Submitted URL: https://2u.savings.workingadvantage.com/offers?c=7010
Effective URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.sav...
Submission: On February 23 via api from US — Scanned from DE

Summary

This website contacted 27 IPs in 5 countries across 20 domains to perform 123 HTTP transactions. The main IP is 172.64.148.145, located in San Francisco, United States and belongs to CLOUDFLARENET, US. The main domain is auth.savings.workingadvantage.com. The Cisco Umbrella rank of the primary domain is 201418.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 6th 2023. Valid for: a year.
This is the only time auth.savings.workingadvantage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 30 172.64.148.145 13335 (CLOUDFLAR...)
12 2a02:26f0:480... 20940 (AKAMAI-ASN1)
2 2606:4700::68... 13335 (CLOUDFLAR...)
6 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
11 2a00:1450:400... 15169 (GOOGLE)
2 54.247.186.102 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 63.140.62.222 16509 (AMAZON-02)
6 2a00:1450:400... 15169 (GOOGLE)
4 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.239.83.21 16509 (AMAZON-02)
1 18.66.122.57 16509 (AMAZON-02)
1 199.38.167.54 54312 (ROCKETFUEL)
2 2 142.250.186.134 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 185.89.211.84 29990 (ASN-APPNEX)
1 54.161.181.126 14618 (AMAZON-AES)
2 151.101.130.137 54113 (FASTLY)
1 35.170.199.47 14618 (AMAZON-AES)
4 162.247.243.29 54113 (FASTLY)
2 2606:4700::68... 13335 (CLOUDFLAR...)
11 104.18.37.20 13335 (CLOUDFLAR...)
2 66.235.152.156 16509 (AMAZON-02)
3 2607:f5b7:1:5... 30633 (LEASEWEB-...)
3 2a04:4e42::720 54113 (FASTLY)
123 27
Apex Domain
Subdomains
Transfer
34 workingadvantage.com
2u.savings.workingadvantage.com
smetrics.workingadvantage.com — Cisco Umbrella Rank: 170239
auth.savings.workingadvantage.com — Cisco Umbrella Rank: 201418 Failed
starget.workingadvantage.com — Cisco Umbrella Rank: 178194
2 MB
12 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 448
343 KB
11 beneplace.com
2u.savings.beneplace.com
22 KB
11 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
830 KB
10 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
region1.google-analytics.com — Cisco Umbrella Rank: 2124
42 KB
6 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 369
259 KB
5 mouseflow.com
cdn.mouseflow.com — Cisco Umbrella Rank: 7107
n2.mouseflow.com — Cisco Umbrella Rank: 22010 Failed
117 KB
4 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 242
2 KB
4 gstatic.com
fonts.gstatic.com
55 KB
3 imgix.net
g3i.imgix.net — Cisco Umbrella Rank: 125044
268 KB
3 boomtrain.com
cdn.boomtrain.com — Cisco Umbrella Rank: 5822
people.api.boomtrain.com — Cisco Umbrella Rank: 6262
events.api.boomtrain.com — Cisco Umbrella Rank: 8925
31 KB
3 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 85
ad.doubleclick.net — Cisco Umbrella Rank: 157
3 KB
2 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 592
51 KB
2 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 502
2 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 245
1 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 226
28 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 306
50 KB
1 google.com
adservice.google.com — Cisco Umbrella Rank: 99
401 B
1 netmng.com
com-wag3.netmng.com — Cisco Umbrella Rank: 127440
2 KB
1 rezync.com
live.rezync.com — Cisco Umbrella Rank: 1711
7 KB
123 20
Domain Requested by
20 2u.savings.workingadvantage.com 1 redirects 2u.savings.workingadvantage.com
12 assets.adobedtm.com 2u.savings.workingadvantage.com
assets.adobedtm.com
auth.savings.workingadvantage.com
11 2u.savings.beneplace.com auth.savings.workingadvantage.com
11 www.googletagmanager.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
10 auth.savings.workingadvantage.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
6 www.google-analytics.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
6 maps.googleapis.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
4 bam.nr-data.net 2u.savings.workingadvantage.com
js-agent.newrelic.com
auth.savings.workingadvantage.com
4 region1.google-analytics.com www.googletagmanager.com
4 fonts.gstatic.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
3 g3i.imgix.net
3 n2.mouseflow.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
2 starget.workingadvantage.com auth.savings.workingadvantage.com
assets.adobedtm.com
2 cdn.mouseflow.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
2 js-agent.newrelic.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
2 secure.adnxs.com 1 redirects 2u.savings.workingadvantage.com
2 ad.doubleclick.net 2 redirects
2 smetrics.workingadvantage.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
2 dpm.demdex.net assets.adobedtm.com
auth.savings.workingadvantage.com
2 cdnjs.cloudflare.com 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
2 cdn.jsdelivr.net 2u.savings.workingadvantage.com
auth.savings.workingadvantage.com
1 events.api.boomtrain.com 2u.savings.workingadvantage.com
1 people.api.boomtrain.com 2u.savings.workingadvantage.com
1 adservice.google.com 2u.savings.workingadvantage.com
1 com-wag3.netmng.com 2u.savings.workingadvantage.com
1 cdn.boomtrain.com 2u.savings.workingadvantage.com
1 live.rezync.com 2u.savings.workingadvantage.com
1 stats.g.doubleclick.net 2u.savings.workingadvantage.com
123 28

This site contains links to these domains. Also see Links.

Domain
2u.savings.beneplace.com
Subject Issuer Validity Valid
workingadvantage.com
Cloudflare Inc ECC CA-3
2023-07-06 -
2024-07-04
a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-11 -
2024-08-10
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
upload.video.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-26 -
2024-10-26
a year crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
smetrics.workingadvantage.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-09 -
2024-08-08
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.rezync.com
Amazon RSA 2048 M02
2023-10-25 -
2024-11-21
a year crt.sh
*.boomtrain.com
Amazon RSA 2048 M02
2024-01-10 -
2025-02-07
a year crt.sh
*.netmng.com
Sectigo RSA Domain Validation Secure Server CA
2024-01-09 -
2025-02-04
a year crt.sh
*.api.boomtrain.com
Amazon RSA 2048 M03
2023-09-16 -
2024-10-14
a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-01-15 -
2025-02-15
a year crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-29 -
2024-10-01
a year crt.sh
cdn.mouseflow.com
Cloudflare Inc ECC CA-3
2023-10-25 -
2024-10-23
a year crt.sh
beneplace.com
Cloudflare Inc ECC CA-3
2023-12-01 -
2024-11-30
a year crt.sh
starget.ticketsatwork.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-30 -
2024-11-30
a year crt.sh
*.mouseflow.com
Sectigo RSA Domain Validation Secure Server CA
2023-08-28 -
2024-09-27
a year crt.sh
*.imgix.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4
2023-12-07 -
2025-01-07
a year crt.sh

This page contains 3 frames:

Primary Page: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Frame ID: B4B30EA04AC5F0A03AAEECC5407B7EEE
Requests: 121 HTTP requests in this frame

Frame: https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
Frame ID: 02FD9D715CE4DF2DA76D57FE42D8CCE5
Requests: 2 HTTP requests in this frame

Frame: https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Fsilent-refresh.html
Frame ID: 1A60323215FB4F873050CB24A70D4CE1
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

2U Inc Discount Hub

Page URL History Show full URLs

  1. https://2u.savings.workingadvantage.com/offers?c=7010 Page URL
  2. https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTd... HTTP 302
    https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • cdn\.mouseflow\.com

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

123
Requests

90 %
HTTPS

48 %
IPv6

20
Domains

28
Subdomains

27
IPs

5
Countries

3992 kB
Transfer

14449 kB
Size

31
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://2u.savings.workingadvantage.com/offers?c=7010 Page URL
  2. https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 HTTP 302
    https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
Request Chain 36
  • https://ad.doubleclick.net/ddm/activity/src=12084042;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693
Request Chain 37
  • https://secure.adnxs.com/seg?add=32509374&t=2 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2

