbSpblmfE83ps3-J1HyzZxBxSAchioZpyJrXHKOMuFhUE7j9AJOps4bfM5Y8IyXrYuz5uXHUplBXrOQXvURvkQaB-sQd0DgJabafdS63...
  • https://smartpaym.ovoenergy.com/payments/direct-debit/change-amount?utm_source=email&utm_medium=email&utm_campaign=ddr1_variable&utm_content=want_to_do_it_now
  • https://account.ovoenergy.com/payments/direct-debit/change-amount?utm_source=email&utm_medium=email&utm_campaign=ddr1_variable&utm_content=want_to_do_it_now
  • https://my.ovoenergy.com/?redirect=https://account.ovoenergy.com/payments/direct-debit/change-amount?utm_source%3Demail%26utm_medium%3Demail%26utm_campaign%3Dddr1_variable%26utm_content%3Dwant_to_d...
  • https://my.ovoenergy.com/login
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.ovoenergy.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5713dfcdce858397ac167fa2be2ccecbaf1537474645db18c0517a4ed3ca9eb3
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-lwU/JqRA26qJkyTj8oX+xg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
6f9fb5e08938d610-MXP
content-encoding
gzip
content-security-policy
script-src 'nonce-lwU/JqRA26qJkyTj8oX+xg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
content-type
text/html; charset=UTF-8
date
Mon, 11 Apr 2022 00:47:21 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only
x-xss-protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
6f9fb5df58cad610-MXP
content-length
0
content-security-policy
script-src 'nonce-Tz62tHP+sn/FKEhbPC/XLw==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
date
Mon, 11 Apr 2022 00:47:21 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
/login
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only
x-xss-protection
1; mode=block
f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
my.ovoenergy.com/assets/ 		180 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77d0cf4604fe73628169067b6213fb5b4dfbdfcb85d4809856990ef827c84b9a
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-baniLKOv+sg3DJzseHzZWw==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
63198
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"f4af49bd87efcc049ae3a85360e875e7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
content-security-policy
script-src 'nonce-baniLKOv+sg3DJzseHzZWw==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
cf-ray
6f9fb5e1196ed610-MXP
expires
Tue, 11 Apr 2023 00:47:21 GMT
OtAutoBlock.js
cdn-ukwest.onetrust.com/consent/936e0866-aa38-4dbd-9324-80aee2449e2f/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/consent/936e0866-aa38-4dbd-9324-80aee2449e2f/OtAutoBlock.js
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26a74208ece7e3f8e8c97dadde2373f8e286eecd91c95061912b79f242875cc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
E1KUSk0CDWYejSlm3tcPVg==
age
2343
content-length
2108
x-ms-lease-status
unlocked
last-modified
Tue, 30 Nov 2021 17:03:26 GMT
server
cloudflare
etag
0x8D9B4235318ACEC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
73e4f1a4-601e-0072-01b4-4c55a5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e1690559a7-MXP
otSDKStub.js
cdn-ukwest.onetrust.com/scripttemplates/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8305d86074fdee76ef38a7e264f3ac0bfab4051d8f13625b4bbd5396120b1fe1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
dVKVlVU+J+RB4CMcqf9NTw==
age
11980
content-length
6678
x-ms-lease-status
unlocked
last-modified
Tue, 29 Mar 2022 20:22:54 GMT
server
cloudflare
etag
0x8DA11C1E7DF391C
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
54de92be-b01e-0016-3c01-4ae505000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e1690759a7-MXP
expires
Mon, 11 Apr 2022 04:47:21 GMT
12f91dfefe5b5263affc6d7d4d6eee6f-vendors.bundle.js
my.ovoenergy.com/assets/ 		705 KB
197 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ovoenergy.com/assets/12f91dfefe5b5263affc6d7d4d6eee6f-vendors.bundle.js
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0808af2a0b623f1d3486272eba801a4f5103155afdd7bf231929841631b4ef6b
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-0nS+IochwZKZM8Ci9L/MTg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
7667
vary
Accept-Encoding
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"12f91dfefe5b5263affc6d7d4d6eee6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
content-security-policy
script-src 'nonce-0nS+IochwZKZM8Ci9L/MTg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
