auth.savings.workingadvantage.com Open in urlscan Pro
172.64.148.145  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://2u.savings.workingadvantage.com/offers?c=7010 Page URL
2. https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 HTTP 302
   https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Page URL
   

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

• https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
• https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js

Request Chain 36

• https://ad.doubleclick.net/ddm/activity/src=12084042;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 HTTP 302
• https://ad.doubleclick.net/ddm/activity/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 HTTP 302
• https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693

Request Chain 37

• https://secure.adnxs.com/seg?add=32509374&t=2 HTTP 307
• https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

123 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	offers Show response 2u.savings.workingadvantage.com/	9 KB 4 KB	146ms 120ms	Document text/html	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7017ed41d05a9da02afb02397adc74e12a93d3c4f6b5b9bbcafffe4ef06f0cdb Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 85a255aaaaa88fee-FRA content-encoding br content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com content-type text/html; charset=utf-8 date Fri, 23 Feb 2024 20:49:18 GMT last-modified Thu, 15 Feb 2024 11:50:53 GMT server cloudflare strict-transport-security max-age=5184000; includeSubDomains vary Accept-Encoding x-content-type-options nosniff x-frame-options DENY
GET H2	200	launch-a0e5cece2585.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/	661 KB 155 KB	25ms 8ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash a5ff70f6ac07dd9865153de5810ff20130a8e033bc547a36598c01bd4de1dc74 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:35 GMT server AkamaiNetStorage etag "f72c7e4973313980f51ed6fa9b44d977:1707952175.514279" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 158823 expires Fri, 23 Feb 2024 21:49:18 GMT
GET H2	200	new-relic-integration.js Show response 2u.savings.workingadvantage.com/assets/new-relic/	51 KB 18 KB	121ms 120ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/offers?c=7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:50:52 GMT server cloudflare cf-cache-status DYNAMIC content-encoding br etag W/"65cdfa9c-ccde" vary Accept-Encoding x-frame-options DENY content-type application/javascript; charset=utf-8 cf-ray 85a255ab7b418fee-FRA alt-svc h3=":443"; ma=86400
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/	157 KB 25 KB	35ms 18ms	Stylesheet text/css	2606:4700::6810:5814 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/ Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 7499927 x-jsd-version 4.5.3 content-encoding br x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230110-FRA x-jsd-version-type version server cloudflare etag W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5xsSjEDh6m3jBEnqrsniyk7Rm%2BoqOZFT2cGlr6QYYRGVQYF7hi8Y5C2wGba7E9M4kF7y4TGu5YGFIsuVahUfihRpdzV2%2BcZtpYQrrn%2B%2Fqc8lTDRwJCIMdj8hmgU9H8RTTCEDvq%2BkeX6erpED1cU%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 85a255ab8b672c5a-FRA
GET H2	200	js Show response maps.googleapis.com/maps/api/	222 KB 74 KB	59ms 35ms	Script text/javascript	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash 57cac9d59da6a16693baa0fe6c3316b64b8f82c70724e08253551ffde7565f2d Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Accept-Language, Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control public, max-age=1800 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 75427 x-xss-protection 0
GET H2	200	web-animations.min.js Show response cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/	47 KB 14 KB	32ms 15ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 9201137 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 13763 last-modified Mon, 04 May 2020 16:17:51 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb0402f-bad6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsfc9aPq2ZdE1lONnSLo2gDHzDnCjno4qw%2FEVUJA5CxMVDPN2%2BwdSeCfByMFEKGe7KCI0VSzQ19xJnTwuUpgm%2FUBOQoqRBT2yCRhec8EK4277pvFsJQFG1N9PVanis2AjpkBfSgYAY2QHs1fctESKIZ6"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 85a255ab8bea043a-FRA expires Wed, 12 Feb 2025 20:49:18 GMT
GET H2	200	runtime.b1d428235011b057.js Show response 2u.savings.workingadvantage.com/	4 KB 2 KB	114ms 114ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/runtime.b1d428235011b057.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8353e35c813581f93fab366b791fb43f8e639dd67d72982f7f029807eb63a939 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/offers?c=7010 Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare content-encoding br etag W/"65cdfa93-e90" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255ab7b428fee-FRA alt-svc h3=":443"; ma=86400
GET H2	200	polyfills.0f88da5fdbf95761.js Show response 2u.savings.workingadvantage.com/	141 KB 49 KB	124ms 124ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/polyfills.0f88da5fdbf95761.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 46f16c323557a318dd6604bab3ebe8dbd9d23bc318b55eec33b0b0a4502c0bd1 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/offers?c=7010 Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare content-encoding br etag W/"65cdfa93-234ab" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255ab7b438fee-FRA alt-svc h3=":443"; ma=86400
GET H3	200	scripts.1baad6c013597821.js Show response 2u.savings.workingadvantage.com/	166 KB 55 KB	134ms 133ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/scripts.1baad6c013597821.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2aef73d8723fb7d91d516282c5a33140f448212e7d49898baab65f6c8b74ddc6 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/offers?c=7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare cf-cache-status DYNAMIC content-encoding br etag W/"65cdfa93-29758" vary Accept-Encoding x-frame-options DENY content-type application/javascript; charset=utf-8 cf-ray 85a255ac4cb03816-FRA alt-svc h3=":443"; ma=86400
GET H2	200	main.4ff1e54ce4c12b9e.js Show response 2u.savings.workingadvantage.com/	5 MB 1 MB	124ms 124ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/main.4ff1e54ce4c12b9e.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 454c214ca26ab65db5a16da48252230a3ab2b947224003c0ddb8fa2677141656 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/offers?c=7010 Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare content-encoding br etag W/"65cdfa93-5049fd" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255ab7b448fee-FRA alt-svc h3=":443"; ma=86400
GET H2	200	gtm.js Show response www.googletagmanager.com/	239 KB 80 KB	53ms 29ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f80c5e7b36f0a2b5ecd7dcd4b931d7a98eb0f9b5ec53cb6681ade3ae8cbd3989 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 81643 x-xss-protection 0 last-modified Fri, 23 Feb 2024 20:04:07 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 23 Feb 2024 20:49:18 GMT
GET H2	200	id Show response dpm.demdex.net/	185 B 679 B	91ms 32ms	XHR application/json	54.247.186.102 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1708721358687 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.247.186.102 , Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-247-186-102.eu-west-1.compute.amazonaws.com Software / Resource Hash 4cf022c4fec7f522b2cedbf3dadafc6d9c9a460935d2cdc31fcc225b7418088b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers dcs dcs-prod-irl1-2-v057-043b356b9.edge-irl1.demdex.com 1 ms pragma no-cache date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-tid svop/DU/TME= vary Origin content-type application/json;charset=utf-8 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private access-control-allow-credentials true content-length 186 expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	AppMeasurement.min.js Show response assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/	33 KB 12 KB	10ms 7ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 16:35:31 GMT server AkamaiNetStorage etag "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 12163 expires Fri, 23 Feb 2024 21:49:18 GMT
GET H2	200	AppMeasurement_Module_ActivityMap.min.js Show response assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/	3 KB 2 KB	11ms 8ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 16:35:31 GMT server AkamaiNetStorage etag "2d1382c349d480b6b41574ac0c1af066:1644856531.739514" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 1597 expires Fri, 23 Feb 2024 21:49:18 GMT
GET H3	200	styles.f02f3e4d86a48b3e.css 2u.savings.workingadvantage.com/	95 KB 16 KB	159ms 157ms	Stylesheet text/css	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/styles.f02f3e4d86a48b3e.css Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ea3d356230da20a9876271fbb4c85ffa912fe03868fe3021069d1a1c3415a072 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/offers?c=7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare cf-cache-status DYNAMIC content-encoding br etag W/"65cdfa93-17af1" vary Accept-Encoding x-frame-options DENY content-type text/css cf-ray 85a255ac5cb13816-FRA alt-svc h3=":443"; ma=86400
GET H2	200	S6uyw4BMUTPHjx4wXiWtFCc.woff2 fonts.gstatic.com/s/lato/v24/	14 KB 14 KB	32ms 7ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://2u.savings.workingadvantage.com/ Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Wed, 21 Feb 2024 03:33:03 GMT x-content-type-options nosniff age 234975 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13980 x-xss-protection 0 last-modified Tue, 02 May 2023 15:17:19 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 20 Feb 2025 03:33:03 GMT
GET H2	200	id Show response smetrics.workingadvantage.com/	48 B 478 B	54ms 20ms	XHR application/x-javascript	63.140.62.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=46757837134638414743898926098657449416&cl=157680000&d_coppa=true&ts=1708721358785 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.62.222 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-62-222.data.adobedc.net Software jag / Resource Hash 0d6f7227311722856032c82dc1baa0de768d31189555773808225bbe7a41bdd6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Fri, 23 Feb 2024 20:49:18 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff server jag vary Origin content-type application/x-javascript;charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com p3p CP="This is not a P3P policy" cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true content-length 48 x-xss-protection 1; mode=block