123 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
offers
2u.savings.workingadvantage.com/
9 KB
4 KB
Document
General
Full URL
https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7017ed41d05a9da02afb02397adc74e12a93d3c4f6b5b9bbcafffe4ef06f0cdb
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85a255aaaaa88fee-FRA
content-encoding
br
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
content-type
text/html; charset=utf-8
date
Fri, 23 Feb 2024 20:49:18 GMT
last-modified
Thu, 15 Feb 2024 11:50:53 GMT
server
cloudflare
strict-transport-security
max-age=5184000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
launch-a0e5cece2585.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/
661 KB
155 KB
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
a5ff70f6ac07dd9865153de5810ff20130a8e033bc547a36598c01bd4de1dc74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:35 GMT
server
AkamaiNetStorage
etag
"f72c7e4973313980f51ed6fa9b44d977:1707952175.514279"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
158823
expires
Fri, 23 Feb 2024 21:49:18 GMT
new-relic-integration.js
2u.savings.workingadvantage.com/assets/new-relic/
51 KB
18 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:50:52 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
etag
W/"65cdfa9c-ccde"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cf-ray
85a255ab7b418fee-FRA
alt-svc
h3=":443"; ma=86400
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/
157 KB
25 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7499927
x-jsd-version
4.5.3
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230110-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5xsSjEDh6m3jBEnqrsniyk7Rm%2BoqOZFT2cGlr6QYYRGVQYF7hi8Y5C2wGba7E9M4kF7y4TGu5YGFIsuVahUfihRpdzV2%2BcZtpYQrrn%2B%2Fqc8lTDRwJCIMdj8hmgU9H8RTTCEDvq%2BkeX6erpED1cU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
85a255ab8b672c5a-FRA
js
maps.googleapis.com/maps/api/
222 KB
74 KB
Script
General
Full URL
https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
57cac9d59da6a16693baa0fe6c3316b64b8f82c70724e08253551ffde7565f2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75427
x-xss-protection
0
web-animations.min.js
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/
47 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
9201137
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13763
last-modified
Mon, 04 May 2020 16:17:51 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb0402f-bad6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsfc9aPq2ZdE1lONnSLo2gDHzDnCjno4qw%2FEVUJA5CxMVDPN2%2BwdSeCfByMFEKGe7KCI0VSzQ19xJnTwuUpgm%2FUBOQoqRBT2yCRhec8EK4277pvFsJQFG1N9PVanis2AjpkBfSgYAY2QHs1fctESKIZ6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85a255ab8bea043a-FRA
expires
Wed, 12 Feb 2025 20:49:18 GMT
runtime.b1d428235011b057.js
2u.savings.workingadvantage.com/
4 KB
2 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/runtime.b1d428235011b057.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8353e35c813581f93fab366b791fb43f8e639dd67d72982f7f029807eb63a939
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/offers?c=7010
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfa93-e90"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255ab7b428fee-FRA
alt-svc
h3=":443"; ma=86400
polyfills.0f88da5fdbf95761.js
2u.savings.workingadvantage.com/
141 KB
49 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/polyfills.0f88da5fdbf95761.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46f16c323557a318dd6604bab3ebe8dbd9d23bc318b55eec33b0b0a4502c0bd1
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/offers?c=7010
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfa93-234ab"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255ab7b438fee-FRA
alt-svc
h3=":443"; ma=86400
scripts.1baad6c013597821.js
2u.savings.workingadvantage.com/
166 KB
55 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/scripts.1baad6c013597821.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2aef73d8723fb7d91d516282c5a33140f448212e7d49898baab65f6c8b74ddc6
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
etag
W/"65cdfa93-29758"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cf-ray
85a255ac4cb03816-FRA
alt-svc
h3=":443"; ma=86400
main.4ff1e54ce4c12b9e.js
2u.savings.workingadvantage.com/
5 MB
1 MB
Script
General
Full URL
https://2u.savings.workingadvantage.com/main.4ff1e54ce4c12b9e.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
454c214ca26ab65db5a16da48252230a3ab2b947224003c0ddb8fa2677141656
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/offers?c=7010
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfa93-5049fd"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255ab7b448fee-FRA
alt-svc
h3=":443"; ma=86400
gtm.js
www.googletagmanager.com/
239 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f80c5e7b36f0a2b5ecd7dcd4b931d7a98eb0f9b5ec53cb6681ade3ae8cbd3989
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81643
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 20:04:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Feb 2024 20:49:18 GMT
id
dpm.demdex.net/
185 B
679 B
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_coppa=true&ts=1708721358687
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.247.186.102 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-186-102.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4cf022c4fec7f522b2cedbf3dadafc6d9c9a460935d2cdc31fcc225b7418088b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

dcs
dcs-prod-irl1-2-v057-043b356b9.edge-irl1.demdex.com 1 ms
pragma
no-cache
date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
svop/DU/TME=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
186
expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
33 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12163
expires
Fri, 23 Feb 2024 21:49:18 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1597
expires
Fri, 23 Feb 2024 21:49:18 GMT
styles.f02f3e4d86a48b3e.css
2u.savings.workingadvantage.com/
95 KB
16 KB
Stylesheet
General
Full URL
https://2u.savings.workingadvantage.com/styles.f02f3e4d86a48b3e.css
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea3d356230da20a9876271fbb4c85ffa912fe03868fe3021069d1a1c3415a072
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
etag
W/"65cdfa93-17af1"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cf-ray
85a255ac5cb13816-FRA
alt-svc
h3=":443"; ma=86400
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://2u.savings.workingadvantage.com/
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 03:33:03 GMT
x-content-type-options
nosniff
age
234975
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13980
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 03:33:03 GMT
id
smetrics.workingadvantage.com/
48 B
478 B
XHR
General
Full URL
https://smetrics.workingadvantage.com/id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&mid=46757837134638414743898926098657449416&cl=157680000&d_coppa=true&ts=1708721358785
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.222 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-222.data.adobedc.net
Software
jag /
Resource Hash
0d6f7227311722856032c82dc1baa0de768d31189555773808225bbe7a41bdd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/
286 KB
95 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
36bb307255dedc3e058ef1a3f245ba99c1c455accdf0c3ece8cf694e07fdf174
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97319
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 23 Feb 2024 20:49:18 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 23 Feb 2024 19:32:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4635
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 23 Feb 2024 21:32:03 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/
3 B
45 B
XHR
General
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://2u.savings.workingadvantage.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
collect
www.google-analytics.com/j/
16 B
233 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=783492042&t=pageview&_s=1&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1776331407&gjid=2016086142&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&_r=1&_slc=1&gtm=45He42l0n815QN8HWMv78847533za220&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1896921207
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
265 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684z878847533za220&_p=1708721358641&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708721358&sct=1&seg=0&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&dt=Beneplace%20Team%20Discounts&en=page_view&_fv=1&_ss=1&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&up.pb_site_name=2u&up.page_path=%2Foffers&up.user_id_value=&up.zip_code=NaN&tfd=436
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
357 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2876877-9&cid=1225985025.1708721359&jid=1776331407&gjid=2016086142&_gid=49765537.1708721359&_u=YEBAAEAAAAAAACAAI~&z=1917851590
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 23 Feb 2024 20:49:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
267 KB
90 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
65494fdcb6dcb8402721847989ee329810c42dbeed42254b6d6e1b66486c8b0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91892
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 23 Feb 2024 20:49:18 GMT
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je42l0v9126564266za220&_p=1708721358641&gcd=13l3l3l3l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1225985025.1708721359&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&dt=Beneplace%20Team%20Discounts&sid=1708721358&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=504
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/
38 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/webp
info
2u.savings.workingadvantage.com/api/
7 KB
2 KB
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/info
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6de2a64494f3eb2460892be0ffb080df38924e553e5af01b92f069378794ac25
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
tracestate
88831@nr=0-1-2647367-1120218725-bdcceae1fd50d30c----1708721359113
traceparent
00-f060ba39cd3f0a1c9d464db1e29f8f00-bdcceae1fd50d30c-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImJkY2NlYWUxZmQ1MGQzMGMiLCJ0ciI6ImYwNjBiYTM5Y2QzZjBhMWM5ZDQ2NGRiMWUyOWY4ZjAwIiwidGkiOjE3MDg3MjEzNTkxMTMsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255ae7e383816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:18 GMT
marketplace-styles.css
2u.savings.workingadvantage.com/api/2u/
32 KB
5 KB
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/2u/marketplace-styles.css
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a654d1a443a60b182332b2f163ccb71a650332eab2cd471556b7156b7808317
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
tracestate
88831@nr=0-1-2647367-1120218725-18e4d51c6a20bdbe----1708721359114
traceparent
00-e5560bba44dbcf44d1dbf713a221f500-18e4d51c6a20bdbe-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjE4ZTRkNTFjNmEyMGJkYmUiLCJ0ciI6ImU1NTYwYmJhNDRkYmNmNDRkMWRiZjcxM2EyMjFmNTAwIiwidGkiOjE3MDg3MjEzNTkxMTQsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"812d-u+uouUIjVDsJ3uc6k/+Y/VJtORk"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255ae7e3c3816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:18 GMT
colors.css
2u.savings.workingadvantage.com/api/2u/
3 KB
821 B
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/2u/colors.css?scope=:root,app-logged-in,ngb-modal-window
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bed80b2c99b7a1baa628163a6fd1f9fb2220f9c089036565ffe594a4f0d5d5a1
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
tracestate
88831@nr=0-1-2647367-1120218725-f2153600911b4245----1708721359114
traceparent
00-c327c052030a949ef3d5d1fa1670cc00-f2153600911b4245-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImYyMTUzNjAwOTExYjQyNDUiLCJ0ciI6ImMzMjdjMDUyMDMwYTk0OWVmM2Q1ZDFmYTE2NzBjYzAwIiwidGkiOjE3MDg3MjEzNTkxMTQsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"a6c-HLUKF1XW3IuqCQiKuXxBvhPMZp8"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255ae7e3d3816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:18 GMT
RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/
2 KB
1018 B
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RCea9d317d3a374e44b3f0f8711e38765e-source.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
e197eefb3a6378c1636ca452e85b757536156c962cd4c96cbe86c6ec83b92510

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:38 GMT
server
AkamaiNetStorage
etag
"c2c6de46c90c909501aada279b8b0209:1707952178.118178"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
751
expires
Fri, 23 Feb 2024 21:49:19 GMT
main.js
2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/ Frame 02FD
Redirect Chain
  • https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
8 KB
4 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H3
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
581d8e0801b687f1268b80b8abf95452c7921f6cd5142aa5ed79f8bc5500b3ae
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
vary
accept-encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
85a255aebe6f3816-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
server
cloudflare
vary
accept-encoding
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
access-control-allow-origin
*
cache-control
max-age=300, public
cf-ray
85a255ae8e473816-FRA
alt-svc
h3=":443"; ma=86400
sync
live.rezync.com/
6 KB
7 KB
Script
General
Full URL
https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=5ef4f9c1e806678f2ab0275df01d5ff4&zmpID=ebg-wag3&cache_buster=1708721359159&k=ebg-wag3-pixel-0988
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.83.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-83-21.ams58.r.cloudfront.net
Software
lighttpd/1.4.69 /
Resource Hash
94d56c8432cefedc8b87cba3150f80b6c2864627539ea1038cb72386d18a72ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
via
1.1 2f7ba54d76b215238a170acfd87327d6.cloudfront.net (CloudFront)
server
lighttpd/1.4.69
x-amz-cf-pop
AMS58-P5
vary
Cookie
x-cache
Miss from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
6148
x-amz-cf-id
y8qFG4E4Jq0sHkH3fQjJ2YN9Z8tYxNwStLjy9HDSU2OkMKsM9TGFDw==
85a255aaaaa88fee
2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 02FD
0
346 B
XHR
General
Full URL
https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/h/b/jsd/r/85a255aaaaa88fee
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
server
cloudflare
content-type
text/plain; charset=UTF-8
cf-ray
85a255af4ef23816-FRA
alt-svc
h3=":443"; ma=86400
2u
2u.savings.workingadvantage.com/api/controls/
2 KB
1 KB
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/controls/2u
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
tracestate
88831@nr=0-1-2647367-1120218725-c67a05cb0c06b43a----1708721359253
traceparent
00-da6cba582acedad5ceaee54bc35a9e00-c67a05cb0c06b43a-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6ImM2N2EwNWNiMGMwNmI0M2EiLCJ0ciI6ImRhNmNiYTU4MmFjZWRhZDVjZWFlZTU0YmMzNWE5ZTAwIiwidGkiOjE3MDg3MjEzNTkyNTMsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"7e1-QzUZ6tuVa8wnoxHfM4ebNWFGbtg"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255af5f003816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:19 GMT
p13n.min.js
cdn.boomtrain.com/p13n/ebg-wag3/
93 KB
30 KB
Script
General
Full URL
https://cdn.boomtrain.com/p13n/ebg-wag3/p13n.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-122-57.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
62ec57b7f971a77af7380ce75ee21e1b881fd1fa628efdb36607125004cca092