cf-ray
6f9fb5e1196fd610-MXP
expires
Tue, 11 Apr 2023 00:47:21 GMT
100c48b1d63ed6f5db4ee776fa85fee2-login.bundle.js
my.ovoenergy.com/assets/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.ovoenergy.com/assets/100c48b1d63ed6f5db4ee776fa85fee2-login.bundle.js
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc3bb6945aa47f65fe2547d423bcfbf4b42d8ede414934ad4dbb0dda1b7439e2
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-Z0Xs3f0yjFYUTaUTpzSsXg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
63198
strict-transport-security
max-age=31536000; includeSubDomains
content-length
4369
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"100c48b1d63ed6f5db4ee776fa85fee2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
content-security-policy
script-src 'nonce-Z0Xs3f0yjFYUTaUTpzSsXg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
accept-ranges
bytes
cf-ray
6f9fb5e11970d610-MXP
expires
Tue, 11 Apr 2023 00:47:21 GMT
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,700&display=swap
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e45512e6a8849091f2b483d2e2698b1dc9d29f4b479562886f92119048843cbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 10 Apr 2022 23:15:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 11 Apr 2022 00:47:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 11 Apr 2022 00:47:21 GMT
css
fonts.googleapis.com/ 		3 KB
633 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,600&display=swap
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4f92f6f2cf3f4dc48ba6cf0ddb4b26a977dc6486aa3eb64610b9a694678c4f72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 11 Apr 2022 00:46:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 11 Apr 2022 00:47:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 11 Apr 2022 00:47:21 GMT
936e0866-aa38-4dbd-9324-80aee2449e2f.json
cdn-ukwest.onetrust.com/consent/936e0866-aa38-4dbd-9324-80aee2449e2f/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/consent/936e0866-aa38-4dbd-9324-80aee2449e2f/936e0866-aa38-4dbd-9324-80aee2449e2f.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45fc432f88ccd0af37274f753b91bada8b1b4cff2c02a60afb9f536e2f82cdde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
0TQCPZliFk5E6aT2VaXodA==
age
2342
content-length
1258
x-ms-lease-status
unlocked
last-modified
Tue, 30 Nov 2021 17:03:24 GMT
server
cloudflare
etag
0x8D9B4235264603C
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3a53c82f-101e-005f-2148-4ad665000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e1ff805a3d-MXP
a431f8cc17e146238829779bbeffc122.png
my.ovoenergy.com/assets/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.ovoenergy.com/assets/a431f8cc17e146238829779bbeffc122.png
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a627e262439035c93411e3b7ef47c24b2a8245665734b8ebe05932f149cb613a
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-SCEwW8MWe8StnUEoCK9ysw==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
2342
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1607
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"f1686fe9af12dc91c95a7cc947cc0d31"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=3600
content-security-policy
script-src 'nonce-SCEwW8MWe8StnUEoCK9ysw==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
accept-ranges
bytes
cf-ray
6f9fb5e209c9d610-MXP
expires
Mon, 11 Apr 2022 01:47:21 GMT
a8978ceddf9a9829f0f189c774fd54bc.png
my.ovoenergy.com/assets/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.ovoenergy.com/assets/a8978ceddf9a9829f0f189c774fd54bc.png
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1beed943b61843ca1ff3bd71e4397b0ab7dcbd3e09db7823dbe20bfdf4b93ee8
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-fv3U0KgKAAmyslzNG+8DzA==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
2342
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1355
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"c9f78d344ab2637e1afa258c3bc3e143"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=3600
content-security-policy
script-src 'nonce-fv3U0KgKAAmyslzNG+8DzA==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
accept-ranges
bytes
cf-ray
6f9fb5e209cad610-MXP
expires
Mon, 11 Apr 2022 01:47:21 GMT
a8a09091acd2ab12264e3762970e7977.png