GET H2	200	js Show response www.googletagmanager.com/gtag/	286 KB 95 KB	24ms 24ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 36bb307255dedc3e058ef1a3f245ba99c1c455accdf0c3ece8cf694e07fdf174 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 97319 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 23 Feb 2024 20:49:18 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	28ms 8ms	Script text/javascript	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 23 Feb 2024 19:32:03 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 4635 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Fri, 23 Feb 2024 21:32:03 GMT
GET H3	200	gen_204 Show response maps.googleapis.com/maps/api/mapsjs/	3 B 45 B	45ms 30ms	XHR application/json	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://2u.savings.workingadvantage.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23 x-xss-protection 0
POST H2	200	collect Show response www.google-analytics.com/j/	16 B 233 B	17ms 16ms	XHR text/plain	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=783492042&t=pageview&_s=1&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1776331407&gjid=2016086142&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&_r=1&_slc=1&gtm=45He42l0n815QN8HWMv78847533za220&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1896921207 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:18 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 16 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 265 B	48ms 14ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684z878847533za220&_p=1708721358641&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708721358&sct=1&seg=0&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&dt=Beneplace%20Team%20Discounts&en=page_view&_fv=1&_ss=1&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&up.pb_site_name=2u&up.page_path=%2Foffers&up.user_id_value=&up.zip_code=NaN&tfd=436 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 357 B	64ms 21ms	XHR text/plain	2a00:1450:400c:c00::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2876877-9&cid=1225985025.1708721359&jid=1776331407&gjid=2016086142&_gid=49765537.1708721359&_u=YEBAAEAAAAAAACAAI~&z=1917851590 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Fri, 23 Feb 2024 20:49:18 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	267 KB 90 KB	22ms 21ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 65494fdcb6dcb8402721847989ee329810c42dbeed42254b6d6e1b66486c8b0f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:18 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 91892 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 23 Feb 2024 20:49:18 GMT
POST H2	204	collect region1.google-analytics.com/g/	0 54 B	15ms 15ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je42l0v9126564266za220&_p=1708721358641&gcd=13l3l3l3l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1225985025.1708721359&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&dt=Beneplace%20Team%20Discounts&sid=1708721358&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=504 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:18 GMT server Golfe2 content-type text/plain access-control-allow-origin https://2u.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET DATA	200 OK	truncated /	38 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Content-Type image/webp
GET H3	200	info Show response 2u.savings.workingadvantage.com/api/	7 KB 2 KB	138ms 138ms	XHR text/html	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/info Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6de2a64494f3eb2460892be0ffb080df38924e553e5af01b92f069378794ac25 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/offers?c=7010 tracestate 88831@nr=0-1-2647367-1120218725-bdcceae1fd50d30c----1708721359113 traceparent 00-f060ba39cd3f0a1c9d464db1e29f8f00-bdcceae1fd50d30c-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImJkY2NlYWUxZmQ1MGQzMGMiLCJ0ciI6ImYwNjBiYTM5Y2QzZjBhMWM5ZDQ2NGRiMWUyOWY4ZjAwIiwidGkiOjE3MDg3MjEzNTkxMTMsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding, Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/html; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255ae7e383816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:18 GMT
GET H3	200	marketplace-styles.css Show response 2u.savings.workingadvantage.com/api/2u/	32 KB 5 KB	264ms 264ms	XHR text/css	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/2u/marketplace-styles.css Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1a654d1a443a60b182332b2f163ccb71a650332eab2cd471556b7156b7808317 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/offers?c=7010 tracestate 88831@nr=0-1-2647367-1120218725-18e4d51c6a20bdbe----1708721359114 traceparent 00-e5560bba44dbcf44d1dbf713a221f500-18e4d51c6a20bdbe-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjE4ZTRkNTFjNmEyMGJkYmUiLCJ0ciI6ImU1NTYwYmJhNDRkYmNmNDRkMWRiZjcxM2EyMjFmNTAwIiwidGkiOjE3MDg3MjEzNTkxMTQsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"812d-u+uouUIjVDsJ3uc6k/+Y/VJtORk" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/css; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255ae7e3c3816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:18 GMT
GET H3	200	colors.css Show response 2u.savings.workingadvantage.com/api/2u/	3 KB 821 B	349ms 349ms	XHR text/css	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/2u/colors.css?scope=:root,app-logged-in,ngb-modal-window Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bed80b2c99b7a1baa628163a6fd1f9fb2220f9c089036565ffe594a4f0d5d5a1 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/offers?c=7010 tracestate 88831@nr=0-1-2647367-1120218725-f2153600911b4245----1708721359114 traceparent 00-c327c052030a949ef3d5d1fa1670cc00-f2153600911b4245-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImYyMTUzNjAwOTExYjQyNDUiLCJ0ciI6ImMzMjdjMDUyMDMwYTk0OWVmM2Q1ZDFmYTE2NzBjYzAwIiwidGkiOjE3MDg3MjEzNTkxMTQsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"a6c-HLUKF1XW3IuqCQiKuXxBvhPMZp8" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/css; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255ae7e3d3816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:18 GMT
GET H2	200	RCea9d317d3a374e44b3f0f8711e38765e-source.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/	2 KB 1018 B	8ms 7ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash e197eefb3a6378c1636ca452e85b757536156c962cd4c96cbe86c6ec83b92510 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:19 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:38 GMT server AkamaiNetStorage etag "c2c6de46c90c909501aada279b8b0209:1707952178.118178" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 751 expires Fri, 23 Feb 2024 21:49:19 GMT
GET H3	200	main.js Show response 2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/ Frame 02FD Redirect Chain https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js	8 KB 4 KB	22ms 22ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H3 Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 581d8e0801b687f1268b80b8abf95452c7921f6cd5142aa5ed79f8bc5500b3ae Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-encoding br server cloudflare vary accept-encoding content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public cf-ray 85a255aebe6f3816-FRA alt-svc h3=":443"; ma=86400 Redirect headers date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff server cloudflare vary accept-encoding location /cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js access-control-allow-origin * cache-control max-age=300, public cf-ray 85a255ae8e473816-FRA alt-svc h3=":443"; ma=86400
GET H2	200	sync Show response live.rezync.com/	6 KB 7 KB	182ms 155ms	Script text/javascript	18.239.83.21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1708721359159&k=ebg-wag3-pixel-0988 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.239.83.21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-239-83-21.ams58.r.cloudfront.net Software lighttpd/1.4.69 / Resource Hash 94d56c8432cefedc8b87cba3150f80b6c2864627539ea1038cb72386d18a72ac Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:19 GMT via 1.1 2f7ba54d76b215238a170acfd87327d6.cloudfront.net (CloudFront) server lighttpd/1.4.69 x-amz-cf-pop AMS58-P5 vary Cookie x-cache Miss from cloudfront content-type text/javascript accept-ranges bytes content-length 6148 x-amz-cf-id y8qFG4E4Jq0sHkH3fQjJ2YN9Z8tYxNwStLjy9HDSU2OkMKsM9TGFDw==
POST H3	200	85a255aaaaa88fee Show response 2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 02FD	0 346 B	45ms 44ms	XHR text/plain	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/jsd/r/85a255aaaaa88fee Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type application/json Response headers date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-encoding br server cloudflare content-type text/plain; charset=UTF-8 cf-ray 85a255af4ef23816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	2u Show response 2u.savings.workingadvantage.com/api/controls/	2 KB 1 KB	940ms 940ms	XHR application/json	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/controls/2u Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/offers?c=7010 tracestate 88831@nr=0-1-2647367-1120218725-c67a05cb0c06b43a----1708721359253 traceparent 00-da6cba582acedad5ceaee54bc35a9e00-c67a05cb0c06b43a-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImM2N2EwNWNiMGMwNmI0M2EiLCJ0ciI6ImRhNmNiYTU4MmFjZWRhZDVjZWFlZTU0YmMzNWE5ZTAwIiwidGkiOjE3MDg3MjEzNTkyNTMsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"7e1-QzUZ6tuVa8wnoxHfM4ebNWFGbtg" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255af5f003816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:19 GMT
GET H/1.1	200 OK	p13n.min.js Show response cdn.boomtrain.com/p13n/ebg-wag3/	93 KB 30 KB	24ms 8ms	Script application/javascript	18.66.122.57 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.122.57 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-122-57.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 62ec57b7f971a77af7380ce75ee21e1b881fd1fa628efdb36607125004cca092 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers x-amz-version-id TcWqIyrq1zgLtA.x_qenTnVMoX.Va_FU Content-Encoding gzip Via 1.1 508d9aac3b0097e502b117c1e7390bb0.cloudfront.net (CloudFront) Date Fri, 23 Feb 2024 20:32:12 GMT X-Amz-Cf-Pop FRA60-P2 Age 1028 x-amz-server-side-encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Wed, 21 Feb 2024 04:40:16 GMT Server AmazonS3 ETag W/"a036c704209d386b667790a5a0757a3f" Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=3600 X-Amz-Cf-Id 3PjebKEfH6E7EPAQXhEtRwHMYLHR1T9QJQW4MMf7u8Mcp3Du9OnlUw==
GET H/1.1	200 OK	/ Show response com-wag3.netmng.com/	3 KB 2 KB	382ms 101ms	Script text/javascript	199.38.167.54 ROCKETFUEL
General Check archive.org Show headers Download Go to Full URL https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28= Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.38.167.54 , United States, ASN54312 (ROCKETFUEL, US), Reverse DNS Software openresty / Resource Hash 51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Pragma no-cache Date Fri, 23 Feb 2024 20:49:19 GMT Content-Encoding gzip Last-Modified Wed, 21 Feb 2024 20:49:19 GMT Server openresty Transfer-Encoding chunked Vary Accept-Encoding P3P policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV" Content-Type text/javascript; charset=UTF-8 X-Cnection close Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private Expires Wed, 21 Feb 2024 20:49:19 GMT