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
TcWqIyrq1zgLtA.x_qenTnVMoX.Va_FU
Content-Encoding
gzip
Via
1.1 508d9aac3b0097e502b117c1e7390bb0.cloudfront.net (CloudFront)
Date
Fri, 23 Feb 2024 20:32:12 GMT
X-Amz-Cf-Pop
FRA60-P2
Age
1028
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Wed, 21 Feb 2024 04:40:16 GMT
Server
AmazonS3
ETag
W/"a036c704209d386b667790a5a0757a3f"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=3600
X-Amz-Cf-Id
3PjebKEfH6E7EPAQXhEtRwHMYLHR1T9QJQW4MMf7u8Mcp3Du9OnlUw==
/
com-wag3.netmng.com/
3 KB
2 KB
Script
General
Full URL
https://com-wag3.netmng.com/?aid=6366&siclientid=105368&url=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&p5=&p6=&p7=&p8=&p9=&p10=&p11=&p12=&p13=&p14=&p15=&p16=&p17=&p18=&p19=&p20=&p26=&p27=&p28=
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.38.167.54 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
openresty /
Resource Hash
51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 23 Feb 2024 20:49:19 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Feb 2024 20:49:19 GMT
Server
openresty
Transfer-Encoding
chunked
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Content-Type
text/javascript; charset=UTF-8
X-Cnection
close
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache, private
Expires
Wed, 21 Feb 2024 20:49:19 GMT
;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693
adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=h...
Redirect Chain
  • https://ad.doubleclick.net/ddm/activity/src=12084042;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.working...
  • https://ad.doubleclick.net/ddm/activity/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u...
  • https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u2...
42 B
401 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 23 Feb 2024 20:49:19 GMT
attribution-reporting-register-trigger
{"aggregatable_deduplication_keys":[{"deduplication_key":"16543884885382950303"}],"aggregatable_trigger_data":[{"filters":{"14":["12836263"]},"key_piece":"0xd41bfddb4f9b75a0","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0xc66289dfe9df4603","not_filters":{"14":["12836263"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["12836263"]},"key_piece":"0xf17e60fda726ab0f","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0xcd6aedf539b910fd","not_filters":{"14":["12836263"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"13932072185016433889","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"16543884885382950303","filters":{"14":["12836263"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"16543884885382950303","filters":{"14":["12836263"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"16543884885382950303","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"16543884885382950303","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["12084042"]}}
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
image/png
location
https://adservice.google.com/ddm/fls/z/src=12084042;dc_pre=CKrylY2rwoQDFe0JogMd-sQJaQ;type=unive0;cat=unive0;u1=;u2=;u3=;u4=;u5=;u6=;u7=;u8=;u9=;u10=;u11=;u12=;u13=;u14=;u18=;u19=;u20=;u22=;u23=;u28=;u29=https://2u.savings.workingadvantage.com/;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=1708721359.2673693
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
bounce
secure.adnxs.com/
Redirect Chain
  • https://secure.adnxs.com/seg?add=32509374&t=2
  • https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/offers?c=7010
Protocol
H2
Server
185.89.211.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:19 GMT
an-x-request-uuid
b5f8391c-e181-4ecd-aec5-f30df66368fd
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
image/gif
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
81.95.5.42; 81.95.5.42; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
43
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:19 GMT
an-x-request-uuid
feb1660c-6248-46d3-97c1-54f325087bd5
server
nginx/1.23.4
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D32509374%26t%3D2
x-proxy-origin
81.95.5.42; 81.95.5.42; 959.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
resolve
people.api.boomtrain.com/identify/
142 B
457 B
XHR
General
Full URL
https://people.api.boomtrain.com/identify/resolve?data=eyJjb29raWUiOnsiYnNpbiI6IiJ9LCJxdWVyeXN0cmluZyI6e30sImV4dGVybmFsX2lkcyI6eyJ6eW5jIjoiNjcwMTc2YmItODE3Mi00NTZlLWFkZTMtOGIzZTBkMDVhMTc5OjE3MDg3MjEzNTkuMjY0NTU4MyJ9fQ%3D%3D&site_id=ebg-wag3
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.161.181.126 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-181-126.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ca3b0682a3e17302b45645c19a5a7aa5275acc823633bf087f85855c4bfa87c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Fri, 23 Feb 2024 20:49:19 GMT
Server
nginx
Access-Control-Allow-Methods
GET,PUT,POST,DELETE
Content-Type
application/json
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
X-Requested-With,Content-Type,Authorization,x-app-id
Content-Length
142
RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/
451 B
553 B
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC6b40217ba8b34b5c95f7ac097beadf09-source.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8c8854741b41041a55e30363186b3e943076de5f80c39d1bb82ed6efbc5f8a6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:38 GMT
server
AkamaiNetStorage
etag
"c2c6de46c90c909501aada279b8b0209:1707952178.118178"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
286
expires
Fri, 23 Feb 2024 21:49:19 GMT
RC668a267ca36c45b5acca38f3e4360a76-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/
340 B
481 B
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC668a267ca36c45b5acca38f3e4360a76-source.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8004dadb6b1625999c7de43a05d9c2d7fc4ac26ec644a95bfbd113c70b80c9a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:19 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:38 GMT
server
AkamaiNetStorage
etag
"c2c6de46c90c909501aada279b8b0209:1707952178.118178"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
215
expires
Fri, 23 Feb 2024 21:49:19 GMT
nr-spa.142f942f-1.239.1.min.js
js-agent.newrelic.com/
75 KB
26 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
sn0IxCI.MkvNIiRAoqe.awP2R5evqDa4
content-encoding
br
via
1.1 varnish
date
Fri, 23 Feb 2024 20:49:19 GMT
strict-transport-security
max-age=300
x-amz-request-id
XKNH2N4BMHCM512R
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
25649
x-amz-id-2
4mexhU0yeIewKmDeZm96VoQ5sJoXlVDLPLvdECeQEQCLYnoSPdDtx9GVJ5S3Dd2cS0NTUzBv+mg=
x-served-by
cache-fra-etou8220134-FRA
last-modified
Wed, 18 Oct 2023 21:33:59 GMT
server
AmazonS3
x-timer
S1708721360.755832,VS0,VE0
etag
"929044c7a94ad93d4583f5b62538f46a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
411
track
events.api.boomtrain.com/event/
2 B
209 B
XHR
General
Full URL
https://events.api.boomtrain.com/event/track
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.170.199.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-170-199-47.compute-1.amazonaws.com
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Fri, 23 Feb 2024 20:49:20 GMT
server
nginx
access-control-allow-headers
X-Requested-With, Content-Type, Authorization, x-app-id
content-length
2
access-control-allow-methods
GET, PUT, POST, DELETE
content-type
text/plain
NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/1/
40 B
468 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1303&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/offers&af=err,xhr,stn,ins,spa&be=147&fe=1108&dc=497&perf=%7B%22timing%22:%7B%22of%22:1708721358480,%22n%22:0,%22dn%22:7,%22dne%22:7,%22c%22:7,%22s%22:14,%22ce%22:26,%22rq%22:26,%22rp%22:147,%22rpe%22:148,%22di%22:293,%22ds%22:635,%22de%22:643,%22dc%22:1252,%22l%22:1253,%22le%22:1254%7D,%22navigation%22:%7B%7D%7D
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
server
envoy
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/plain
access-control-allow-origin
https://2u.savings.workingadvantage.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
cross-origin-resource-policy
cross-origin
Connection
keep-alive
Content-Length
40
x-served-by
cache-fra-etou8220064-FRA
NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/
24 B
407 B
XHR
General
Full URL
https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1705&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/offers
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://2u.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
server
envoy
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
image/gif
access-control-allow-origin
https://2u.savings.workingadvantage.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
Connection
keep-alive
Content-Length
24
x-served-by
cache-fra-etou8220064-FRA
436.1fd2a6e25a9d1c0f.js
2u.savings.workingadvantage.com/
174 KB
27 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/436.1fd2a6e25a9d1c0f.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
802106d17b6759222edb6db3ed2413e405dcec222a4b1803b8abd257d5f7dbc6
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/offers?c=7010
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfa93-2b7d7"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255b55c2d3816-FRA
alt-svc
h3=":443"; ma=86400
common.e04d7f09503f3a4f.js
2u.savings.workingadvantage.com/
5 KB
2 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/common.e04d7f09503f3a4f.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb6611f167cc8d81ab1e4daaf57b28d130317c63e469b586ce9e1dd54781d6f8
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/offers?c=7010
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfa93-15a5"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255b55c303816-FRA
alt-svc
h3=":443"; ma=86400
417.83c10db89499ed28.js
2u.savings.workingadvantage.com/
239 KB
47 KB
Script
General
Full URL
https://2u.savings.workingadvantage.com/417.83c10db89499ed28.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20d3214f899634774d631d8da56b8ed42f9c7bd026954231812d75d1fce2d1a4
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://2u.savings.workingadvantage.com/offers?c=7010
Origin
https://2u.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:50:43 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfa93-3ba46"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://2u.savings.workingadvantage.com, https://2u.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255b55c313816-FRA
alt-svc
h3=":443"; ma=86400
authorize
auth.savings.workingadvantage.com/auth/ Frame 1A60
0
0

