identity.gympass.com Open in urlscan Pro
65.9.95.27 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ablink.mail.wellhub.com/ls/click?upn=u001.wB-2FPoHKbt0ydFPoKML05Xcf-2BB9-2BvuAxQfBLQ3bhT0jfDZAzHwd8PK-2BXuZnxLeD1K1JZJtf...
Effective URL:
https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2F...
Submission: On July 08 via manual (July 8th 2024, 10:48:36 pm UTC) from IN — Scanned from DE

Summary HTTP 64 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 11 domains to perform 64 HTTP transactions. The main IP is 65.9.95.27, located in United States and belongs to AMAZON-02, US. The main domain is identity.gympass.com. The Cisco Umbrella rank of the primary domain is 637468.
TLS certificate: Issued by Amazon RSA 2048 M03 on May 9th 2024. Valid for: a year.

This is the only time identity.gympass.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.225.78.42 13.225.78.42	16509 (AMAZON-02) (AMAZON-02)
1 1	23.48.23.36 23.48.23.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
21	2600:9000:20a... 2600:9000:20ab:e600:18:718f:f780:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42::729 2a04:4e42::729	54113 (FASTLY) (FASTLY)
1	2400:52e0:1e0... 2400:52e0:1e00::1079:1	60068 (CDN77 _) (CDN77 _)
1	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2400:52e0:1e0... 2400:52e0:1e00::1082:1	60068 (CDN77 _) (CDN77 _)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
16	65.9.95.27 65.9.95.27	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:212... 2600:9000:2127:9c00:13:fba0:c680:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
9	2600:9000:212... 2600:9000:2127:7800:1e:dcb6:d040:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
64	15

1 13.225.78.42 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-42.fra2.r.cloudfront.net

ablink.mail.wellhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.48.23.36 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-23-36.deploy.static.akamaitechnologies.com

gympass.onelink.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:9000:20ab:e600:18:718f:f780:93a1 (United States)

ASN16509 (AMAZON-02, US)

plan-management.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)

js.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1079:1 (Germany)

ASN60068 (CDN77 _, GB)

survey.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o4504963224764416.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1082:1 (Germany)

ASN60068 (CDN77 _, GB)

surveys-static.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebase.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 65.9.95.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-27.prg50.r.cloudfront.net

identity.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2127:9c00:13:fba0:c680:93a1 (United States)

ASN16509 (AMAZON-02, US)

unleash-edge-code.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

firebaseinstallations.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:2127:7800:1e:dcb6:d040:93a1 (United States)

ASN16509 (AMAZON-02, US)

statics-account.gympass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	gympass.com plan-management.gympass.com identity.gympass.com — Cisco Umbrella Rank: 637468 unleash-edge-code.gympass.com Failed statics-account.gympass.com	2 MB
3	googleapis.com firebase.googleapis.com — Cisco Umbrella Rank: 4931 firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 406	425 B
3	survicate.com survey.survicate.com — Cisco Umbrella Rank: 7695 surveys-static.survicate.com — Cisco Umbrella Rank: 14438	190 KB
2	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
2	sentry-cdn.com js.sentry-cdn.com — Cisco Umbrella Rank: 7355 browser.sentry-cdn.com — Cisco Umbrella Rank: 6800	74 KB
1	gstatic.com www.gstatic.com	213 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2949	262 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 110	91 KB
1	sentry.io o4504963224764416.ingest.sentry.io	299 B
1	onelink.me 1 redirects gympass.onelink.me	411 B
1	wellhub.com 1 redirects ablink.mail.wellhub.com	671 B
64	11

	Domain	Requested by
21	plan-management.gympass.com	plan-management.gympass.com
16	identity.gympass.com	plan-management.gympass.com identity.gympass.com
9	statics-account.gympass.com	identity.gympass.com
2	www.google.com	identity.gympass.com www.gstatic.com
2	firebase.googleapis.com	browser.sentry-cdn.com
2	surveys-static.survicate.com	survey.survicate.com
1	www.gstatic.com	www.google.com
1	region1.google-analytics.com	browser.sentry-cdn.com
1	www.googletagmanager.com	plan-management.gympass.com
1	firebaseinstallations.googleapis.com	browser.sentry-cdn.com
1	unleash-edge-code.gympass.com	browser.sentry-cdn.com
1	o4504963224764416.ingest.sentry.io	browser.sentry-cdn.com
1	survey.survicate.com	plan-management.gympass.com
1	browser.sentry-cdn.com	js.sentry-cdn.com
1	js.sentry-cdn.com	plan-management.gympass.com
1	gympass.onelink.me	1 redirects
1	ablink.mail.wellhub.com	1 redirects
64	17

This site contains links to these domains. Also see Links.