my.ovoenergy.com/assets/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.ovoenergy.com/assets/a8a09091acd2ab12264e3762970e7977.png
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91be756ab902f0ba11d7f2655a6c1f541928dc346fe69cb548fe995f45067287
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-tUYtOySyieNqsSdZJpg9QA==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
2342
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1468
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"ebc04a5fc2ab05c70a7f597cfb2c47c5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=3600
content-security-policy
script-src 'nonce-tUYtOySyieNqsSdZJpg9QA==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
accept-ranges
bytes
cf-ray
6f9fb5e209cbd610-MXP
expires
Mon, 11 Apr 2022 01:47:21 GMT
2959a2600e8608168b4bdf13cc87090e.svg
my.ovoenergy.com/assets/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.ovoenergy.com/assets/2959a2600e8608168b4bdf13cc87090e.svg
Requested by
Host: my.ovoenergy.com
URL: https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:906 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6cf64780a344811043dd4f85eacfcefce5fae2338604124805e0f1836c1f6d6
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-Ui8mYtD38qPvVYqIeOjYhQ==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/assets/f4af49bd87efcc049ae3a85360e875e7-ovoenergy.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-permitted-cross-domain-policies
master-only
age
2342
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1605
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
cloudflare
x-frame-options
DENY
etag
"bda812b1827d1d5579d676424122cfd3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=3600
content-security-policy
script-src 'nonce-Ui8mYtD38qPvVYqIeOjYhQ==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
accept-ranges
bytes
cf-ray
6f9fb5e209ccd610-MXP
expires
Mon, 11 Apr 2022 01:47:21 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v23/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v23/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://my.ovoenergy.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 11:55:47 GMT
x-content-type-options
nosniff
age
478294
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30876
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:11:59 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 05 Apr 2023 11:55:47 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://my.ovoenergy.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Tue, 05 Apr 2022 22:45:07 GMT
x-content-type-options
nosniff
age
439334
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 22:03:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Apr 2023 22:45:07 GMT
otBannerSdk.js
cdn-ukwest.onetrust.com/scripttemplates/6.10.0/ 		356 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:21 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
Bh9exWOPGIwRshWljrtlEw==
age
5877
content-length
79698
x-ms-lease-status
unlocked
last-modified
Tue, 01 Dec 2020 21:15:43 GMT
server
cloudflare
etag
0x8D8963E430EB2BB
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1d08b3a9-601e-0050-1001-4a3b93000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e249f159a7-MXP
expires
Mon, 11 Apr 2022 04:47:21 GMT
en.json
cdn-ukwest.onetrust.com/consent/936e0866-aa38-4dbd-9324-80aee2449e2f/0d279b23-dcba-4aed-95e0-70c643b1acb8/ 		87 KB
21 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/consent/936e0866-aa38-4dbd-9324-80aee2449e2f/0d279b23-dcba-4aed-95e0-70c643b1acb8/en.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9753a041888f38d7606b340244a08a50162e11977b434b8a320382a40ed54914
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:22 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
gZQPtd+xbdrZ7yi9M43hOQ==
age
2343
content-length
21478
x-ms-lease-status
unlocked
last-modified
Tue, 30 Nov 2021 17:03:27 GMT
server
cloudflare
etag
0x8D9B423540F062C
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3ea5b2f4-001e-000f-1b48-4ac96d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e2a8535a3d-MXP
otCenterRounded.json
cdn-ukwest.onetrust.com/scripttemplates/6.10.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.10.0/assets/otCenterRounded.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:22 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
SH1nUCPouc1JVrHnvxpQbg==