onetrust
2u.savings.workingadvantage.com/api/platform/options/
501 B
727 B
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/platform/options/onetrust
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05f687735d78286be14d4e10a1fb29138cddcf927835e5441b61406512db7c8e
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
tracestate
88831@nr=0-1-2647367-1120218725-2950f98a98e78b3e----1708721360364
traceparent
00-152f19784f5f465a534652944480c100-2950f98a98e78b3e-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjI5NTBmOThhOThlNzhiM2UiLCJ0ciI6IjE1MmYxOTc4NGY1ZjQ2NWE1MzQ2NTI5NDQ0ODBjMTAwIiwidGkiOjE3MDg3MjEzNjAzNjQsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255b64cf13816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:19 GMT
info
2u.savings.workingadvantage.com/api/
8 KB
3 KB
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/info?authInfo=true
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/offers?c=7010
tracestate
88831@nr=0-1-2647367-1120218725-9daa9a13b12af20f----1708721360367
traceparent
00-dde901d24cbbe2af4b381528ae716600-9daa9a13b12af20f-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjlkYWE5YTEzYjEyYWYyMGYiLCJ0ciI6ImRkZTkwMWQyNGNiYmUyYWY0YjM4MTUyOGFlNzE2NjAwIiwidGkiOjE3MDg3MjEzNjAzNjcsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255b64cf73816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:19 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=783492042&t=pageview&_s=1&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=2U%20Inc%20Discount%20Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&gtm=45He42l0n815QN8HWMv78847533za220&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1907617014
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:41:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
456
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
gtm.js
www.googletagmanager.com/
239 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81643
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 20:04:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Feb 2024 20:49:20 GMT
js
www.googletagmanager.com/gtag/
192 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2876877-9
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70895
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 20:04:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Feb 2024 20:49:20 GMT
mouseflow
2u.savings.workingadvantage.com/api/platform/options/
94 B
491 B
XHR
General
Full URL
https://2u.savings.workingadvantage.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://2u.savings.workingadvantage.com/
tracestate
88831@nr=0-1-2647367-1120218725-040ca70ae39f6b58----1708721360531
traceparent
00-4227a66a604fa1dc6b8872d44246b800-040ca70ae39f6b58-01
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
newrelic
eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjI2NDczNjciLCJhcCI6IjExMjAyMTg3MjUiLCJpZCI6IjA0MGNhNzBhZTM5ZjZiNTgiLCJ0ciI6IjQyMjdhNjZhNjA0ZmExZGM2Yjg4NzJkNDQyNDZiODAwIiwidGkiOjE3MDg3MjEzNjA1MzEsInRrIjoiODg4MzEifX0=

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"5e-xWERRy+8FVp8nFwecehLclRX7Go"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
http://2u.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255b75dc03816-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:19 GMT
Primary Request sign-in
auth.savings.workingadvantage.com/2u/
Redirect Chain
  • https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
  • https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
10 KB
3 KB
Document
General
Full URL
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/main.4ff1e54ce4c12b9e.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4264bfa87de5afd4b0236f34dfeee60b2231773a4b404c970c25c4543cd3b4ac
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://2u.savings.workingadvantage.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
85a255b88ec43816-FRA
content-encoding
br
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
content-type
text/html; charset=utf-8
date
Fri, 23 Feb 2024 20:49:20 GMT
last-modified
Thu, 15 Feb 2024 11:56:47 GMT
server
cloudflare
strict-transport-security
max-age=5184000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
http://auth.savings.workingadvantage.com
alt-svc
h3=":443"; ma=86400
cache-control
no-cache no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
85a255b76c758fee-FRA
content-type
text/html; charset=utf-8
date
Fri, 23 Feb 2024 20:49:20 GMT
expires
Fri, 23 Feb 2024 20:49:19 GMT
location
/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
server
cloudflare
strict-transport-security
max-age=5184000; includeSubDomains
vary
Origin, Accept
x-content-type-options
nosniff
x-powered-by
07e508d2-aee2-481f-ac8e-6e200d46af80.js
cdn.mouseflow.com/projects/
196 KB
58 KB
Script
General
Full URL
https://cdn.mouseflow.com/projects/07e508d2-aee2-481f-ac8e-6e200d46af80.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
56067
x-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-mf-script-region
enforced-privacy
last-modified
Thu, 15 Feb 2024 22:03:35 GMT
server
cloudflare
etag
W/"b36785d25a60da1:0"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cf-ray
85a255b87c611c3a-FRA
expires
Sat, 24 Feb 2024 20:49:20 GMT
RC0c16579d5c704bd0a214633d669d35f2-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/
1018 B
814 B
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC0c16579d5c704bd0a214633d669d35f2-source.min.js
Requested by
Host: 2u.savings.workingadvantage.com
URL: https://2u.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://2u.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:38 GMT
server
AkamaiNetStorage
etag
"c2c6de46c90c909501aada279b8b0209:1707952178.118178"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://2u.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
547
expires
Fri, 23 Feb 2024 21:49:20 GMT
init
n2.mouseflow.com/
0
0

collect
region1.google-analytics.com/g/
0
0

collect
region1.google-analytics.com/g/
0
0

collect
region1.google-analytics.com/g/
0
0

NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/
0
0

NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/jserrors/1/
0
0

NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/jserrors/1/
0
0

NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/
0
0

launch-a0e5cece2585.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/
661 KB
155 KB
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
a5ff70f6ac07dd9865153de5810ff20130a8e033bc547a36598c01bd4de1dc74