Domain
gympass.com
www.gympass.com
policies.google.com

Subject Issuer	Validity	Valid
gympass.com Amazon RSA 2048 M03	`2024-05-09` - `2025-06-06`	a year	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q2	`2024-06-04` - `2025-07-06`	a year	crt.sh
*.survicate.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-18` - `2024-08-31`	a year	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-02` - `2024-12-02`	a year	crt.sh
upload.video.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.google.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3D8spj9zq1aaus%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Deu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524%26af_channel%3Demail%26utm_term%3Dgrowth-Email-01%26c%3Dfirst_purchase&state=862bd7da-9359-431c-a54e-2a950e591bfd&response_mode=query&response_type=code&scope=openid
Frame ID: 56BD759319F5DBCCAA0E7F828442F498
Requests: 60 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcjSroaAAAAAIemn-rhKELeAssTGxpo5r6lSQ2l&co=aHR0cHM6Ly9pZGVudGl0eS5neW1wYXNzLmNvbTo0NDM.&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=igd87li31stp
Frame ID: C06F7DB70D25D614A586B6D955131DE5
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to Gympass

Page URL History Show full URLs

https://ablink.mail.wellhub.com/ls/click?upn=u001.wB-2FPoHKbt0ydFPoKML05Xcf-2BB9-2BvuAxQfBLQ3bhT0jfDZAzHwd8P... HTTP 302
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=eu-de_b2c_onboa... HTTP 301
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_con... Page URL
https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirec... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

64
Requests

95 %
HTTPS

75 %
IPv6

11
Domains

17
Subdomains

15
IPs

2
Countries

2591 kB
Transfer

5052 kB
Size

7
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://gympass.com/sign-up/company-search/?user_country=us
Title: Melde dich kostenlos an

Search URL Search Domain Scan URL

URL: https://www.gympass.com/de/datenschutz
Title: Datenschutzrichtlinie

Search URL Search Domain Scan URL

URL: https://www.gympass.com/de/bedingungen
Title: Gympass Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://www.gympass.com/us/cookies
Title: Cookie-Richtlinie

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy?hl=en-US
Title: Datenschutzrichtlinie von Google