GET H2	200	;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=h... Redirect Chain https://ad.doubleclick.net/ddm/activity/src=12084042;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.working... https://ad.doubleclick.net/ddm/activity/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u... https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u2...	42 B 401 B	68ms 45ms	Image image/gif	2a00:1450:4001:803::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Server 2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:19 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers date Fri, 23 Feb 2024 20:49:19 GMT attribution-reporting-register-trigger {"aggregatable_deduplication_keys":[{"deduplication_key":"16543884885382950303"}],"aggregatable_trigger_data":[{"filters":{"14":["12836263"]},"key_piece":"0xd41bfddb4f9b75a0","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0xc66289dfe9df4603","not_filters":{"14":["12836263"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["12836263"]},"key_piece":"0xf17e60fda726ab0f","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0xcd6aedf539b910fd","not_filters":{"14":["12836263"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"13932072185016433889","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"16543884885382950303","filters":{"14":["12836263"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"16543884885382950303","filters":{"14":["12836263"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"16543884885382950303","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"16543884885382950303","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["12084042"]}} x-content-type-options nosniff p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 pragma no-cache server cafe content-type image/png location https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 access-control-allow-origin * cache-control no-cache, must-revalidate timing-allow-origin * expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bounce secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/seg?add=32509374&t=2 https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2	43 B 1 KB	16ms 15ms	Image image/gif	185.89.211.84 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/offers?c=7010 Protocol H2 Server 185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:19 GMT an-x-request-uuid b5f8391c-e181-4ecd-aec5-f30df66368fd server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 81.95.5.42; 81.95.5.42; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Fri, 23 Feb 2024 20:49:19 GMT an-x-request-uuid feb1660c-6248-46d3-97c1-54f325087bd5 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2 x-proxy-origin 81.95.5.42; 81.95.5.42; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H/1.1	200 OK	resolve Show response people.api.boomtrain.com/identify/	142 B 457 B	385ms 110ms	XHR application/json	54.161.181.126 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNjcwMTc2YmItODE3Mi00NTZlLWFkZTMtOGIzZTBkMDVhMTc5OjE3MDg3MjEzNTkuMjY0NTU4MyJ9fQ%3D%3D&site_id=ebg-wag3 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.161.181.126 , United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-161-181-126.compute-1.amazonaws.com Software nginx / Resource Hash ca3b0682a3e17302b45645c19a5a7aa5275acc823633bf087f85855c4bfa87c9 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers Date Fri, 23 Feb 2024 20:49:19 GMT Server nginx Access-Control-Allow-Methods GET,PUT,POST,DELETE Content-Type application/json Access-Control-Allow-Origin * Connection keep-alive Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,x-app-id Content-Length 142
GET H2	200	RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/	451 B 553 B	12ms 11ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 8c8854741b41041a55e30363186b3e943076de5f80c39d1bb82ed6efbc5f8a6a Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:19 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:38 GMT server AkamaiNetStorage etag "c2c6de46c90c909501aada279b8b0209:1707952178.118178" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 286 expires Fri, 23 Feb 2024 21:49:19 GMT
GET H2	200	RC668a267ca36c45b5acca38f3e4360a76-source.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/	340 B 481 B	11ms 10ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC668a267ca36c45b5acca38f3e4360a76-source.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 8004dadb6b1625999c7de43a05d9c2d7fc4ac26ec644a95bfbd113c70b80c9a4 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:19 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:38 GMT server AkamaiNetStorage etag "c2c6de46c90c909501aada279b8b0209:1707952178.118178" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 215 expires Fri, 23 Feb 2024 21:49:19 GMT
GET H2	200	nr-spa.142f942f-1.239.1.min.js Show response js-agent.newrelic.com/	75 KB 26 KB	28ms 10ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers x-amz-version-id sn0IxCI.MkvNIiRAoqe.awP2R5evqDa4 content-encoding br via 1.1 varnish date Fri, 23 Feb 2024 20:49:19 GMT strict-transport-security max-age=300 x-amz-request-id XKNH2N4BMHCM512R x-amz-server-side-encryption AES256 x-cache HIT cross-origin-resource-policy cross-origin content-length 25649 x-amz-id-2 4mexhU0yeIewKmDeZm96VoQ5sJoXlVDLPLvdECeQEQCLYnoSPdDtx9GVJ5S3Dd2cS0NTUzBv+mg= x-served-by cache-fra-etou8220134-FRA last-modified Wed, 18 Oct 2023 21:33:59 GMT server AmazonS3 x-timer S1708721360.755832,VS0,VE0 etag "929044c7a94ad93d4583f5b62538f46a" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400 accept-ranges bytes x-cache-hits 411
POST H2	200	track Show response events.api.boomtrain.com/event/	2 B 209 B	296ms 108ms	XHR text/plain	35.170.199.47 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://events.api.boomtrain.com/event/track Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 35.170.199.47 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-170-199-47.compute-1.amazonaws.com Software nginx / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers access-control-allow-origin * date Fri, 23 Feb 2024 20:49:20 GMT server nginx access-control-allow-headers X-Requested-With, Content-Type, Authorization, x-app-id content-length 2 access-control-allow-methods GET, PUT, POST, DELETE content-type text/plain
POST H/1.1	200	NRJS-2ebdf5b38afbaafd48e Show response bam.nr-data.net/1/	40 B 468 B	392ms 372ms	XHR text/plain	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1303&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/offers&af=err,xhr,stn,ins,spa&be=147&fe=1108&dc=497&perf=%7B%22timing%22:%7B%22of%22:1708721358480,%22n%22:0,%22dn%22:7,%22dne%22:7,%22c%22:7,%22s%22:14,%22ce%22:26,%22rq%22:26,%22rp%22:147,%22rpe%22:148,%22di%22:293,%22ds%22:635,%22de%22:643,%22dc%22:1252,%22l%22:1253,%22le%22:1254%7D,%22navigation%22:%7B%7D%7D Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software envoy / Resource Hash 5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:20 GMT server envoy access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type text/plain access-control-allow-origin https://2u.savings.workingadvantage.com access-control-allow-credentials true x-envoy-upstream-service-time 2 cross-origin-resource-policy cross-origin Connection keep-alive Content-Length 40 x-served-by cache-fra-etou8220064-FRA
POST H/1.1	200	NRJS-2ebdf5b38afbaafd48e Show response bam.nr-data.net/events/1/	24 B 407 B	102ms 102ms	XHR image/gif	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1705&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/offers Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software envoy / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers Referer https://2u.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:20 GMT server envoy access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type image/gif access-control-allow-origin https://2u.savings.workingadvantage.com access-control-allow-credentials true x-envoy-upstream-service-time 1 Connection keep-alive Content-Length 24 x-served-by cache-fra-etou8220064-FRA
GET H3	200	436.1fd2a6e25a9d1c0f.js Show response 2u.savings.workingadvantage.com/	174 KB 27 KB	127ms 127ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/436.1fd2a6e25a9d1c0f.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 802106d17b6759222edb6db3ed2413e405dcec222a4b1803b8abd257d5f7dbc6 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/offers?c=7010 Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare content-encoding br etag W/"65cdfa93-2b7d7" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255b55c2d3816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	common.e04d7f09503f3a4f.js Show response 2u.savings.workingadvantage.com/	5 KB 2 KB	120ms 119ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/common.e04d7f09503f3a4f.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fb6611f167cc8d81ab1e4daaf57b28d130317c63e469b586ce9e1dd54781d6f8 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/offers?c=7010 Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare content-encoding br etag W/"65cdfa93-15a5" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255b55c303816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	417.83c10db89499ed28.js Show response 2u.savings.workingadvantage.com/	239 KB 47 KB	129ms 129ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/417.83c10db89499ed28.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 20d3214f899634774d631d8da56b8ed42f9c7bd026954231812d75d1fce2d1a4 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://2u.savings.workingadvantage.com/offers?c=7010 Origin https://2u.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:50:43 GMT server cloudflare content-encoding br etag W/"65cdfa93-3ba46" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255b55c313816-FRA alt-svc h3=":443"; ma=86400
GET		authorize auth.savings.workingadvantage.com/auth/ Frame 1A60	0 0
GET H3	200	onetrust Show response 2u.savings.workingadvantage.com/api/platform/options/	501 B 727 B	161ms 161ms	XHR application/json	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/platform/options/onetrust Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05f687735d78286be14d4e10a1fb29138cddcf927835e5441b61406512db7c8e Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/offers?c=7010 tracestate 88831@nr=0-1-2647367-1120218725-2950f98a98e78b3e----1708721360364 traceparent 00-152f19784f5f465a534652944480c100-2950f98a98e78b3e-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjI5NTBmOThhOThlNzhiM2UiLCJ0ciI6IjE1MmYxOTc4NGY1ZjQ2NWE1MzQ2NTI5NDQ0ODBjMTAwIiwidGkiOjE3MDg3MjEzNjAzNjQsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255b64cf13816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:19 GMT