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:35 GMT
server
AkamaiNetStorage
etag
"f72c7e4973313980f51ed6fa9b44d977:1707952175.514279"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
158823
expires
Fri, 23 Feb 2024 21:49:20 GMT
new-relic-integration.js
auth.savings.workingadvantage.com/assets/new-relic/
51 KB
18 KB
Script
General
Full URL
https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:56:46 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
etag
W/"65cdfbfe-ccde"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cf-ray
85a255b96f683816-FRA
alt-svc
h3=":443"; ma=86400
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/
157 KB
25 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7499929
x-jsd-version
4.5.3
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230110-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"27288-jtLWNQ0j+FfZKAVzfQ+XxnXeZms"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLaHb91xfO4Nqu98cxX%2BjYpdDBo8PekKBjAQgrN0KX%2BsDsTbGXa7IMhqec3VJKWW03KYpkt7kYr1%2F1ezoWQCRJR0Fh5OxqVTXmjRmFWgbn8ILDPIc1CZ6oY3HpV%2FpzMWWtOWjBYcPRP3jit1UsI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
85a255b969052c5a-FRA
js
maps.googleapis.com/maps/api/
222 KB
74 KB
Script
General
Full URL
https://maps.googleapis.com/maps/api/js?client=gme-entertainmentbenefits&libraries=places
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
57cac9d59da6a16693baa0fe6c3316b64b8f82c70724e08253551ffde7565f2d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75427
x-xss-protection
0
web-animations.min.js
cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/
47 KB
14 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/web-animations/2.3.1/web-animations.min.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
9201139
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13763
last-modified
Mon, 04 May 2020 16:17:51 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb0402f-bad6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BOZQO76mDTtMwSyJCCu%2F3Edgo0v%2BUpvKncmghCM9AhakLRK5iiH5Cusf2fZzK14Wbe7OF3%2B2FHPV8sqOEFInoHAgyoH6ADc40EKlBcouHcQmogBbD%2BB4LPIlkWYOYObuOtW2jhD9Vqb0pmfI7Vp%2BxkM0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
85a255b9690e043a-FRA
expires
Wed, 12 Feb 2025 20:49:20 GMT
runtime.13338c5d9c83d0b6.js
auth.savings.workingadvantage.com/
1 KB
1 KB
Script
General
Full URL
https://auth.savings.workingadvantage.com/runtime.13338c5d9c83d0b6.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
779700103eaa215226d17491070dd24cc4e6ae6533a0f3a4071140805119b45f
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:56:40 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfbf8-488"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255b96f693816-FRA
alt-svc
h3=":443"; ma=86400
polyfills.d382160f8481ef1c.js
auth.savings.workingadvantage.com/
122 KB
43 KB
Script
General
Full URL
https://auth.savings.workingadvantage.com/polyfills.d382160f8481ef1c.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c06c3b843d4bcf295909300bfad5473626575eaef96b98615d9d2f294d66058c
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:56:40 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfbf8-1e6bf"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255b96f6a3816-FRA
alt-svc
h3=":443"; ma=86400
scripts.1baad6c013597821.js
auth.savings.workingadvantage.com/
166 KB
54 KB
Script
General
Full URL
https://auth.savings.workingadvantage.com/scripts.1baad6c013597821.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2aef73d8723fb7d91d516282c5a33140f448212e7d49898baab65f6c8b74ddc6
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:56:40 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
etag
W/"65cdfbf8-29758"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cf-ray
85a255ba381c3816-FRA
alt-svc
h3=":443"; ma=86400
main.376bcc3f5834c9a3.js
auth.savings.workingadvantage.com/
2 MB
409 KB
Script
General
Full URL
https://auth.savings.workingadvantage.com/main.376bcc3f5834c9a3.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be8577e579d9924b36cda3f01fb7aea4f43ed90f9ae689955a0deda006a1ee11
Security Headers
Name Value
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
last-modified
Thu, 15 Feb 2024 11:56:40 GMT
server
cloudflare
content-encoding
br
etag
W/"65cdfbf8-19e71e"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS, GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/javascript; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com, https://auth.savings.workingadvantage.com
access-control-allow-credentials
true, true
cf-ray
85a255b96f6c3816-FRA
alt-svc
h3=":443"; ma=86400
gtm.js
www.googletagmanager.com/
239 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
72696c96dab7f22d1cdf6988f875e6c3a733ceac9599f2765da02be4d067429f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81643
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 20:04:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Feb 2024 20:49:20 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
33 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12163
expires
Fri, 23 Feb 2024 21:49:20 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:20 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1597
expires
Fri, 23 Feb 2024 21:49:20 GMT
styles.4a62f33afffa2c84.css
auth.savings.workingadvantage.com/
39 KB
8 KB
Stylesheet
General
Full URL
https://auth.savings.workingadvantage.com/styles.4a62f33afffa2c84.css
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bf599966dd39864588776600dcc12f05f281fe550157d82950665735ab2da0c
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:56:40 GMT
server
cloudflare
cf-cache-status
DYNAMIC
content-encoding
br
etag
W/"65cdfbf8-9b6a"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cf-ray
85a255ba381d3816-FRA
alt-svc
h3=":443"; ma=86400
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v24/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://auth.savings.workingadvantage.com/
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 03:33:03 GMT
x-content-type-options
nosniff
age
234977
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13980
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 20 Feb 2025 03:33:03 GMT
js
www.googletagmanager.com/gtag/
286 KB
95 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8f3c4bb8c0ef7ebb0f101709f6bbba462e91a632cda1c8beb003d6c73b98a70f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97318
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 23 Feb 2024 20:49:21 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 23 Feb 2024 19:32:03 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4638
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 23 Feb 2024 21:32:03 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/
3 B
45 B
XHR
General
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
collect
www.google-analytics.com/j/
15 B
35 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=335010775&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=Beneplace%20Team%20Discounts&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAEABAAAAACAAI~&jid=&gjid=&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&_slc=1&gtm=45He42l0n815QN8HWMv78847533za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=284156673
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b017bfb984b00d66e38ede36599b6c5650d3bed3011fc37a6ff5f041b1aa1a8b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684z878847533za200&_p=1708721360867&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708721358&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&en=page_view&ep.userId=&up.data_stream_name=G-FD2X5ZMELR&up.site_name=Non%20Cruises&up.url_name=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&up.pb_site_name=auth&up.page_path=%2F2u%2Fsign-in&up.user_id_value=&up.zip_code=NaN&tfd=555
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:21 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
267 KB
90 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2K753Z6D0L&cx=c&_slc=1
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
65494fdcb6dcb8402721847989ee329810c42dbeed42254b6d6e1b66486c8b0f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91892
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 23 Feb 2024 20:49:21 GMT
system-wide
2u.savings.beneplace.com/api/notifications/
2 B
795 B
XHR
General
Full URL
https://2u.savings.beneplace.com/api/notifications/system-wide
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-powered-by
alt-svc
h3=":443"; ma=86400
content-length
2
server
cloudflare
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bbfed51e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
info
2u.savings.beneplace.com/api/
8 KB
3 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/info?authInfo=true
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bbfed61e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
info
2u.savings.beneplace.com/api/
8 KB
3 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/info?authInfo=true
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bbfed71e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:21 GMT
2u
2u.savings.beneplace.com/api/controls/
2 KB
1 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/controls/2u
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"7e1-QzUZ6tuVa8wnoxHfM4ebNWFGbtg"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bbfed81e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
marketplace-styles.css
2u.savings.beneplace.com/api/2u/
32 KB
5 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/2u/marketplace-styles.css
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a654d1a443a60b182332b2f163ccb71a650332eab2cd471556b7156b7808317
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"812d-u+uouUIjVDsJ3uc6k/+Y/VJtORk"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/css; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bbfed91e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
auth-v2
2u.savings.beneplace.com/api/google-experiments/
4 KB
3 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/google-experiments/auth-v2
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a83eaf590f2c078872c01c0f332037dc8fef2a3a2f925d9d8ea5425d0172cf99
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"fd8-xTrkXE581f1SQMoUGwMfCAmZvJg"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bbfed21e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
nr-spa.142f942f-1.239.1.min.js
js-agent.newrelic.com/
75 KB
25 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-spa.142f942f-1.239.1.min.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
sn0IxCI.MkvNIiRAoqe.awP2R5evqDa4
content-encoding
br
via
1.1 varnish
date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=300
x-amz-request-id
XKNH2N4BMHCM512R
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
25649
x-amz-id-2
4mexhU0yeIewKmDeZm96VoQ5sJoXlVDLPLvdECeQEQCLYnoSPdDtx9GVJ5S3Dd2cS0NTUzBv+mg=
x-served-by
cache-fra-etou8220134-FRA
last-modified
Wed, 18 Oct 2023 21:33:59 GMT
server
AmazonS3
x-timer
S1708721361.301185,VS0,VE0
etag
"929044c7a94ad93d4583f5b62538f46a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
412
NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/1/
40 B
465 B
XHR
General
Full URL
https://bam.nr-data.net/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=769&ck=0&s=6ef7aa8eb7401313&ref=https://auth.savings.workingadvantage.com/2u/sign-in&af=err,xhr,stn,ins,spa&be=306&fe=442&dc=397&perf=%7B%22timing%22:%7B%22of%22:1708721360545,%22n%22:0,%22r%22:0,%22re%22:179,%22f%22:179,%22dn%22:179,%22dne%22:179,%22c%22:179,%22s%22:179,%22ce%22:179,%22rq%22:180,%22rp%22:306,%22rpe%22:309,%22di%22:451,%22ds%22:702,%22de%22:703,%22dc%22:747,%22l%22:747,%22le%22:749%7D,%22navigation%22:%7B%22rc%22:1%7D%7D
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
server
envoy
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/plain
access-control-allow-origin
https://auth.savings.workingadvantage.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
cross-origin-resource-policy
cross-origin
Connection
close
Content-Length
40
x-served-by
cache-fra-etou8220113-FRA
2u
2u.savings.beneplace.com/api/controls/
2 KB
1 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/controls/2u
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"7e1-QzUZ6tuVa8wnoxHfM4ebNWFGbtg"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bcdf911e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
auth
2u.savings.beneplace.com/api/navigation/2u/auth_footer/US/
959 B
793 B
XHR
General
Full URL
https://2u.savings.beneplace.com/api/navigation/2u/auth_footer/US/auth
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f63e31ebf9b37ea9651067359238bfd61f6cd7dc7c6c0ea864e6f8c345f8f8b9
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"3bf-GIZgHybzmfj3d8rGD0L3UFFjORw"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255bcdf941e53-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:20 GMT
NRJS-2ebdf5b38afbaafd48e
bam.nr-data.net/events/1/
24 B
404 B
XHR
General
Full URL
https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=1151&ck=0&s=6ef7aa8eb7401313&ref=https://auth.savings.workingadvantage.com/2u/sign-in
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:21 GMT
server
envoy
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
image/gif
access-control-allow-origin
https://auth.savings.workingadvantage.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
Connection
close
Content-Length
24
x-served-by
cache-fra-etou8220101-FRA
onetrust
2u.savings.beneplace.com/api/platform/options/
501 B
1 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/platform/options/onetrust
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05f687735d78286be14d4e10a1fb29138cddcf927835e5441b61406512db7c8e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"1f5-7p9slVTH/yNu6/xY0Gl0Ekd5Wds"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255c20caa1c3c-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:21 GMT
info
2u.savings.beneplace.com/api/
8 KB
3 KB
XHR
General
Full URL
https://2u.savings.beneplace.com/api/info?authInfo=true
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
vary
Accept-Encoding, Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
text/html; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255c23cd61c3c-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:21 GMT
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=335010775&t=pageview&_s=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%3A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&ul=en-us&de=UTF-8&dt=2U%20Inc%20Discount%20Hub&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=SACAAEABAAAAACAAI~&jid=&gjid=&cid=1225985025.1708721359&tid=UA-2876877-9&_gid=49765537.1708721359&gtm=45He42l0n815QN8HWMv78847533za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&z=1500245462
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:41:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
458
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
id
dpm.demdex.net/
185 B
693 B
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=B5F9FF2554F608410A4C98C6%40AdobeOrg&d_nsid=0&d_mid=46757837134638414743898926098657449416&d_coppa=true&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=adobe_ecid%0146757837134638414743898926098657449416&d_cid_ic=ecid%0146757837134638414743898926098657449416&d_cid_ic=mcid%0146757837134638414743898926098657449416&ts=1708721362281
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.247.186.102 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-186-102.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8271a5f9d0f15e3c1248c069237daf024e7f5b3689cd48b38508c456fd345ea4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