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ablink.mail.wellhub.com/ls/click?upn=u001.wB-2FPoHKbt0ydFPoKML05Xcf-2BB9-2BvuAxQfBLQ3bhT0jfDZAzHwd8PK-2BXuZnxLeD1K1JZJtfgBh-2FN0DLzzJjNx35JLnmJCfdPTJGKCXA2XdcusWPYkcHpzg7YyBmjKQBaT7rK3xXt9KO3rguuMqrSm5TJ7BX7IYk0eXXgwwjBCdTQ6BR8X7VpXoHsPwofapmIp38hFpmVOKwvvrIG-2FFEBvK4r5kvaAGpulO8GotSQeTgPiEB-2BZE8yXq3AU7Nk6jm5KDAZrbL29XLULVXV5UNG34R6cm-2B19qBh9oq4AwAJqlfw-3DFLZ4_YlCgrgfXBd-2BSFPZsoh1ZwxhQqru5EfHdk5SGW-2FqFYd2znnma1kQDoWkg62gYta1eRw43DXu7QBIIfIERubhwwZ3eADfGRoxEhblsuMpeLBX-2BUcQOYVlyKGe15JtDnq3huEMV6o7EvE09Ko6xj6bb6nXntApdfhcEu-2FE-2FaRwfcrk222S0G95Ck8VQm4r2iEb9Uc0B8WvbkPTD1Dz2won-2BQ8bC3tPdMy7gSKW60SXHtfLuKrQhaxkk5M-2FEOtRaoAG6isFcG6evvnXKBL8zBrNTtV-2FI2LdTR3ytmkURbLwkf4QGBKR6Oy2RcplKtij8426SndoI2yEE9Gp9krumjghNpXO-2Fl0Ff-2FcI-2BgkPtDuT3RpBFzx5M-2FSmYBnvfqLSKcurs7qtAH-2FMs2pl-2BKhvMOOnCPUTKVu6UVcSTt-2FYHNmmu8CrjZgH4Hbw1DFXTKk7CbEJAgkW1jgw47CW06RutHyCb9GySzin1UjN45HpNm0b6XoEREfVwbIbke5HPNLjHrDYyNp-2BFS19sfbDHK3QT9J6MwM2yRdZTHrCGeJ1fT9CGueJBM9YNcD8KH-2B2ICAL60vO5quw4kWP8TUM28MVJinzsDaxf6YX6z-2FDT-2FPwO3S-2FsV22zT7x9-2FIkmpAs3pXXXhaF59MLl9jcRnMNsiXFXtyaU-2FQ8Xgv6D2Se4glRs1SqwOEe-2B5WtjCDnNsF7pPfeBhpNiD6-2BhPXw-2Bt-2BvZ8WZtc1YsV3uOWPiAbBYx0j1gKDSciJY-3D HTTP 302
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&utm_content=none&lid=8spj9zq1aaus&utm_term=growth-Email-01 HTTP 301
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase Page URL
https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3D8spj9zq1aaus%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Deu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524%26af_channel%3Demail%26utm_term%3Dgrowth-Email-01%26c%3Dfirst_purchase&state=862bd7da-9359-431c-a54e-2a950e591bfd&response_mode=query&response_type=code&scope=openid Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://ablink.mail.wellhub.com/ls/click?upn=u001.wB-2FPoHKbt0ydFPoKML05Xcf-2BB9-2BvuAxQfBLQ3bhT0jfDZAzHwd8PK-2BXuZnxLeD1K1JZJtfgBh-2FN0DLzzJjNx35JLnmJCfdPTJGKCXA2XdcusWPYkcHpzg7YyBmjKQBaT7rK3xXt9KO3rguuMqrSm5TJ7BX7IYk0eXXgwwjBCdTQ6BR8X7VpXoHsPwofapmIp38hFpmVOKwvvrIG-2FFEBvK4r5kvaAGpulO8GotSQeTgPiEB-2BZE8yXq3AU7Nk6jm5KDAZrbL29XLULVXV5UNG34R6cm-2B19qBh9oq4AwAJqlfw-3DFLZ4_YlCgrgfXBd-2BSFPZsoh1ZwxhQqru5EfHdk5SGW-2FqFYd2znnma1kQDoWkg62gYta1eRw43DXu7QBIIfIERubhwwZ3eADfGRoxEhblsuMpeLBX-2BUcQOYVlyKGe15JtDnq3huEMV6o7EvE09Ko6xj6bb6nXntApdfhcEu-2FE-2FaRwfcrk222S0G95Ck8VQm4r2iEb9Uc0B8WvbkPTD1Dz2won-2BQ8bC3tPdMy7gSKW60SXHtfLuKrQhaxkk5M-2FEOtRaoAG6isFcG6evvnXKBL8zBrNTtV-2FI2LdTR3ytmkURbLwkf4QGBKR6Oy2RcplKtij8426SndoI2yEE9Gp9krumjghNpXO-2Fl0Ff-2FcI-2BgkPtDuT3RpBFzx5M-2FSmYBnvfqLSKcurs7qtAH-2FMs2pl-2BKhvMOOnCPUTKVu6UVcSTt-2FYHNmmu8CrjZgH4Hbw1DFXTKk7CbEJAgkW1jgw47CW06RutHyCb9GySzin1UjN45HpNm0b6XoEREfVwbIbke5HPNLjHrDYyNp-2BFS19sfbDHK3QT9J6MwM2yRdZTHrCGeJ1fT9CGueJBM9YNcD8KH-2B2ICAL60vO5quw4kWP8TUM28MVJinzsDaxf6YX6z-2FDT-2FPwO3S-2FsV22zT7x9-2FIkmpAs3pXXXhaF59MLl9jcRnMNsiXFXtyaU-2FQ8Xgv6D2Se4glRs1SqwOEe-2B5WtjCDnNsF7pPfeBhpNiD6-2BhPXw-2Bt-2BvZ8WZtc1YsV3uOWPiAbBYx0j1gKDSciJY-3D HTTP 302
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&utm_content=none&lid=8spj9zq1aaus&utm_term=growth-Email-01 HTTP 301
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
plan-management.gympass.com/
Redirect Chain

https://ablink.mail.wellhub.com/ls/click?upn=u001.wB-2FPoHKbt0ydFPoKML05Xcf-2BB9-2BvuAxQfBLQ3bhT0jfDZAzHwd8PK-2BXuZnxLeD1K1JZJtfgBh-2FN0DLzzJjNx35JLnmJCfdPTJGKCXA2XdcusWPYkcHpzg7YyBmjKQBaT7rK3xXt9K...
https://gympass.onelink.me/6cU1/g9pe1e4p?utm_source=braze&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&utm_content=none&lid=8spj9zq1aaus&utm_term=growth-E...
https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c...