GET H3	200	info 2u.savings.workingadvantage.com/api/	8 KB 3 KB	175ms 175ms	XHR text/html	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/info?authInfo=true Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/offers?c=7010 tracestate 88831@nr=0-1-2647367-1120218725-9daa9a13b12af20f----1708721360367 traceparent 00-dde901d24cbbe2af4b381528ae716600-9daa9a13b12af20f-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjlkYWE5YTEzYjEyYWYyMGYiLCJ0ciI6ImRkZTkwMWQyNGNiYmUyYWY0YjM4MTUyOGFlNzE2NjAwIiwidGkiOjE3MDg3MjEzNjAzNjcsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding, Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/html; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255b64cf73816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:19 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	7ms 7ms	Image image/gif	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j101&a=783492042&t=pageview&_s=1&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=2U%20Inc%20Discount%20Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&gtm=45He42l0n815QN8HWMv78847533za220&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1907617014 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:41:44 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 456 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	200	gtm.js www.googletagmanager.com/	239 KB 80 KB	18ms 18ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 81643 x-xss-protection 0 last-modified Fri, 23 Feb 2024 20:04:07 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 23 Feb 2024 20:49:20 GMT
GET H3	200	js www.googletagmanager.com/gtag/	192 KB 69 KB	16ms 16ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-2876877-9 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 70895 x-xss-protection 0 last-modified Fri, 23 Feb 2024 20:04:07 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 23 Feb 2024 20:49:20 GMT
GET H3	200	mouseflow 2u.savings.workingadvantage.com/api/platform/options/	94 B 491 B	158ms 158ms	XHR application/json	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.workingadvantage.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://2u.savings.workingadvantage.com/ tracestate 88831@nr=0-1-2647367-1120218725-040ca70ae39f6b58----1708721360531 traceparent 00-4227a66a604fa1dc6b8872d44246b800-040ca70ae39f6b58-01 accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 newrelic eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjA0MGNhNzBhZTM5ZjZiNTgiLCJ0ciI6IjQyMjdhNjZhNjA0ZmExZGM2Yjg4NzJkNDQyNDZiODAwIiwidGkiOjE3MDg3MjEzNjA1MzEsInRrIjoiODg4MzEifX0= Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"5e-xWERRy+8FVp8nFwecehLclRX7Go" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin http://2u.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255b75dc03816-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:19 GMT
GET H3	200	Primary Request sign-in Show response auth.savings.workingadvantage.com/2u/ Redirect Chain https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010	10 KB 3 KB	127ms 126ms	Document text/html	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/main.4ff1e54ce4c12b9e.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4264bfa87de5afd4b0236f34dfeee60b2231773a4b404c970c25c4543cd3b4ac Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://2u.savings.workingadvantage.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 85a255b88ec43816-FRA content-encoding br content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com content-type text/html; charset=utf-8 date Fri, 23 Feb 2024 20:49:20 GMT last-modified Thu, 15 Feb 2024 11:56:47 GMT server cloudflare strict-transport-security max-age=5184000; includeSubDomains vary Accept-Encoding x-content-type-options nosniff x-frame-options DENY Redirect headers access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS access-control-allow-origin http://auth.savings.workingadvantage.com alt-svc h3=":443"; ma=86400 cache-control no-cache no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-cache-status DYNAMIC cf-ray 85a255b76c758fee-FRA content-type text/html; charset=utf-8 date Fri, 23 Feb 2024 20:49:20 GMT expires Fri, 23 Feb 2024 20:49:19 GMT location /2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 server cloudflare strict-transport-security max-age=5184000; includeSubDomains vary Origin, Accept x-content-type-options nosniff x-powered-by
GET H2	200	07e508d2-aee2-481f-ac8e-6e200d46af80.js cdn.mouseflow.com/projects/	196 KB 58 KB	52ms 34ms	Script application/javascript	2606:4700::6812:1a32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.mouseflow.com/projects/07e508d2-aee2-481f-ac8e-6e200d46af80.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a32 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=15552000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br age 56067 x-cache-status MISS alt-svc h3=":443"; ma=86400 x-mf-script-region enforced-privacy last-modified Thu, 15 Feb 2024 22:03:35 GMT server cloudflare etag W/"b36785d25a60da1:0" vary Accept-Encoding, Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=86400 cf-ray 85a255b87c611c3a-FRA expires Sat, 24 Feb 2024 20:49:20 GMT
GET H2	200	RC0c16579d5c704bd0a214633d669d35f2-source.min.js assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/	1018 B 814 B	11ms 11ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC0c16579d5c704bd0a214633d669d35f2-source.min.js Requested by Host: 2u.savings.workingadvantage.com URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer https://2u.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:38 GMT server AkamaiNetStorage etag "c2c6de46c90c909501aada279b8b0209:1707952178.118178" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://2u.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 547 expires Fri, 23 Feb 2024 21:49:20 GMT
GET		init n2.mouseflow.com/	0 0
POST		collect region1.google-analytics.com/g/	0 0
POST		collect region1.google-analytics.com/g/	0 0
POST		collect region1.google-analytics.com/g/	0 0
POST		NRJS-2ebdf5b38afbaafd48e bam.nr-data.net/events/1/	0 0
POST		NRJS-2ebdf5b38afbaafd48e bam.nr-data.net/jserrors/1/	0 0
POST		NRJS-2ebdf5b38afbaafd48e bam.nr-data.net/jserrors/1/	0 0
POST		NRJS-2ebdf5b38afbaafd48e bam.nr-data.net/events/1/	0 0
GET H2	200	launch-a0e5cece2585.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/	661 KB 155 KB	9ms 7ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash a5ff70f6ac07dd9865153de5810ff20130a8e033bc547a36598c01bd4de1dc74 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:35 GMT server AkamaiNetStorage etag "f72c7e4973313980f51ed6fa9b44d977:1707952175.514279" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://auth.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 158823 expires Fri, 23 Feb 2024 21:49:20 GMT
GET H3	200	new-relic-integration.js Show response auth.savings.workingadvantage.com/assets/new-relic/	51 KB 18 KB	115ms 114ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:56:46 GMT server cloudflare cf-cache-status DYNAMIC content-encoding br etag W/"65cdfbfe-ccde" vary Accept-Encoding x-frame-options DENY content-type application/javascript; charset=utf-8 cf-ray 85a255b96f683816-FRA alt-svc h3=":443"; ma=86400
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/	157 KB 25 KB	25ms 24ms	Stylesheet text/css	2606:4700::6810:5814 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/ Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 7499929 x-jsd-version 4.5.3 content-encoding br x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-served-by cache-fra-eddf8230110-FRA x-jsd-version-type version server cloudflare etag W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLaHb91xfO4Nqu98cxX%2BjYpdDBo8PekKBjAQgrN0KX%2BsDsTbGXa7IMhqec3VJKWW03KYpkt7kYr1%2F1ezoWQCRJR0Fh5OxqVTXmjRmFWgbn8ILDPIc1CZ6oY3HpV%2FpzMWWtOWjBYcPRP3jit1UsI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 85a255b969052c5a-FRA
GET H2	200	js Show response maps.googleapis.com/maps/api/	222 KB 74 KB	34ms 32ms	Script text/javascript	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash 57cac9d59da6a16693baa0fe6c3316b64b8f82c70724e08253551ffde7565f2d Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Accept-Language, Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control public, max-age=1800 cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 75427 x-xss-protection 0
GET H2	200	web-animations.min.js Show response cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/	47 KB 14 KB	15ms 14ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 9201139 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 13763 last-modified Mon, 04 May 2020 16:17:51 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb0402f-bad6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOZQO76mDTtMwSyJCCu%2F3Edgo0v%2BUpvKncmghCM9AhakLRK5iiH5Cusf2fZzK14Wbe7OF3%2B2FHPV8sqOEFInoHAgyoH6ADc40EKlBcouHcQmogBbD%2BB4LPIlkWYOYObuOtW2jhD9Vqb0pmfI7Vp%2BxkM0"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 85a255b9690e043a-FRA expires Wed, 12 Feb 2025 20:49:20 GMT
GET H3	200	runtime.13338c5d9c83d0b6.js Show response auth.savings.workingadvantage.com/	1 KB 1 KB	119ms 119ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 779700103eaa215226d17491070dd24cc4e6ae6533a0f3a4071140805119b45f Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:56:40 GMT server cloudflare content-encoding br etag W/"65cdfbf8-488" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255b96f693816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	polyfills.d382160f8481ef1c.js Show response auth.savings.workingadvantage.com/	122 KB 43 KB	126ms 126ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/polyfills.d382160f8481ef1c.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c06c3b843d4bcf295909300bfad5473626575eaef96b98615d9d2f294d66058c Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:56:40 GMT server cloudflare content-encoding br etag W/"65cdfbf8-1e6bf" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255b96f6a3816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	scripts.1baad6c013597821.js Show response auth.savings.workingadvantage.com/	166 KB 54 KB	141ms 140ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/scripts.1baad6c013597821.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2aef73d8723fb7d91d516282c5a33140f448212e7d49898baab65f6c8b74ddc6 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:56:40 GMT server cloudflare cf-cache-status DYNAMIC content-encoding br etag W/"65cdfbf8-29758" vary Accept-Encoding x-frame-options DENY content-type application/javascript; charset=utf-8 cf-ray 85a255ba381c3816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	main.376bcc3f5834c9a3.js Show response auth.savings.workingadvantage.com/	2 MB 409 KB	123ms 122ms	Script application/javascript	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/main.376bcc3f5834c9a3.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash be8577e579d9924b36cda3f01fb7aea4f43ed90f9ae689955a0deda006a1ee11 Security Headers Name Value Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC last-modified Thu, 15 Feb 2024 11:56:40 GMT server cloudflare content-encoding br etag W/"65cdfbf8-19e71e" vary Accept-Encoding access-control-allow-methods GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS content-type application/javascript; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com access-control-allow-credentials true, true cf-ray 85a255b96f6c3816-FRA alt-svc h3=":443"; ma=86400