dcs
dcs-prod-irl1-1-v057-093cbaa21.edge-irl1.demdex.com 3 ms
pragma
no-cache
date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
8FzKdINCQxc=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
x-error
300,300
content-length
185
expires
Thu, 01 Jan 1970 00:00:00 UTC
RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/
343 B
483 B
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RCfc27f81c245c44b78fbb03ff4af1a6be-source.min.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1870780f32d372a63e30a169bef356b78fc9a0ebfbbef37f99b410244fce3ce7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:38 GMT
server
AkamaiNetStorage
etag
"c2c6de46c90c909501aada279b8b0209:1707952178.118178"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
215
expires
Fri, 23 Feb 2024 21:49:22 GMT
RC986b4d5825364bd4887033e40e20c549-source.min.js
assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/
757 B
697 B
Script
General
Full URL
https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/0870a348fba5/RC986b4d5825364bd4887033e40e20c549-source.min.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:7a5::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
414a9f7ce391b6e34dab805c9dcea7be275b3e3079faf5947fb61e04278c897e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
content-encoding
gzip
last-modified
Wed, 14 Feb 2024 23:09:38 GMT
server
AkamaiNetStorage
etag
"c2c6de46c90c909501aada279b8b0209:1707952178.118178"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
428
expires
Fri, 23 Feb 2024 21:49:22 GMT
delivery
starget.workingadvantage.com/rest/v1/
781 B
956 B
XHR
General
Full URL
https://starget.workingadvantage.com/rest/v1/delivery?client=entertainmentbenefit&sessionId=71e096a16ed345c6b57c636605921e18&version=2.8.2
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.235.152.156 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-66-235-152-156.data.adobedc.net
Software
jag /
Resource Hash
3ec863b93075891501b74046de8ed4db004bf7bdd3d19e41aa8a05ff11e88203
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
content-encoding
gzip
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server
jag
x-content-type-options
nosniff
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
timing-allow-origin
*
x-xss-protection
1; mode=block
x-request-id
c7e44e30-9f2e-4236-9fb1-0c5fec883e29
gtm.js
www.googletagmanager.com/
239 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5QN8HWM
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f80c5e7b36f0a2b5ecd7dcd4b931d7a98eb0f9b5ec53cb6681ade3ae8cbd3989
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81643
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 20:04:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Feb 2024 20:49:22 GMT
js
www.googletagmanager.com/gtag/
198 KB
72 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-2876877-9
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3484e188a909f7f48632a80707ddaf5dff17ff2a0a09ef0e222d73a5a8d9088f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73186
x-xss-protection
0
last-modified
Fri, 23 Feb 2024 20:04:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 23 Feb 2024 20:49:22 GMT
mouseflow
2u.savings.beneplace.com/api/platform/options/
94 B
803 B
XHR
General
Full URL
https://2u.savings.beneplace.com/api/platform/options/mouseflow?name=workingadvantage_mouseflow_script_id
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61b4579ddd9500f72669998271f04641a6f956554326995c3000531a9a57e4d4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=2592000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-powered-by
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"5e-xWERRy+8FVp8nFwecehLclRX7Go"
vary
Origin
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-ray
85a255c2ed7f1c3c-FRA
access-control-allow-headers
Origin, Referer, X-Requested-With, Content-Type, Authorization
expires
Fri, 23 Feb 2024 20:49:21 GMT
a
www.googletagmanager.com/
0
11 B
Image
General
Full URL
https://www.googletagmanager.com/a?v=3&t=l&pid=1596712945&rv=42l0&u=AAAAAAAI&h=Ag&gtm=457e42l0za200&ccid=_UA-2876877-9&cid=UA-2876877-9&l=L321.S1.Y2.B5.E6.I450.EC8.TC5.HTC0~gtm.init.S0.V0.TS5ogt1pdatav2.TI6.TE1.TS5ccdgalast.TI8.TE0.TS5ccdgafirst.TI9.TE0~gtm.js.S0.V0.TS5rep.TI1.TE0.TS5zone.TI3.TE0~gtm.dom.S0.V0.E2~gtm.scrollDepth.S0.V0.E2~gtm.load.S0.V0.E1~gtm.historyChange.S0.V0~*.S0.V0~gtm.init_consent.S0.V0.E5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
server
Google Tag Manager
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
delivery
starget.workingadvantage.com/rest/v1/
0
98 B
Ping
General
Full URL
https://starget.workingadvantage.com/rest/v1/delivery?client=entertainmentbenefit&sessionId=71e096a16ed345c6b57c636605921e18&version=2.8.2
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/a281455e4dfe/86f9b29df5eb/launch-a0e5cece2585.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.235.152.156 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-66-235-152-156.data.adobedc.net
Software
jag /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
strict-origin-when-cross-origin
x-content-type-options
nosniff
server
jag
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-xss-protection
1; mode=block
x-request-id
00844ccc-6de8-42bd-bd30-059eae37a235
s47328114071120
smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/
43 B
369 B
XHR
General
Full URL
https://smetrics.workingadvantage.com/b/ss/entbenwag3/1/JS-2.22.4-LDQM/s47328114071120
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.222 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-222.data.adobedc.net
Software
jag /
Resource Hash
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 24 Feb 2024 20:49:22 GMT
server
jag
etag
3669451184989863936-4617510563172506461
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
expires
Thu, 22 Feb 2024 20:49:22 GMT
07e508d2-aee2-481f-ac8e-6e200d46af80.js
cdn.mouseflow.com/projects/
196 KB
58 KB
Script
General
Full URL
https://cdn.mouseflow.com/projects/07e508d2-aee2-481f-ac8e-6e200d46af80.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c82f080db2b97dea4c680e7d745d3e09b574cd414197ddab211421cbf97f691
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
56069
x-cache-status
MISS
alt-svc
h3=":443"; ma=86400
x-mf-script-region
enforced-privacy
last-modified
Thu, 15 Feb 2024 22:03:35 GMT
server
cloudflare
etag
W/"b36785d25a60da1:0"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cf-ray
85a255c4ef031c3a-FRA
expires
Sat, 24 Feb 2024 20:49:22 GMT
init
n2.mouseflow.com/
0
254 B
XHR
General
Full URL
https://n2.mouseflow.com/init?v=17.98&p=07e508d2-aee2-481f-ac8e-6e200d46af80&s=3867bcc485d8fd618d93641ccad15d13&page=022322390a75a86746eacc5fb67c860567fc9ccc&ret=0&u=4bc7723141ac68824b6316168c9980b5&href=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%3A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&url=%2F2u%2Fsign-in&ref=https%3A%2F%2F2u.savings.workingadvantage.com%2F&title=2U%20Inc%20Discount%20Hub&res=1600x1200&tz=-60&to=0&dnt=0&ori=&dw=1600&dh=1200&time=1878&pxr=1&gdpr=1
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2607:f5b7:1:52::10 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
Mouseflow /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
Mouseflow
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=86400
content-length
0
2u_carousel_02.jpg
g3i.imgix.net/uploads/
265 KB
265 KB
Image
General
Full URL
https://g3i.imgix.net/uploads/2u_carousel_02.jpg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
6436602721fb4c4ce49a36917252d99f58f0a7ded08bac7d2baaffb3bddbea9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:23 GMT
x-content-type-options
nosniff
age
311704
x-cache
HIT, HIT
x-imgix-id
27222b9241043dd39e57fe0e0db37c3a26a38bb0
cross-origin-resource-policy
cross-origin
content-length
271331
x-served-by
cache-sjc1000094-SJC, cache-fra-etou8220051-FRA
x-imgix-render-farm
02.131624
last-modified
Tue, 20 Feb 2024 06:14:18 GMT
server
Google Frontend
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
2u_logo_wide_01.png
g3i.imgix.net/uploads/
1 KB
1 KB
Image
General
Full URL
https://g3i.imgix.net/uploads/2u_logo_wide_01.png?w=280&h=24&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
0edb427ee32af943e19dca87e3efe73c4531a073da27183c1ce99475851f60e3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:23 GMT
x-content-type-options
nosniff
age
8397
x-cache
HIT, HIT
x-imgix-id
30891e3c8066cc23388cce1d7ab41a6baee20386
cross-origin-resource-policy
cross-origin
content-length
1147
x-served-by
cache-sjc10059-SJC, cache-fra-etou8220051-FRA
x-imgix-render-farm
02.131592
last-modified
Fri, 23 Feb 2024 18:29:26 GMT
server
Google Frontend
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
2u_logo_wide_01.png
g3i.imgix.net/uploads/
2 KB
2 KB
Image
General
Full URL
https://g3i.imgix.net/uploads/2u_logo_wide_01.png?w=250&h=32&crop=entropy&fit=clip&trim=color&trim-color=FFFFFF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::720 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
69651d24fc806be36a093989c51e968749b066cfa100eb9ef8e5bce1f7057c71
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:23 GMT
x-content-type-options
nosniff
age
311705
x-cache
HIT, HIT
x-imgix-id
5090727c483bff6e4a8e9b58c03f249d5345f113
cross-origin-resource-policy
cross-origin
content-length
1589
x-served-by
cache-sjc1000125-SJC, cache-fra-etou8220051-FRA
x-imgix-render-farm
02.131624
last-modified
Tue, 20 Feb 2024 06:14:17 GMT
server
Google Frontend
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
wa-logo-wide.png
auth.savings.workingadvantage.com/assets/
29 KB
29 KB
Image
General
Full URL
https://auth.savings.workingadvantage.com/assets/wa-logo-wide.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:23 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:56:46 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
"65cdfbfe-724c"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
cf-ray
85a255c7b9d43816-FRA
alt-svc
h3=":443"; ma=86400
content-length
29260
workingadvantage_logo_wide_inverse_01.png
auth.savings.workingadvantage.com/assets/
18 KB
19 KB
Image
General
Full URL
https://auth.savings.workingadvantage.com/assets/workingadvantage_logo_wide_inverse_01.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.148.145 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264
Security Headers
Name Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/2u/sign-in?response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https:%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 20:49:23 GMT
strict-transport-security
max-age=5184000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval', frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
last-modified
Thu, 15 Feb 2024 11:56:46 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
"65cdfbfe-4924"
x-frame-options
DENY
content-type
image/png
accept-ranges
bytes
cf-ray
85a255c7b9d63816-FRA
alt-svc
h3=":443"; ma=86400
content-length
18724
html
n2.mouseflow.com/
0
248 B
XHR
General
Full URL
https://n2.mouseflow.com/html?website=07e508d2-aee2-481f-ac8e-6e200d46af80&session=3867bcc485d8fd618d93641ccad15d13&page=022322390a75a86746eacc5fb67c860567fc9ccc&gz=1
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2607:f5b7:1:52::10 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
Mouseflow /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
Mouseflow
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=86400
content-length
0
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://auth.savings.workingadvantage.com/
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 21:16:47 GMT
x-content-type-options
nosniff
age
343956
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14168
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:29:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 Feb 2025 21:16:47 GMT
S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ3q5d0.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://auth.savings.workingadvantage.com/
Origin
https://auth.savings.workingadvantage.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Mon, 19 Feb 2024 18:48:50 GMT
x-content-type-options
nosniff
age
352833
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13724
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:20:27 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 18 Feb 2025 18:48:50 GMT
dom
n2.mouseflow.com/
0
248 B
XHR
General
Full URL
https://n2.mouseflow.com/dom?gz=1
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2607:f5b7:1:52::10 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
Mouseflow /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-type
text/plain