2 KB
2 KB

134ms
40ms

Document
text/html

2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

05a95d2e6da0783cf3536f30d2c9b4aeb8a0acbae5591e7bdf6a6831999e63d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

age: 14
cache-control: max-age=60, stale-while-revalidate=120
content-encoding: gzip
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
content-type: text/html
date: Mon, 08 Jul 2024 22:48:16 GMT
etag: W/"7f55ea14d3c01f7696560ee1278e6254"
last-modified: Wed, 03 Jul 2024 17:17:34 GMT
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
x-amz-cf-id: ItE43A5IE4P20XmsGovn8V4Fxy1vjZRWY7obG0rvoFiv7nYimATHVQ==
x-amz-cf-pop: AMS58-P3
x-amz-server-side-encryption: AES256
x-amz-version-id: SjQl9KisQgFb1Nw_wQOrl1QNlgLehu83
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List
cache-control: no-cache, no-store
content-length: 0
content-type: application/octet-stream
date: Mon, 08 Jul 2024 22:48:29 GMT
location: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
server: AkamaiGHost
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 3fe896b0fdfc5a9285d4b30a4d076a51.min.js Show response
js.sentry-cdn.com/ 3 KB
2 KB 88ms
28ms Script
text/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/3fe896b0fdfc5a9285d4b30a4d076a51.min.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8773eab4872230eaa21246e1a54ab8f56d0cd9fa2f8b71c107379ac7137013c4

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; base-uri 'none'; frame-ancestors 'self' .sentry.io; connect-src 'self' .algolia.net .algolianet.com .algolia.io sentry.io .sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; worker-src blob:; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; media-src ; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; font-src * data:; img-src * blob: data:; default-src 'none'; style-src * 'unsafe-inline'; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=2842fe6a72bc7485d11534e59952aae2f9099a95
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/
Origin: https://plan-management.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: object-src 'none'; base-uri 'none'; frame-ancestors 'self' *.sentry.io; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; worker-src blob:; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; media-src *; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; font-src * data:; img-src * blob: data:; default-src 'none'; style-src * 'unsafe-inline'; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=2842fe6a72bc7485d11534e59952aae2f9099a95
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 08 Jul 2024 22:48:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
age: 28
x-envoy-upstream-service-time: 20
content-length: 1324
x-xss-protection: 1; mode=block
x-served-by: getsentry-web-default-common-production-69656d46f4-fwwbj, cache-chi-kigq8000109-CHI, cache-fra-etou8220108-FRA
x-frame-options: deny
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
x-envoy-attempt-count: 1
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 main.5c5abcd7803e320017e6.js Show response
plan-management.gympass.com/ 9 KB
5 KB 43ms
43ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b56a3748bf76bf4a8a10fef5047624ec210a73bf89b8062eb4c5091b36e7a3d7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: ofNyVFCD3OsbwPlQ5OvzBneynKgrF2DM
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:34 GMT
server: AmazonS3
etag: W/"8c189d5d655d0aef650910df1ed36887"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: JIR6bsvv3eCp49ArPt_88qfbjrw6A5t-5IE7Hunvibwb7if0LA9DJA==

GET
H2 200 remoteEntry.js Show response
plan-management.gympass.com/ 10 KB
6 KB 41ms
40ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/remoteEntry.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

354ae780bea7c23252aa547913a1e998f6dce6712093d24e2ec5a705a9e86d97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 5Jq71Q2lWdNxx2wPuoI4gu1Fv9EPRwTH
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:34 GMT
server: AmazonS3
etag: W/"6978056e0a358f477b901241073f1159"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: hF4yKB3xYsAprN6LGftsc-Cke2ybDrhBGZIAeXlJIRFbKFfl5I84zQ==

GET
H2 200 bundle.tracing.replay.min.js Show response
browser.sentry-cdn.com/7.118.0/ 223 KB
71 KB 30ms
23ms Script
application/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/7.118.0/bundle.tracing.replay.min.js

Requested by

Host: js.sentry-cdn.com
URL: https://js.sentry-cdn.com/3fe896b0fdfc5a9285d4b30a4d076a51.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

a46472b98cbc84a76e70cd1de6f8d3dc8bc3451d7f7dcafc15e31b72c1c49873

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://plan-management.gympass.com/
Origin: https://plan-management.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 22:48:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 21 Jun 2024 07:37:32 GMT
server: Fastly
age: 1519392
etag: "4d6e25c9a33614c145b379cd58008719"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 72724
expires: Sat, 21 Jun 2025 08:45:18 GMT