GET H3	200	gtm.js Show response www.googletagmanager.com/	239 KB 80 KB	15ms 15ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 72696c96dab7f22d1cdf6988f875e6c3a733ceac9599f2765da02be4d067429f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 81643 x-xss-protection 0 last-modified Fri, 23 Feb 2024 20:04:07 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	AppMeasurement.min.js Show response assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/	33 KB 12 KB	9ms 8ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 16:35:31 GMT server AkamaiNetStorage etag "d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 12163 expires Fri, 23 Feb 2024 21:49:20 GMT
GET H2	200	AppMeasurement_Module_ActivityMap.min.js Show response assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/	3 KB 2 KB	10ms 9ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:20 GMT content-encoding gzip last-modified Mon, 14 Feb 2022 16:35:31 GMT server AkamaiNetStorage etag "2d1382c349d480b6b41574ac0c1af066:1644856531.739514" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache accept-ranges bytes timing-allow-origin * content-length 1597 expires Fri, 23 Feb 2024 21:49:20 GMT
GET H3	200	styles.4a62f33afffa2c84.css auth.savings.workingadvantage.com/	39 KB 8 KB	121ms 120ms	Stylesheet text/css	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://auth.savings.workingadvantage.com/styles.4a62f33afffa2c84.css Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0bf599966dd39864588776600dcc12f05f281fe550157d82950665735ab2da0c Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:56:40 GMT server cloudflare cf-cache-status DYNAMIC content-encoding br etag W/"65cdfbf8-9b6a" vary Accept-Encoding x-frame-options DENY content-type text/css cf-ray 85a255ba381d3816-FRA alt-svc h3=":443"; ma=86400
GET H2	200	S6uyw4BMUTPHjx4wXiWtFCc.woff2 fonts.gstatic.com/s/lato/v24/	14 KB 14 KB	9ms 8ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://auth.savings.workingadvantage.com/ Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Wed, 21 Feb 2024 03:33:03 GMT x-content-type-options nosniff age 234977 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13980 x-xss-protection 0 last-modified Tue, 02 May 2023 15:17:19 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 20 Feb 2025 03:33:03 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	286 KB 95 KB	16ms 15ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8f3c4bb8c0ef7ebb0f101709f6bbba462e91a632cda1c8beb003d6c73b98a70f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 97318 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 23 Feb 2024 20:49:21 GMT
GET H3	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Fri, 23 Feb 2024 19:32:03 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 4638 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Fri, 23 Feb 2024 21:32:03 GMT
GET H3	200	gen_204 Show response maps.googleapis.com/maps/api/mapsjs/	3 B 45 B	23ms 22ms	XHR application/json	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software scaffolding on HTTPServer2 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT content-encoding gzip x-content-type-options nosniff server scaffolding on HTTPServer2 vary Origin, X-Origin, Referer x-frame-options SAMEORIGIN content-type application/json; charset=UTF-8 access-control-allow-origin https://auth.savings.workingadvantage.com access-control-expose-headers vary,vary,vary,content-encoding,date,server,content-length cache-control private alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 23 x-xss-protection 0
POST H3	200	collect Show response www.google-analytics.com/j/	15 B 35 B	14ms 14ms	XHR text/plain	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=335010775&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEABAAAAACAAI~&jid=&gjid=&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&_slc=1&gtm=45He42l0n815QN8HWMv78847533za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=284156673 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash b017bfb984b00d66e38ede36599b6c5650d3bed3011fc37a6ff5f041b1aa1a8b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:21 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	collect region1.google-analytics.com/g/	0 17 B	15ms 15ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684z878847533za200&_p=1708721360867&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708721358&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=page_view&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&up.pb_site_name=auth&up.page_path=%2F2u%2Fsign-in&up.user_id_value=&up.zip_code=NaN&tfd=555 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:21 GMT server Golfe2 content-type text/plain access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	267 KB 90 KB	24ms 24ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 65494fdcb6dcb8402721847989ee329810c42dbeed42254b6d6e1b66486c8b0f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 91892 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Fri, 23 Feb 2024 20:49:21 GMT
GET H2	200	system-wide Show response 2u.savings.beneplace.com/api/notifications/	2 B 795 B	449ms 421ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/notifications/system-wide Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC x-powered-by alt-svc h3=":443"; ma=86400 content-length 2 server cloudflare etag W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bbfed51e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	info Show response 2u.savings.beneplace.com/api/	8 KB 3 KB	169ms 141ms	XHR text/html	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/info?authInfo=true Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding, Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/html; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bbfed61e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	info Show response 2u.savings.beneplace.com/api/	8 KB 3 KB	987ms 960ms	XHR text/html	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/info?authInfo=true Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding, Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/html; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bbfed71e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:21 GMT
GET H2	200	2u Show response 2u.savings.beneplace.com/api/controls/	2 KB 1 KB	186ms 159ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/controls/2u Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"7e1-QzUZ6tuVa8wnoxHfM4ebNWFGbtg" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bbfed81e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	marketplace-styles.css Show response 2u.savings.beneplace.com/api/2u/	32 KB 5 KB	328ms 301ms	XHR text/css	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/2u/marketplace-styles.css Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1a654d1a443a60b182332b2f163ccb71a650332eab2cd471556b7156b7808317 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"812d-u+uouUIjVDsJ3uc6k/+Y/VJtORk" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/css; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bbfed91e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	auth-v2 Show response 2u.savings.beneplace.com/api/google-experiments/	4 KB 3 KB	164ms 138ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/google-experiments/auth-v2 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a83eaf590f2c078872c01c0f332037dc8fef2a3a2f925d9d8ea5425d0172cf99 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bbfed21e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	nr-spa.142f942f-1.239.1.min.js Show response js-agent.newrelic.com/	75 KB 25 KB	14ms 13ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d Security Headers Name Value Strict-Transport-Security max-age=300 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers x-amz-version-id sn0IxCI.MkvNIiRAoqe.awP2R5evqDa4 content-encoding br via 1.1 varnish date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=300 x-amz-request-id XKNH2N4BMHCM512R x-amz-server-side-encryption AES256 x-cache HIT cross-origin-resource-policy cross-origin content-length 25649 x-amz-id-2 4mexhU0yeIewKmDeZm96VoQ5sJoXlVDLPLvdECeQEQCLYnoSPdDtx9GVJ5S3Dd2cS0NTUzBv+mg= x-served-by cache-fra-etou8220134-FRA last-modified Wed, 18 Oct 2023 21:33:59 GMT server AmazonS3 x-timer S1708721361.301185,VS0,VE0 etag "929044c7a94ad93d4583f5b62538f46a" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400 accept-ranges bytes x-cache-hits 412
POST H/1.1	200	NRJS-2ebdf5b38afbaafd48e Show response bam.nr-data.net/1/	40 B 465 B	375ms 375ms	XHR text/plain	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=769&ck=0&s=6ef7aa8eb7401313&ref=https://auth.savings.workingadvantage.com/2u/sign-in&af=err,xhr,stn,ins,spa&be=306&fe=442&dc=397&perf=%7B%22timing%22:%7B%22of%22:1708721360545,%22n%22:0,%22r%22:0,%22re%22:179,%22f%22:179,%22dn%22:179,%22dne%22:179,%22c%22:179,%22s%22:179,%22ce%22:179,%22rq%22:180,%22rp%22:306,%22rpe%22:309,%22di%22:451,%22ds%22:702,%22de%22:703,%22dc%22:747,%22l%22:747,%22le%22:749%7D,%22navigation%22:%7B%22rc%22:1%7D%7D Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software envoy / Resource Hash 5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:21 GMT server envoy access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type text/plain access-control-allow-origin https://auth.savings.workingadvantage.com access-control-allow-credentials true x-envoy-upstream-service-time 4 cross-origin-resource-policy cross-origin Connection close Content-Length 40 x-served-by cache-fra-etou8220113-FRA
GET H2	200	2u Show response 2u.savings.beneplace.com/api/controls/	2 KB 1 KB	157ms 156ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/controls/2u Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"7e1-QzUZ6tuVa8wnoxHfM4ebNWFGbtg" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bcdf911e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
GET H2	200	auth Show response 2u.savings.beneplace.com/api/navigation/2u/auth_footer/US/	959 B 793 B	168ms 168ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/navigation/2u/auth_footer/US/auth Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f63e31ebf9b37ea9651067359238bfd61f6cd7dc7c6c0ea864e6f8c345f8f8b9 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:21 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"3bf-GIZgHybzmfj3d8rGD0L3UFFjORw" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255bcdf941e53-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:20 GMT