Response headers

date
Fri, 23 Feb 2024 20:49:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
Mouseflow
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://auth.savings.workingadvantage.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=86400
content-length
0
common.js
maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/
255 KB
55 KB
Script
General
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/common.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9778cefa5bc916787368c4a29a3c38a2db4cda49948992b5110a5b1fe6ac7eda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 11:08:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
34873
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56593
x-xss-protection
0
last-modified
Tue, 13 Feb 2024 23:41:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 22 Feb 2025 11:08:13 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/
181 KB
56 KB
Script
General
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/55/11a/intl/de_ALL/util.js
Requested by
Host: auth.savings.workingadvantage.com
URL: https://auth.savings.workingadvantage.com/assets/new-relic/new-relic-integration.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3b67fa9d9cea06d520cc18c812be2a501053afad7e18fc14d3496cc12198fc08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.savings.workingadvantage.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 07:54:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
219299
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57065
x-xss-protection
0
last-modified
Tue, 13 Feb 2024 23:41:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Feb 2025 07:54:27 GMT
collect
region1.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684za200&_p=1708721360867&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&sid=1708721358&sct=1&seg=1&dl=https%3A%2F%2Fauth.savings.workingadvantage.com%2F2u%2Fsign-in%3Fresponse_type%3Dcode%26client_id%3D9ezalirn45mF43imJTdf53%26redirect_uri%3Dhttps%253A%252F%252F2u.savings.workingadvantage.com%252Foffers%253Fc%253D7010&dr=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=Beneplace%20Team%20Discounts&_s=2&tfd=5556
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FD2X5ZMELR&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://auth.savings.workingadvantage.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 23 Feb 2024 20:49:26 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://auth.savings.workingadvantage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
auth.savings.workingadvantage.com
URL
https://auth.savings.workingadvantage.com/auth/authorize?subdomain=2u&response_type=code&client_id=9ezalirn45mF43imJTdf53&redirect_uri=https%3A%2F%2F2u.savings.workingadvantage.com%2Fsilent-refresh.html
Domain
n2.mouseflow.com
URL
https://n2.mouseflow.com/init?v=17.98&p=07e508d2-aee2-481f-ac8e-6e200d46af80&s=3867bcc485d8fd618d93641ccad15d13&page=0223205435fa472dd68183ebf3052b3d26cfb1a6&ret=0&u=4bc7723141ac68824b6316168c9980b5&href=https%3A%2F%2F2u.savings.workingadvantage.com%2F&url=%2F&ref=&title=2U%20Inc%20Discount%20Hub&res=1600x1200&tz=-60&to=0&dnt=0&ori=&dw=1600&dh=1200&time=2125&pxr=1&gdpr=1
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684za220&_p=1708721358641&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1708721358&sct=1&seg=0&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2Foffers%3Fc%3D7010&dt=Beneplace%20Team%20Discounts&en=scroll&ep.userId=&epn.percent_scrolled=90&_et=7&tfd=2377
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-FD2X5ZMELR&gtm=45je42l0v9112553684za220&_p=1708721358641&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1225985025.1708721359&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=3&sid=1708721358&sct=1&seg=0&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=2U%20Inc%20Discount%20Hub&en=user_engagement&ep.userId=&_et=1931&tfd=2377
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-2K753Z6D0L&gtm=45je42l0v9126564266za220&_p=1708721358641&gcd=13l3l3l3l2&npa=0&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1225985025.1708721359&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=ABAI&_s=2&dl=https%3A%2F%2F2u.savings.workingadvantage.com%2F&dt=2U%20Inc%20Discount%20Hub&sid=1708721358&sct=1&seg=1&en=page_view&_ee=1&_et=1388&tfd=2377
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2378&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/jserrors/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2378&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/jserrors/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2378&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/events/1/NRJS-2ebdf5b38afbaafd48e?a=1120218725&sa=1&v=1.239.1&t=Unnamed%20Transaction&rst=2379&ck=0&s=9b658b72eeec84ac&ref=https://2u.savings.workingadvantage.com/

Verdicts & Comments Add Verdict or Comment

222 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| ebg object| _satellite boolean| __satelliteLoaded function| AdobePrivacy object| adobe function| Visitor object| s_c_il number| s_c_in object| _sdiToolkit number| adobe_request_count object| NREUM object| webpackChunk:NRBA-1.239.1.PROD object| newrelic boolean| skipEdgeRedirect boolean| isWindows7 boolean| isIE object| true function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| webpackChunkauth_ui function| $localize object| __core-js_shared__ object| core function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__legacyPatch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononscrollendpatched object| global object| gaplugins object| gaGlobal object| gaData object| __zone_symbol__loadfalse object| __zone_symbol__pagehidefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__popstatefalse function| onYouTubeIframeAPIReady object| __zone_symbol__focusfalse object| __zone_symbol__blurfalse object| __zone_symbol__pageshowfalse function| $ function| jQuery object| bootstrap function| Hammer object| __zone_symbol__visibilitychangetrue object| __zone_symbol__prerenderingchangetrue object| __zone_symbol__pageshowtrue object| __zone_symbol__pagehidetrue object| __zone_symbol__keydowntrue object| __zone_symbol__clicktrue function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| __zone_symbol__ON_PROPERTYerror object| __zone_symbol__errorfalse object| targetGlobalSettings object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| __target_telemetry object| s_i_entbenwag3 boolean| adobepageviewfired object| _mfq object| mouseflowHeatmap object| __zone_symbol__beforeunloadfalse object| mouseflow object| __zone_symbol__resizefalse object| __zone_symbol__scrollfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

31 Cookies

Domain/Path Name / Value
.workingadvantage.com/ Name: __cf_bm
Value: WV8A28lAaqOJW78lc5M2_dD4J3AXDgzH6ng0i_ECYZA-1708721358-1.0-AVlVac72AVbZla/+Qp6AZYAp85Sd4Zj50zD2XErz0vR+499B/Y6w9lFeazrVfLZzON4ZvkpPpCKFh3KPJtO3YOg=
.workingadvantage.com/ Name: AMCVS_B5F9FF2554F608410A4C98C6%40AdobeOrg
Value: 1
.workingadvantage.com/ Name: s_ecid
Value: MCMID%7C46757837134638414743898926098657449416
.workingadvantage.com/ Name: _gid
Value: GA1.2.49765537.1708721359
.workingadvantage.com/ Name: _gat_UA-2876877-9
Value: 1
.workingadvantage.com/ Name: cf_clearance
Value: 5kKd5EV5kD9sEDggJHayXpJdfTEuttyBvtJS97P9u60-1708721359-1.0-AXvf4TnmxfBl1QU063gXsX6uGfUu103yIiS3sWkdv2cDTlStz7TYGOGfvbXcJEpUYkT/8p18tj2MrdZudHpaUOI=
.rezync.com/ Name: zync-uuid
Value: 670176bb-8172-456e-ade3-8b3e0d05a179:1708721359.2645583
live.rezync.com/ Name: sd-session-id
Value: eyJfcGVybWFuZW50Ijp0cnVlLCJzZXNzaW9uX2lkIjoiNjcwMTc2YmItODE3Mi00NTZlLWFkZTMtOGIzZTBkMDVhMTc5OjE3MDg3MjEzNTkuMjY0NTU4MyJ9.ZdkEzw.Vfy7OVqHRkmQASpSqKP4kFr5Tpg
.workingadvantage.com/ Name: btIdentify
Value: d9be2b1c-7249-4a8e-9c75-22b80abb2618
.workingadvantage.com/ Name: _bts
Value: 3de1108c-a770-4d69-e3b7-02df5d1f4082
.adnxs.com/ Name: XANDR_PANID
Value: jE11BYNw4_xoX96s99LsGEqCOXwuvRGlKPT3LdUOPinFJnmSwW1WrWzFlRZXqy9Eroq1SqC8vI8ny83l-LmkEtc88aufqidE2NTwJFmdNaU.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 4434187252411865034
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2C$UsvoyD!]tbP6j2F-XstGt!@DML$bu'L
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.doubleclick.net/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
com-wag3.netmng.com/ Name: evo5_WAG3
Value: 5tyzivk6lrhlb%7CO%7CZGpSbmMyaDNLMjE2VFVrdllVbzFTbFJPTWt3MU1URkNSR2xHYzIxNlZIaHBjMUJMVGxORE9UY3lNR1V6ZWpWd01ISkZOR1ZEWWt4bk9WRm5WRUV6ZDNKVmN6bFpaM0JDZUhGdVNtb3pOMU54YVVkT1VsVTBVV3B5VUhJMlpUbEhUVEpIYjI1ME1tbFVSRlZ0THpGNGRrUXhVRTFXVVZadE5FeFRNbmhuVVhKS00wZ3JXamRXTjFwS0x5dEdTMVZSVkRsUVRFaHViRGRyZDNCaUswUktSbFZYYzFwdFNXbHVaekpVWldGSmJtOVpUakp5Tm5KTFFtcHZkakpKYmpGTTptWUkvVFlBcGJCZmpOVFp0aWZ4ZENRPT0%3D
.workingadvantage.com/ Name: _bti
Value: %7B%22app_id%22%3A%22ebg-wag3%22%2C%22bsin%22%3A%22loGJ6UfmA6n4h1OVRFnHEIUia227AWOOq4iPJHRSzcnUih61JereeEkLES1TVvverFyuQ8byRguof5h0xFCgGQ%3D%3D%22%2C%22is_identified%22%3Afalse%7D
.workingadvantage.com/ Name: mf_user
Value: 4bc7723141ac68824b6316168c9980b5|
.savings.workingadvantage.com/ Name: split_test_groups
Value: {}
.workingadvantage.com/ Name: _ga
Value: GA1.2.1225985025.1708721359
.workingadvantage.com/ Name: _ga_2K753Z6D0L
Value: GS1.2.1708721358.1.1.1708721362.0.0.0
.workingadvantage.com/ Name: at_check
Value: true
.workingadvantage.com/ Name: AMCV_B5F9FF2554F608410A4C98C6%40AdobeOrg
Value: 1176715910%7CMCIDTS%7C19777%7CMCMID%7C46757837134638414743898926098657449416%7CMCAAMLH-1709326162%7C6%7CMCAAMB-1709326162%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1708728562s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0%7CMCCIDH%7C-832624259
.workingadvantage.com/ Name: mbox
Value: session#71e096a16ed345c6b57c636605921e18#1708723223|PC#71e096a16ed345c6b57c636605921e18.37_0#1771966163
.workingadvantage.com/ Name: g3refurl
Value: https%253A%252F%252Fauth.savings.workingadvantage.com%252F2u%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252f2u.savings.workingadvantage.com%25252foffers%25253fc%25253d7010
.workingadvantage.com/ Name: prev_url_v2
Value: https%253A%252F%252Fauth.savings.workingadvantage.com%252F2u%252Fsign-in%253Fresponse_type%253Dcode%2526client_id%253D9ezalirn45mf43imjtdf53%2526redirect_uri%253Dhttps%253A%25252f%25252f2u.savings.workingadvantage.com%25252foffers%25253fc%25253d7010
.workingadvantage.com/ Name: s_cc
Value: true
.workingadvantage.com/ Name: mf_07e508d2-aee2-481f-ac8e-6e200d46af80
Value: 3867bcc485d8fd618d93641ccad15d13|0223205435fa472dd68183ebf3052b3d26cfb1a6.47.1708721360756$022322390a75a86746eacc5fb67c860567fc9ccc.1584039192.1708721362740|1708721360754||0||||0|17.98|62.00985
.workingadvantage.com/ Name: _ga_FD2X5ZMELR
Value: GS1.1.1708721358.1.1.1708721363.0.0.0