GET
H2 200 web_surveys.js Show response
survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/ 47 KB
11 KB 90ms
26ms Script
application/javascript 2400:52e0:1e00::1079:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/web_surveys.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1079:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1079 /

Resource Hash

7712bb0af584a463ea23912238faeb8fb79f0221fbcedab8bf4bc435f09449a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; connect-src https://respondent.survicate.com 'self'; img-src https://*; font-src https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://use.typekit.net https://fonts.gstatic.com; report-to csp-endpoint-survey;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 22:48:29 GMT
x-amz-version-id: AUpKpmZ1KRd8REIc5fh2dGKmtp5fCSv7
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cdn-edgestorageid: 1080
content-security-policy: default-src 'self' 'unsafe-inline' https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com; connect-src https://respondent.survicate.com 'self'; img-src https://*; font-src https://surveys-static.survicate.com https://surveys-static-prd.survicate-cdn.com https://use.typekit.net https://fonts.gstatic.com; report-to csp-endpoint-survey;
x-amz-request-id: ZWHVTWC3WG63NYHR
cdn-cachedat: 07/08/2024 22:30:00
cdn-pullzone: 1158558
x-amz-id-2: u8Q9rV4TmujR7C30p7qIsIrFtd0+MycxTTswKVVcmT4xwHY0PyBbDzsuAvA3WAgBvekAkoFJSig=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 08 Jul 2024 22:29:18 GMT
server: BunnyCDN-DE1-1079
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"0078acae4cf14b42a990f04fa01b6c07"
vary: Accept-Encoding, Accept-Encoding
report-to: { "group": "csp-endpoint-survey", "max_age": 10886400, "endpoints": [{ "url": "https://panel-api.survicate.com/_/report_csp/survey" }] }
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=300
cdn-requestid: 0a4708526903ee760b537565bc156304
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 996.4d83083f1b4ea647afd7.js Show response
plan-management.gympass.com/ 348 KB
105 KB 52ms
51ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/996.4d83083f1b4ea647afd7.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

679bab4715b909a08e9e8f7206c6ba4a331637f96458207e2c0047216dc606f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: LMYFl7TfD6iAx5gD_SsBAiZoT1CvWh6c
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:34 GMT
server: AmazonS3
etag: W/"f93cc5a1bd1f83196f41ed3135c6e24a"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: p3DNcfosz7hFQkbguWwWDsAjkZ0vLCF3Z1Fa1RbDvl10aTPWl5D0PQ==

GET
H2 200 384.c10b87524bee5fc73f4d.js Show response
plan-management.gympass.com/ 62 KB
17 KB 45ms
45ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/384.c10b87524bee5fc73f4d.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

bcc2d11bf0873656644507bf89d942d92655d8193af4369f677e9a114a0d4033

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 0MHA_8.gSqSyvOiib0C0y40Vi64PS9t9
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"103beea7056f96702c5b06dae352303e"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: 97aOs2UsyxFEMaB15czXlZnjOaGfLPVfxtZAV1Y7e9alBGCb0nRlGA==

GET
H2 200 298.5a574e5773ac6aba48f8.js Show response
plan-management.gympass.com/ 80 KB
29 KB 45ms
45ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/298.5a574e5773ac6aba48f8.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7a9fe36a34494ba775ed12bf23efd354473115ea1a29eb72c79eeadb4a130aac

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: sQcR.vNbOy0_LFxIofWylghORT1J6bdT
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"cdbdeac87ceb818c3f1336faaaf0985e"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: 6nwIGih3CQ31M9YoqbCz7l8bW3SOILcRIIK_n1pREEFuMhoIFL8sRw==

GET
H2 200 976.4659f1e753df6932ac1c.js Show response
plan-management.gympass.com/ 7 KB
4 KB 161ms
161ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/976.4659f1e753df6932ac1c.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f43c0c0b06ddbfb9c46dc9e3a18dbec88ae77a50a3058a644daf0911332d19fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: q.O5_Ugjm7Ow7oFfp_iUhwULNcO0cMZ1
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"417713e57ebfaae086069d862e2ea6b2"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: l3b6o3QbM2sS5EyDa0g0ERs-FtvdyrzzhPpUkX0tckZo6hR-HgW-ZQ==