POST H/1.1	200	NRJS-2ebdf5b38afbaafd48e Show response bam.nr-data.net/events/1/	24 B 404 B	101ms 101ms	XHR image/gif	162.247.243.29 FASTLY
General Check archive.org Show headers Download Go to Full URL https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1151&ck=0&s=6ef7aa8eb7401313&ref=https://auth.savings.workingadvantage.com/2u/sign-in Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 162.247.243.29 , United States, ASN54113 (FASTLY, US), Reverse DNS Software envoy / Resource Hash 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300 Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:21 GMT server envoy access-control-allow-methods GET, POST, PUT, HEAD, OPTIONS content-type image/gif access-control-allow-origin https://auth.savings.workingadvantage.com access-control-allow-credentials true x-envoy-upstream-service-time 0 Connection close Content-Length 24 x-served-by cache-fra-etou8220101-FRA
GET H3	200	onetrust Show response 2u.savings.beneplace.com/api/platform/options/	501 B 1 KB	139ms 139ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/platform/options/onetrust Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 05f687735d78286be14d4e10a1fb29138cddcf927835e5441b61406512db7c8e Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255c20caa1c3c-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:21 GMT
GET H3	200	info Show response 2u.savings.beneplace.com/api/	8 KB 3 KB	155ms 154ms	XHR text/html	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/info?authInfo=true Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare vary Accept-Encoding, Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type text/html; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255c23cd61c3c-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:21 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	26ms 26ms	Image image/gif	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j101&a=335010775&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%3A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=2U%20Inc%20Discount%20Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=SACAAEABAAAAACAAI~&jid=&gjid=&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&gtm=45He42l0n815QN8HWMv78847533za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1500245462 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers pragma no-cache date Fri, 23 Feb 2024 20:41:44 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 458 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	id Show response dpm.demdex.net/	185 B 693 B	51ms 51ms	XHR application/json	54.247.186.102 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_mid=46757837134638414743898926098657449416&d_coppa=true&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=adobe_ecid%0146757837134638414743898926098657449416&d_cid_ic=ecid%0146757837134638414743898926098657449416&d_cid_ic=mcid%0146757837134638414743898926098657449416&ts=1708721362281 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.247.186.102 , Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-247-186-102.eu-west-1.compute.amazonaws.com Software / Resource Hash 8271a5f9d0f15e3c1248c069237daf024e7f5b3689cd48b38508c456fd345ea4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers dcs dcs-prod-irl1-1-v057-093cbaa21.edge-irl1.demdex.com 3 ms pragma no-cache date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-tid 8FzKdINCQxc= vary Origin content-type application/json;charset=utf-8 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private access-control-allow-credentials true x-error 300,300 content-length 185 expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/	343 B 483 B	21ms 21ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 1870780f32d372a63e30a169bef356b78fc9a0ebfbbef37f99b410244fce3ce7 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:38 GMT server AkamaiNetStorage etag "c2c6de46c90c909501aada279b8b0209:1707952178.118178" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://auth.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 215 expires Fri, 23 Feb 2024 21:49:22 GMT
GET H2	200	RC986b4d5825364bd4887033e40e20c549-source.min.js Show response assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/	757 B 697 B	17ms 17ms	Script application/x-javascript	2a02:26f0:480:7a5::1e80 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC986b4d5825364bd4887033e40e20c549-source.min.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 414a9f7ce391b6e34dab805c9dcea7be275b3e3079faf5947fb61e04278c897e Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT content-encoding gzip last-modified Wed, 14 Feb 2024 23:09:38 GMT server AkamaiNetStorage etag "c2c6de46c90c909501aada279b8b0209:1707952178.118178" vary Accept-Encoding content-type application/x-javascript access-control-allow-origin https://auth.savings.workingadvantage.com cache-control max-age=3600 accept-ranges bytes timing-allow-origin * content-length 428 expires Fri, 23 Feb 2024 21:49:22 GMT
POST H2	200	delivery Show response starget.workingadvantage.com/rest/v1/	781 B 956 B	109ms 46ms	XHR application/json	66.235.152.156 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://starget.workingadvantage.com/rest/v1/delivery?client=entertainmentbenefit&sessionId=71e096a16ed345c6b57c636605921e18&version=2.8.2 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.235.152.156 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-66-235-152-156.data.adobedc.net Software jag / Resource Hash 3ec863b93075891501b74046de8ed4db004bf7bdd3d19e41aa8a05ff11e88203 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain Response headers date Fri, 23 Feb 2024 20:49:22 GMT content-encoding gzip referrer-policy strict-origin-when-cross-origin strict-transport-security max-age=31536000; includeSubDomains accept-ch Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List server jag x-content-type-options nosniff vary origin,access-control-request-method,access-control-request-headers,accept-encoding content-type application/json;charset=UTF-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true timing-allow-origin * x-xss-protection 1; mode=block x-request-id c7e44e30-9f2e-4236-9fb1-0c5fec883e29
GET H3	200	gtm.js Show response www.googletagmanager.com/	239 KB 80 KB	28ms 28ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash f80c5e7b36f0a2b5ecd7dcd4b931d7a98eb0f9b5ec53cb6681ade3ae8cbd3989 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 81643 x-xss-protection 0 last-modified Fri, 23 Feb 2024 20:04:07 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 23 Feb 2024 20:49:22 GMT
GET H3	200	js Show response www.googletagmanager.com/gtag/	198 KB 72 KB	20ms 20ms	Script application/javascript	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-2876877-9 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 3484e188a909f7f48632a80707ddaf5dff17ff2a0a09ef0e222d73a5a8d9088f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 73186 x-xss-protection 0 last-modified Fri, 23 Feb 2024 20:04:07 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Fri, 23 Feb 2024 20:49:22 GMT
GET H3	200	mouseflow Show response 2u.savings.beneplace.com/api/platform/options/	94 B 803 B	315ms 315ms	XHR application/json	104.18.37.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://2u.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 61b4579ddd9500f72669998271f04641a6f956554326995c3000531a9a57e4d4 Security Headers Name Value Strict-Transport-Security max-age=2592000; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=2592000; includeSubDomains x-content-type-options nosniff cf-cache-status DYNAMIC content-encoding br x-powered-by alt-svc h3=":443"; ma=86400 server cloudflare etag W/"5e-xWERRy+8FVp8nFwecehLclRX7Go" vary Origin access-control-allow-methods GET,PUT,POST,PATCH,DELETE,OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 cf-ray 85a255c2ed7f1c3c-FRA access-control-allow-headers Origin, Referer, X-Requested-With, Content-Type, Authorization expires Fri, 23 Feb 2024 20:49:21 GMT
GET H3	200	a www.googletagmanager.com/	0 11 B	16ms 16ms	Image text/html	2a00:1450:4001:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.googletagmanager.com/a?v=3&t=l&pid=1596712945&rv=42l0&u=AAAAAAAI&h=Ag&gtm=457e42l0za200&ccid=_UA-2876877-9&cid=UA-2876877-9&l=L321.S1.Y2.B5.E6.I450.EC8.TC5.HTC0~gtm.init.S0.V0.TS5ogt1pdatav2.TI6.TE1.TS5ccdgalast.TI8.TE0.TS5ccdgafirst.TI9.TE0~gtm.js.S0.V0.TS5rep.TI1.TE0.TS5zone.TI3.TE0~gtm.dom.S0.V0.E2~gtm.scrollDepth.S0.V0.E2~gtm.load.S0.V0.E1~gtm.historyChange.S0.V0~*.S0.V0~gtm.init_consent.S0.V0.E5 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT server Google Tag Manager alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 content-type text/html
POST H2	204	delivery starget.workingadvantage.com/rest/v1/	0 98 B	40ms 39ms	Ping text/plain	66.235.152.156 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://starget.workingadvantage.com/rest/v1/delivery?client=entertainmentbenefit&sessionId=71e096a16ed345c6b57c636605921e18&version=2.8.2 Requested by Host: assets.adobedtm.com URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.235.152.156 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-66-235-152-156.data.adobedc.net Software jag / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=31536000; includeSubDomains referrer-policy strict-origin-when-cross-origin x-content-type-options nosniff server jag vary Origin,Access-Control-Request-Method,Access-Control-Request-Headers access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true x-xss-protection 1; mode=block x-request-id 00844ccc-6de8-42bd-bd30-059eae37a235
POST H2	200	s47328114071120 Show response smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/	43 B 369 B	22ms 21ms	XHR image/gif	63.140.62.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s47328114071120 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.62.222 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-62-222.data.adobedc.net Software jag / Resource Hash 55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff p3p CP="This is not a P3P policy" content-length 43 x-xss-protection 1; mode=block pragma no-cache last-modified Sat, 24 Feb 2024 20:49:22 GMT server jag etag 3669451184989863936-4617510563172506461 vary * content-type image/gif;charset=utf-8 access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true expires Thu, 22 Feb 2024 20:49:22 GMT