age
2343
content-length
2857
x-ms-lease-status
unlocked
last-modified
Tue, 01 Dec 2020 21:15:32 GMT
server
cloudflare
etag
0x8D8963E3CDF044B
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
d82f1406-601e-005b-5db4-4c23e7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e2d8835a3d-MXP
expires
Mon, 11 Apr 2022 04:47:22 GMT
otPcCenter.json
cdn-ukwest.onetrust.com/scripttemplates/6.10.0/assets/v2/ 		46 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn-ukwest.onetrust.com/scripttemplates/6.10.0/assets/v2/otPcCenter.json
Requested by
Host: cdn-ukwest.onetrust.com
URL: https://cdn-ukwest.onetrust.com/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b27f686e9c39188ff63e191cc3efb6500a6c6d06f2d1d2ec27ceb623a2ecacc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.ovoenergy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 11 Apr 2022 00:47:22 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
content-md5
ydfMbMpHX/N/aS5YhkXXwQ==
age
2343
content-length
11336
x-ms-lease-status
unlocked
last-modified
Tue, 01 Dec 2020 21:15:34 GMT
server
cloudflare
etag
0x8D8963E3DE2F79B
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
ab620c16-901e-004e-2c41-4ae17e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6f9fb5e2d8865a3d-MXP
expires
Mon, 11 Apr 2022 04:47:22 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| OneTrustStub function| OptanonWrapper object| webpackChunkui string| GoogleAnalyticsObject function| ga string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust

2 Cookies

Domain/Path Name / Value
my.ovoenergy.com/ Name: PLAY_SESSION
Value: eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7ImNzcmZUb2tlbiI6ImNmNDRiM2MwM2I4NjIxYjNmZmY4Y2ExN2UxMGY2ZWQwMzEwNGRlMzktMTY0OTYzODA0MTcxOC0xMzg5NjM5OGNjOGEzNGRkNTM3ODllMzcifSwibmJmIjoxNjQ5NjM4MDQxLCJpYXQiOjE2NDk2MzgwNDF9.fajfeH8R6Rv4ZPrREYwVQ_6ar8X5g4yhHucWdq5EwUE
.my.ovoenergy.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Mon+Apr+11+2022+00%3A47%3A22+GMT%2B0000+(GMT)&version=6.10.0&hosts=&consentId=79228019-83c3-4b1c-9848-f8f49106992e&interactionCount=0&landingPath=https%3A%2F%2Fmy.ovoenergy.com%2Flogin&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'nonce-lwU/JqRA26qJkyTj8oX+xg==' 'self' 'strict-dynamic' 'unsafe-eval' https://www.google-analytics.com https://cdn-ukwest.onetrust.com; frame-ancestors 'self' https://piggybacking.ovoenergy.com https://piggybacking-uat.ovoenergy.com; base-uri 'none'; connect-src 'self' https://api.mixpanel.com https://api-js.mixpanel.com https://www.google-analytics.com https://cdn-ukwest.onetrust.com; report-uri /report-to; default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn-ukwest.onetrust.com; img-src 'self' https://www.google-analytics.com data:; font-src 'self' https://fonts.gstatic.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

account.ovoenergy.com
cdn-ukwest.onetrust.com
email.mail.ovoenergy.com
fonts.googleapis.com
fonts.gstatic.com
my.ovoenergy.com
smartpaym.ovoenergy.com
2606:4700:10::6814:b844
2606:4700::6810:465b
2606:4700::6812:11a2
2606:4700::6812:906
2a00:1450:4001:828::2003
2a00:1450:4001:82f::200a
52.58.43.37
0808af2a0b623f1d3486272eba801a4f5103155afdd7bf231929841631b4ef6b
1beed943b61843ca1ff3bd71e4397b0ab7dcbd3e09db7823dbe20bfdf4b93ee8
26a74208ece7e3f8e8c97dadde2373f8e286eecd91c95061912b79f242875cc0
3b27f686e9c39188ff63e191cc3efb6500a6c6d06f2d1d2ec27ceb623a2ecacc
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
45fc432f88ccd0af37274f753b91bada8b1b4cff2c02a60afb9f536e2f82cdde
4f92f6f2cf3f4dc48ba6cf0ddb4b26a977dc6486aa3eb64610b9a694678c4f72
5713dfcdce858397ac167fa2be2ccecbaf1537474645db18c0517a4ed3ca9eb3
77d0cf4604fe73628169067b6213fb5b4dfbdfcb85d4809856990ef827c84b9a
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
8305d86074fdee76ef38a7e264f3ac0bfab4051d8f13625b4bbd5396120b1fe1
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
91be756ab902f0ba11d7f2655a6c1f541928dc346fe69cb548fe995f45067287
9753a041888f38d7606b340244a08a50162e11977b434b8a320382a40ed54914
a627e262439035c93411e3b7ef47c24b2a8245665734b8ebe05932f149cb613a
b6cf64780a344811043dd4f85eacfcefce5fae2338604124805e0f1836c1f6d6
bc3bb6945aa47f65fe2547d423bcfbf4b42d8ede414934ad4dbb0dda1b7439e2
c8f7c04f8d691138d54380550d91349271ca19cfc0f3f6666c401cfa892a12f8
e45512e6a8849091f2b483d2e2698b1dc9d29f4b479562886f92119048843cbd