GET
H2 200 632.668af4a9e0574aeae65f.js Show response
plan-management.gympass.com/ 30 KB
13 KB 117ms
116ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/632.668af4a9e0574aeae65f.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

58bb4d85fc889f7fd93bd6b42cc21a200293446313563126913a05abebee5b85

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 0WiuPcb2Fnwefy3ys6C2d3_OOWjcm1kC
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"54767379e6c5e59682b2ad8bd4984db3"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: kzcVhSlToGq7qv1dQiLg22pu29nZ1emSsGeDTZeKvpTL_eedtyVEmQ==

GET
H2 200 460.5bb66271df4f073824f9.js Show response
plan-management.gympass.com/ 242 KB
28 KB 124ms
123ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/460.5bb66271df4f073824f9.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

00db3235f08e341ddc464a31e5ec5c41d9164aa5c088e24daa834a09826fd07f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: b_NfT7BzUViL4Gxy14yYl.8ZgEEcEZlP
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"d049c943a45715a1570b78cde7d8f65d"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: BvMruq3HiyW0NGgl6tp8-SAPqn5VYdcT-vf7F62KfuGqp90gjQx-XA==

GET
H2 200 788.f0ad59263f21715c530d.js Show response
plan-management.gympass.com/ 36 KB
15 KB 117ms
116ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/788.f0ad59263f21715c530d.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

110bc5c4b134e2c87613250b3aa9b267a441ff95bc56912d47a383466f8ce2f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: rZzBc0u.yXs.6j4m6B0N9Kmu4I1kt8fY
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"000d45c2ebb679897c075fa8b22f1899"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: gq9AyumI1NEZ-2Qy6DF-0ZGVynXr_oNIdDyXy0a5yXkZnD5dnQ8rkg==

GET
H2 200 818.45c3bd116aad102c068e.js Show response
plan-management.gympass.com/ 50 KB
18 KB 122ms
122ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/818.45c3bd116aad102c068e.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

71f7b01a72d9de0d889cd2e5887a7e28d0c7e814e3bd9523e73bb6fe83c52a0e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 0iSJCJk9Wpil8_iFjZKh5z7QVUB3tEt8
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"555a8989d826f4e94a4b81d9c59c3c46"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: aInrukYRja-O78DCIqPaspgNO53NDezSH7MwbGttyOyyocE64FMUDw==

GET
H2 200 935.5dce3899544cd4a37a4c.js Show response
plan-management.gympass.com/ 131 KB
44 KB 146ms
145ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/935.5dce3899544cd4a37a4c.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9a66625f26f2fdefb8147107d61950d139db9e1f12e171021ac4946f7037b905

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: wGpX7KEhZ9qJInf.BaWrSzQOeI6Ftn_e
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"bbeafe89030d83df6d72f1c3ecf43c1f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: 29tycMUnE18iTmJyWBRJS7diJWoX307I4aYL_oJpjTIH9Vu8Wy7I7A==

GET
H2 200 271.4babf80a049b2c49765b.js Show response
plan-management.gympass.com/ 676 KB
158 KB 131ms
130ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/271.4babf80a049b2c49765b.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4b366908bb6d1834a639e44d392308c187dd5773726383413438bc88be5c2476

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Q_xbjjOgoejj5jcU71eTB37F0_hUoVX1
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"81424e91677d921e4a87a3c8bbcc9630"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: 4qkimUqsHSXpjSbUqogL08P1dRERWTEs2IBcO3siz85QUmafHHnHtQ==

GET
H2 200 893.5ab12359eb56aec3c9f7.js Show response
plan-management.gympass.com/ 1 KB
2 KB 161ms
160ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/893.5ab12359eb56aec3c9f7.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

71d3e60278f8953fb749e5bb24db243daf81a1fc5e951f298220040bcc205ea4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 3SH2enok7tq_PPkvgYwHcFVyF0uKi9F.
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"46d2e0c82af0d34657aa87f37ea64f18"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: ppJxH-qhM9J9mwQmVBTNK8N7fNJcqVSsTyhqmzY5rq9wrEkn1lynZw==

GET
H2 200 159.83e39c81dfb509e7801f.js Show response
plan-management.gympass.com/ 30 KB
11 KB 159ms
159ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/159.83e39c81dfb509e7801f.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

174d357b3404a7c299f42fadcfd801d0b8fd24d5731ea20062a573e055b8b19d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: luvs2etjHSzLQRHRHmBIBBfC46vIxJLW
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"eea5b3adde4738a718cfe0696d5d5b1f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: DnoGgyVKCRSomBLuijwCAskxGM8VVzvu2kCbyqAFSJQHCPR-eG9pDw==