GET H2	200	07e508d2-aee2-481f-ac8e-6e200d46af80.js Show response cdn.mouseflow.com/projects/	196 KB 58 KB	28ms 28ms	Script application/javascript	2606:4700::6812:1a32 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.mouseflow.com/projects/07e508d2-aee2-481f-ac8e-6e200d46af80.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a32 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8c82f080db2b97dea4c680e7d745d3e09b574cd414197ddab211421cbf97f691 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=15552000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT content-encoding br age 56069 x-cache-status MISS alt-svc h3=":443"; ma=86400 x-mf-script-region enforced-privacy last-modified Thu, 15 Feb 2024 22:03:35 GMT server cloudflare etag W/"b36785d25a60da1:0" vary Accept-Encoding, Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=86400 cf-ray 85a255c4ef031c3a-FRA expires Sat, 24 Feb 2024 20:49:22 GMT
GET H2	200	init Show response n2.mouseflow.com/	0 254 B	92ms 91ms	XHR text/plain	2607:f5b7:1:52::10 LEASEWEB-USA-WDC
General Check archive.org Show headers Download Go to Full URL https://n2.mouseflow.com/init?v=17.98&p=07e508d2-aee2-481f-ac8e-6e200d46af80&s=3867bcc485d8fd618d93641ccad15d13&page=022322390a75a86746eacc5fb67c860567fc9ccc&ret=0&u=4bc7723141ac68824b6316168c9980b5&href=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%3A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&url=%2F2u%2Fsign-in&ref=https%3A%2F%2F2u.savings.workingadvantage.com%2F&title=2U%20Inc%20Discount%20Hub&res=1600x1200&tz=-60&to=0&dnt=0&ori=&dw=1600&dh=1200&time=1878&pxr=1&gdpr=1 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2607:f5b7:1:52::10 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US), Reverse DNS Software Mouseflow / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:22 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff server Mouseflow content-type text/plain; charset=UTF-8 access-control-allow-origin https://auth.savings.workingadvantage.com access-control-allow-credentials true alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	2u_carousel_02.jpg g3i.imgix.net/uploads/	265 KB 265 KB	29ms 10ms	Image image/jpeg	2a04:4e42::720 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://g3i.imgix.net/uploads/2u_carousel_02.jpg Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42::720 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Resource Hash 6436602721fb4c4ce49a36917252d99f58f0a7ded08bac7d2baaffb3bddbea9b Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:23 GMT x-content-type-options nosniff age 311704 x-cache HIT, HIT x-imgix-id 27222b9241043dd39e57fe0e0db37c3a26a38bb0 cross-origin-resource-policy cross-origin content-length 271331 x-served-by cache-sjc1000094-SJC, cache-fra-etou8220051-FRA x-imgix-render-farm 02.131624 last-modified Tue, 20 Feb 2024 06:14:18 GMT server Google Frontend content-type image/jpeg access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin *
GET H2	200	2u_logo_wide_01.png g3i.imgix.net/uploads/	1 KB 1 KB	64ms 48ms	Image image/png	2a04:4e42::720 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://g3i.imgix.net/uploads/2u_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42::720 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Resource Hash 0edb427ee32af943e19dca87e3efe73c4531a073da27183c1ce99475851f60e3 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:23 GMT x-content-type-options nosniff age 8397 x-cache HIT, HIT x-imgix-id 30891e3c8066cc23388cce1d7ab41a6baee20386 cross-origin-resource-policy cross-origin content-length 1147 x-served-by cache-sjc10059-SJC, cache-fra-etou8220051-FRA x-imgix-render-farm 02.131592 last-modified Fri, 23 Feb 2024 18:29:26 GMT server Google Frontend content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin *
GET H2	200	2u_logo_wide_01.png g3i.imgix.net/uploads/	2 KB 2 KB	71ms 55ms	Image image/png	2a04:4e42::720 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://g3i.imgix.net/uploads/2u_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42::720 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Google Frontend / Resource Hash 69651d24fc806be36a093989c51e968749b066cfa100eb9ef8e5bce1f7057c71 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:23 GMT x-content-type-options nosniff age 311705 x-cache HIT, HIT x-imgix-id 5090727c483bff6e4a8e9b58c03f249d5345f113 cross-origin-resource-policy cross-origin content-length 1589 x-served-by cache-sjc1000125-SJC, cache-fra-etou8220051-FRA x-imgix-render-farm 02.131624 last-modified Tue, 20 Feb 2024 06:14:17 GMT server Google Frontend content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin *
GET H3	200	wa-logo-wide.png auth.savings.workingadvantage.com/assets/	29 KB 29 KB	120ms 119ms	Image image/png	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://auth.savings.workingadvantage.com/assets/wa-logo-wide.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:23 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:56:46 GMT server cloudflare cf-cache-status DYNAMIC etag "65cdfbfe-724c" x-frame-options DENY content-type image/png accept-ranges bytes cf-ray 85a255c7b9d43816-FRA alt-svc h3=":443"; ma=86400 content-length 29260
GET H3	200	workingadvantage_logo_wide_inverse_01.png auth.savings.workingadvantage.com/assets/	18 KB 19 KB	135ms 134ms	Image image/png	172.64.148.145 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264 Security Headers Name Value Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com Strict-Transport-Security max-age=5184000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 20:49:23 GMT strict-transport-security max-age=5184000; includeSubDomains x-content-type-options nosniff content-security-policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com last-modified Thu, 15 Feb 2024 11:56:46 GMT server cloudflare cf-cache-status DYNAMIC etag "65cdfbfe-4924" x-frame-options DENY content-type image/png accept-ranges bytes cf-ray 85a255c7b9d63816-FRA alt-svc h3=":443"; ma=86400 content-length 18724
POST H3	200	html Show response n2.mouseflow.com/	0 248 B	287ms 96ms	XHR text/plain	2607:f5b7:1:52::10 LEASEWEB-USA-WDC
General Check archive.org Show headers Download Go to Full URL https://n2.mouseflow.com/html?website=07e508d2-aee2-481f-ac8e-6e200d46af80&session=3867bcc485d8fd618d93641ccad15d13&page=022322390a75a86746eacc5fb67c860567fc9ccc&gz=1 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_256_GCM Server 2607:f5b7:1:52::10 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US), Reverse DNS Software Mouseflow / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:24 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff server Mouseflow content-type text/plain; charset=UTF-8 access-control-allow-origin https://auth.savings.workingadvantage.com access-control-allow-credentials true alt-svc h3=":443"; ma=86400 content-length 0
GET H3	200	S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 fonts.gstatic.com/s/lato/v24/	14 KB 14 KB	11ms 11ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://auth.savings.workingadvantage.com/ Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 19 Feb 2024 21:16:47 GMT x-content-type-options nosniff age 343956 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14168 x-xss-protection 0 last-modified Tue, 02 May 2023 15:29:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 18 Feb 2025 21:16:47 GMT
GET H3	200	S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2 fonts.gstatic.com/s/lato/v24/	13 KB 13 KB	12ms 12ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://auth.savings.workingadvantage.com/ Origin https://auth.savings.workingadvantage.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Mon, 19 Feb 2024 18:48:50 GMT x-content-type-options nosniff age 352833 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13724 x-xss-protection 0 last-modified Tue, 02 May 2023 15:20:27 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 18 Feb 2025 18:48:50 GMT
POST H3	200	dom Show response n2.mouseflow.com/	0 248 B	91ms 91ms	XHR text/plain	2607:f5b7:1:52::10 LEASEWEB-USA-WDC
General Check archive.org Show headers Download Go to Full URL https://n2.mouseflow.com/dom?gz=1 Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_256_GCM Server 2607:f5b7:1:52::10 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US), Reverse DNS Software Mouseflow / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-type text/plain Response headers date Fri, 23 Feb 2024 20:49:25 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff server Mouseflow content-type text/plain; charset=UTF-8 access-control-allow-origin https://auth.savings.workingadvantage.com access-control-allow-credentials true alt-svc h3=":443"; ma=86400 content-length 0
GET H3	200	common.js Show response maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/	255 KB 55 KB	13ms 13ms	Script text/javascript	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/common.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 9778cefa5bc916787368c4a29a3c38a2db4cda49948992b5110a5b1fe6ac7eda Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Fri, 23 Feb 2024 11:08:13 GMT content-encoding br x-content-type-options nosniff age 34873 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 56593 x-xss-protection 0 last-modified Tue, 13 Feb 2024 23:41:46 GMT server sffe cross-origin-opener-policy same-origin; report-to="maps-api-js" vary Accept-Encoding, Origin report-to {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 22 Feb 2025 11:08:13 GMT
GET H3	200	util.js Show response maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/	181 KB 56 KB	9ms 9ms	Script text/javascript	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/util.js Requested by Host: auth.savings.workingadvantage.com URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3b67fa9d9cea06d520cc18c812be2a501053afad7e18fc14d3496cc12198fc08 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://auth.savings.workingadvantage.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Response headers date Wed, 21 Feb 2024 07:54:27 GMT content-encoding br x-content-type-options nosniff age 219299 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 57065 x-xss-protection 0 last-modified Tue, 13 Feb 2024 23:41:46 GMT server sffe cross-origin-opener-policy same-origin; report-to="maps-api-js" vary Accept-Encoding, Origin report-to {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 20 Feb 2025 07:54:27 GMT
POST H3	204	collect region1.google-analytics.com/g/	0 17 B	15ms 14ms	Ping text/plain	2001:4860:4802:34::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684za200&_p=1708721360867&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&sid=1708721358&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&_s=2&tfd=5556 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c Protocol H3 Security QUIC, , AES_128_GCM Server 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://auth.savings.workingadvantage.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers pragma no-cache date Fri, 23 Feb 2024 20:49:26 GMT server Golfe2 content-type text/plain access-control-allow-origin https://auth.savings.workingadvantage.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