9 Console Messages

Source Level URL
Text
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://2u.savings.workingadvantage.com/offers?c=7010
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' *.beneplace.com:* *.workingadvantage.com:* *.ebgsolutions.com:* *.demdex.net:* *.everesttech.net:* *.adobedtm.com *.sc.omtrdc.net *.omtrdc.net *.qualtrics.com *.adobe.com *.keen.io *.youtube.com *.kaltura.com *.libertymutual.com
Strict-Transport-Security max-age=5184000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2u.savings.beneplace.com
2u.savings.workingadvantage.com
ad.doubleclick.net
adservice.google.com
assets.adobedtm.com
auth.savings.workingadvantage.com
bam.nr-data.net
cdn.boomtrain.com
cdn.jsdelivr.net
cdn.mouseflow.com
cdnjs.cloudflare.com
com-wag3.netmng.com
dpm.demdex.net
events.api.boomtrain.com
fonts.gstatic.com
g3i.imgix.net
js-agent.newrelic.com
live.rezync.com
maps.googleapis.com
n2.mouseflow.com
people.api.boomtrain.com
region1.google-analytics.com
secure.adnxs.com
smetrics.workingadvantage.com
starget.workingadvantage.com
stats.g.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
auth.savings.workingadvantage.com
bam.nr-data.net
n2.mouseflow.com
region1.google-analytics.com
104.18.37.20
142.250.186.134
151.101.130.137
162.247.243.29
172.64.148.145
18.239.83.21
18.66.122.57
185.89.211.84
199.38.167.54
2001:4860:4802:34::36
2606:4700::6810:5814
2606:4700::6811:180e
2606:4700::6812:1a32
2607:f5b7:1:52::10
2a00:1450:4001:800::200a
2a00:1450:4001:803::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2008
2a00:1450:4001:830::2003
2a00:1450:400c:c00::9a
2a02:26f0:480:7a5::1e80
2a04:4e42::720
35.170.199.47
54.161.181.126
54.247.186.102
63.140.62.222
66.235.152.156
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
05f687735d78286be14d4e10a1fb29138cddcf927835e5441b61406512db7c8e
0bf599966dd39864588776600dcc12f05f281fe550157d82950665735ab2da0c
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d6f7227311722856032c82dc1baa0de768d31189555773808225bbe7a41bdd6
0edb427ee32af943e19dca87e3efe73c4531a073da27183c1ce99475851f60e3
163977aadb7b08e9643d97d26c824460605af34cce3917109777fd97d3d87313
1870780f32d372a63e30a169bef356b78fc9a0ebfbbef37f99b410244fce3ce7
1a654d1a443a60b182332b2f163ccb71a650332eab2cd471556b7156b7808317
1da6ad9dfce9466037ec92e1f7699158c9a9347c669333c724f5cf6f3a7c0634
20d3214f899634774d631d8da56b8ed42f9c7bd026954231812d75d1fce2d1a4
22de6cb47cb99a22c97982e083731cbbd79340c75261c8e68f9ddb350a11d264
2aef73d8723fb7d91d516282c5a33140f448212e7d49898baab65f6c8b74ddc6
3484e188a909f7f48632a80707ddaf5dff17ff2a0a09ef0e222d73a5a8d9088f
36bb307255dedc3e058ef1a3f245ba99c1c455accdf0c3ece8cf694e07fdf174
3b67fa9d9cea06d520cc18c812be2a501053afad7e18fc14d3496cc12198fc08
3ec863b93075891501b74046de8ed4db004bf7bdd3d19e41aa8a05ff11e88203
414a9f7ce391b6e34dab805c9dcea7be275b3e3079faf5947fb61e04278c897e
4264bfa87de5afd4b0236f34dfeee60b2231773a4b404c970c25c4543cd3b4ac
454c214ca26ab65db5a16da48252230a3ab2b947224003c0ddb8fa2677141656
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
46f16c323557a318dd6604bab3ebe8dbd9d23bc318b55eec33b0b0a4502c0bd1
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cf022c4fec7f522b2cedbf3dadafc6d9c9a460935d2cdc31fcc225b7418088b
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
51c28a44c986a235c6d74f2abfbafd9c9a01452515258628e10cbe3024c45a4e
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cac9d59da6a16693baa0fe6c3316b64b8f82c70724e08253551ffde7565f2d
581d8e0801b687f1268b80b8abf95452c7921f6cd5142aa5ed79f8bc5500b3ae
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a
61b4579ddd9500f72669998271f04641a6f956554326995c3000531a9a57e4d4
62ec57b7f971a77af7380ce75ee21e1b881fd1fa628efdb36607125004cca092
6436602721fb4c4ce49a36917252d99f58f0a7ded08bac7d2baaffb3bddbea9b
65494fdcb6dcb8402721847989ee329810c42dbeed42254b6d6e1b66486c8b0f
69651d24fc806be36a093989c51e968749b066cfa100eb9ef8e5bce1f7057c71
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6de2a64494f3eb2460892be0ffb080df38924e553e5af01b92f069378794ac25
7017ed41d05a9da02afb02397adc74e12a93d3c4f6b5b9bbcafffe4ef06f0cdb
72696c96dab7f22d1cdf6988f875e6c3a733ceac9599f2765da02be4d067429f
779700103eaa215226d17491070dd24cc4e6ae6533a0f3a4071140805119b45f
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
7afd9a10c8ddc93d6ca6d3245a21999d408db30ab4bf31e792e213b0b80d7cfc
8004dadb6b1625999c7de43a05d9c2d7fc4ac26ec644a95bfbd113c70b80c9a4
802106d17b6759222edb6db3ed2413e405dcec222a4b1803b8abd257d5f7dbc6
8271a5f9d0f15e3c1248c069237daf024e7f5b3689cd48b38508c456fd345ea4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8353e35c813581f93fab366b791fb43f8e639dd67d72982f7f029807eb63a939
8c82f080db2b97dea4c680e7d745d3e09b574cd414197ddab211421cbf97f691
8c8854741b41041a55e30363186b3e943076de5f80c39d1bb82ed6efbc5f8a6a
8f3c4bb8c0ef7ebb0f101709f6bbba462e91a632cda1c8beb003d6c73b98a70f
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
94d56c8432cefedc8b87cba3150f80b6c2864627539ea1038cb72386d18a72ac
9778cefa5bc916787368c4a29a3c38a2db4cda49948992b5110a5b1fe6ac7eda
99e2d1102c644111abed2ee312d1e57ed5418135c0c9905f3f2a1cd44312d3d4
a5ff70f6ac07dd9865153de5810ff20130a8e033bc547a36598c01bd4de1dc74
a83eaf590f2c078872c01c0f332037dc8fef2a3a2f925d9d8ea5425d0172cf99
b017bfb984b00d66e38ede36599b6c5650d3bed3011fc37a6ff5f041b1aa1a8b
bc49c009b33e66a59f057cf4ada682b80d4401d919ddf0f8d3ef2bb0415f0b23
bd9a6192274f8f2f3ce31cd3d2cae5ebe32e2fa86fc7c4f60a3c28556e496d56
be8577e579d9924b36cda3f01fb7aea4f43ed90f9ae689955a0deda006a1ee11
bed80b2c99b7a1baa628163a6fd1f9fb2220f9c089036565ffe594a4f0d5d5a1
c06c3b843d4bcf295909300bfad5473626575eaef96b98615d9d2f294d66058c
ca3b0682a3e17302b45645c19a5a7aa5275acc823633bf087f85855c4bfa87c9
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbb3c795fd44c83a1200149b18e0df050fe228df4b5b03891373029117d8bd6b
cdaf31a1071286676944848c1e53c284a611e39473e322a75caf358b1b24e19d
d4ae5188a65370ecfe28f42293bbee8297cfd5712c6aadfdb270d48f2bcd88b0
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e197eefb3a6378c1636ca452e85b757536156c962cd4c96cbe86c6ec83b92510
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea3d356230da20a9876271fbb4c85ffa912fe03868fe3021069d1a1c3415a072
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f63e31ebf9b37ea9651067359238bfd61f6cd7dc7c6c0ea864e6f8c345f8f8b9
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f80c5e7b36f0a2b5ecd7dcd4b931d7a98eb0f9b5ec53cb6681ade3ae8cbd3989
fb6611f167cc8d81ab1e4daaf57b28d130317c63e469b586ce9e1dd54781d6f8