GET
H2 200 563.79c10b377dc8f28a199f.js Show response
plan-management.gympass.com/ 1 KB
2 KB 159ms
158ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/563.79c10b377dc8f28a199f.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

88d108a0e7d5563cda357eca3134a5c01869b71d76f91c87be3b979e54b2d51d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 0oBPXVHZD_1xXCYIt3K7mneAUZXVH.s1
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"858fe9d77f16d2461693eae2b4e023aa"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: MLJt_8kC50iMI8xKkKJmyCd6bVEENvl55TA4GmFUzLRv7eXFr3OJqw==

POST
H2 200 /
o4504963224764416.ingest.sentry.io/api/4506541754744832/envelope/ 2 B
299 B 128ms
34ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o4504963224764416.ingest.sentry.io/api/4506541754744832/envelope/?sentry_key=3fe896b0fdfc5a9285d4b30a4d076a51&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.118.0

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.118.0/bundle.tracing.replay.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://plan-management.gympass.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 08 Jul 2024 22:48:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
BLOB 200
OK 46260745-8b9b-46ee-9d7e-7a93d09d515e
https://plan-management.gympass.com/ 10 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://plan-management.gympass.com/46260745-8b9b-46ee-9d7e-7a93d09d515e
Requested by: Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 10285
Content-Type

GET
H2 200 fonts.css
surveys-static.survicate.com/fonts/ 8 KB
2 KB 109ms
25ms Stylesheet
text/css 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/fonts/fonts.css

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 /

Resource Hash

789e8685a564e07274fec164118e89fa040ff2779c6efe3d781b94aeea6f06eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 22:48:30 GMT
x-amz-version-id: 0MpdULBlih82WDf4ohSkRSpw5864DG4c
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cdn-edgestorageid: 1080
content-security-policy: default-src 'self'
x-amz-request-id: 18K1ZC248HBNW78Z
cdn-cachedat: 03/13/2024 08:57:12
cdn-pullzone: 1133799
x-amz-id-2: 0SJmP6msgDJlSL1hgch6/B+Ck3fWfxkzyqtSinW8hJuy/J9WHVFkWzaTucQktfkiM+sWodj43hA=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 11 Mar 2024 12:12:11 GMT
server: BunnyCDN-DE1-1082
cdn-proxyver: 1.04
cdn-requestpullcode: 200
etag: W/"c010d2df3fedabc7f87b52ab6c64fb45"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
cdn-requestid: 1cf755a2b9cb58af46e072031faac482
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 widget_core-24.6.1.js
surveys-static.survicate.com/ 620 KB
177 KB 109ms
26ms Script
application/x-javascript 2400:52e0:1e00::1082:1
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/widget_core-24.6.1.js

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/0fe6aa950144b6d3d5b0aaaea35f4cd1/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1082:1 , Germany, ASN60068 (CDN77 _, GB),

Reverse DNS

Software

BunnyCDN-DE1-1082 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/
Origin: https://plan-management.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self'
content-encoding: br
x-amz-request-id: NR4YDBR4EMXGVPA8
cdn-pullzone: 1133799
x-amz-meta-codebuild-content-md5: 0dc097e2686e1d2dba58b9921708fb06
referrer-policy: strict-origin-when-cross-origin
cdn-proxyver: 1.04
etag: W/"9d153c3a5641883a6166c0b419e9714c"
x-frame-options: DENY
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
x-amz-meta-codebuild-content-sha256: 38f38a42261abeaa6836c71519a8c380cb76ea6ecbdb48df833325bfd44ba0cc
cdn-cache: HIT
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date: Mon, 08 Jul 2024 22:48:30 GMT
x-amz-version-id: LLDQeRsHazlTsTPNgtFqM.SxTqUJvVPt
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cdn-edgestorageid: 1079
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:121050345386:build/prd-static:3822a12f-d303-4272-a0ac-ba95b4bc1054
cdn-cachedat: 07/05/2024 10:49:18
x-amz-id-2: b3Wbm+8cBbPqie1/B3mclHpe9/1UD8Bdi0Q177oLQ9g6ITxcgTkWpJjZ/YAD4MwheY+qNX4y/Ug=
x-xss-protection: 1; mode=block
last-modified: Fri, 05 Jul 2024 10:41:53 GMT
server: BunnyCDN-DE1-1082
cdn-requestpullcode: 200
access-control-max-age: 3600
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
cdn-requestid: 9f21ed3b56e76610e94808d3e21d691b
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:96277262064:web:90d6de6357f7f4a6339c35/ 347 B
425 B 55ms
54ms Fetch
application/json 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:96277262064:web:90d6de6357f7f4a6339c35/webConfig