auth.savings.workingadvantage.com

URL

https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Fsilent-refresh.html

Domain

n2.mouseflow.com

URL

https://n2.mouseflow.com/init?v=17.98&p=07e508d2-aee2-481f-ac8e-6e200d46af80&s=3867bcc485d8fd618d93641ccad15d13&page=0223205435fa472dd68183ebf3052b3d26cfb1a6&ret=0&u=4bc7723141ac68824b6316168c9980b5&href=https%3A%2F%2F2u.savings.workingadvantage.com%2F&url=%2F&ref=&title=2U%20Inc%20Discount%20Hub&res=1600x1200&tz=-60&to=0&dnt=0&ori=&dw=1600&dh=1200&time=2125&pxr=1&gdpr=1

Domain

region1.google-analytics.com

URL

https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684za220&_p=1708721358641&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1708721358&sct=1&seg=0&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&dt=Beneplace%20Team%20Discounts&en=scroll&ep.userId=&epn.percent_scrolled=90&_et=7&tfd=2377

Domain

region1.google-analytics.com

URL

https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684za220&_p=1708721358641&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=3&sid=1708721358&sct=1&seg=0&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=2U%20Inc%20Discount%20Hub&en=user_engagement&ep.userId=&_et=1931&tfd=2377

Domain

region1.google-analytics.com

URL

https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je42l0v9126564266za220&_p=1708721358641&gcd=13l3l3l3l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1225985025.1708721359&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=2&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=2U%20Inc%20Discount%20Hub&sid=1708721358&sct=1&seg=1&en=page_view&_ee=1&_et=1388&tfd=2377

Domain

bam.nr-data.net

URL

https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2378&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/

Domain

bam.nr-data.net

URL

https://bam.nr-data.net/jserrors/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2378&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/

Domain

bam.nr-data.net

URL

https://bam.nr-data.net/jserrors/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2378&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/

Domain

bam.nr-data.net

URL

https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2379&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/