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.118.0/bundle.tracing.replay.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept: application/json
Referer: https://plan-management.gympass.com/
x-goog-api-key: AIzaSyA-Qul6oJabrhuylNVN4371I4Qn4ovL_vo
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 22:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://plan-management.gympass.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 235
x-xss-protection: 0

OPTIONS
H2 200 webConfig
firebase.googleapis.com/v1alpha/projects/-/apps/1:96277262064:web:90d6de6357f7f4a6339c35/ Frame 0
0 147ms
51ms Preflight
text/html 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebase.googleapis.com/v1alpha/projects/-/apps/1:96277262064:web:90d6de6357f7f4a6339c35/webConfig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-api-key
Access-Control-Request-Method: GET
Origin: https://plan-management.gympass.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://plan-management.gympass.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 08 Jul 2024 22:48:30 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 Primary Request auth Show response
identity.gympass.com/auth/realms/master/protocol/openid-connect/ 131 KB
133 KB 603ms
476ms Document
text/html 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3D8spj9zq1aaus%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Deu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524%26af_channel%3Demail%26utm_term%3Dgrowth-Email-01%26c%3Dfirst_purchase&state=862bd7da-9359-431c-a54e-2a950e591bfd&response_mode=query&response_type=code&scope=openid

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/460.5bb66271df4f073824f9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

c18181d31463d6a087dc583ead869dcd98cf28ecee800437b678e422b03cf4da

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' https://.google.com; frame-ancestors 'self' https://.google.com https://*.gympass.com; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: no-store, must-revalidate, max-age=0
content-language: de
content-security-policy: frame-src 'self' https://*.google.com; frame-ancestors 'self' https://*.google.com https://*.gympass.com; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com 'unsafe-eval' 'unsafe-inline'
content-type: text/html;charset=utf-8
date: Mon, 08 Jul 2024 22:48:30 GMT
referrer-policy: no-referrer
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-id: 1qEodps7z8z_sDfFACGqzU-SELAgP0DrXRiD3lvF-NwaAyQ7V0r5Rw==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-robots-tag: none
x-xss-protection: 1; mode=block

GET
H2 200 162.38c04864b22e90b06926.js
plan-management.gympass.com/ 13 KB
5 KB 49ms
47ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/162.38c04864b22e90b06926.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 0UI6EP7wj.PqgePcx6_aBGL9rs.R7Eqe
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"7411adef5d4373753317bf7d0af8d5c7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: yqCxuUQRCF_0EghDMZo6HzYa6lLjOAkO2op_kOQafSg_ZwE59v72Sw==

GET
H2 200 593.e18c3936b08c33bfd261.js
plan-management.gympass.com/ 16 KB
7 KB 48ms
46ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/593.e18c3936b08c33bfd261.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: yYQa7v8agVctn8mAFc1WT5wY6GQM6Hmu
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"9240475055ce2ed0727ecb0f63fa8136"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: eNYT3pdzJ1E-PuRBFILH7JODBhHQ-FMel4ipEfn-3hjlrkv75TUYLQ==

GET
H2 200 627.539715ccd0e1f12c7f01.js
plan-management.gympass.com/ 11 KB
5 KB 52ms
51ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/627.539715ccd0e1f12c7f01.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 4PGeR3YTf5ab9Icdqzjgpc3OB6QcjVyB
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"30464a2fe775e883e184b6ef4915b83d"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: ScrP1jr7fCyMhNYhg3OHL-kjVmZmw3cEXQWv_HjkbfxyygB7oQThAQ==

GET
H2 200 649.0845f5349443a478aee9.js
plan-management.gympass.com/ 23 KB
9 KB 62ms
60ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/649.0845f5349443a478aee9.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: mqusLNdawJaBm0Y_adLFyvtXoAPlo1YL
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"be682f8be899265c05f1b609545402fb"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: xlV3kwA4R42vJ3kXDrE4ZnoAP6XIniC-UWpjSH3AS1MlXPhXpmQ_4Q==

GET
H2 200 376.e01f916081569e9dc6ec.js
plan-management.gympass.com/ 24 KB
10 KB 63ms
62ms Script
application/javascript 2600:9000:20ab:e600:18:718f:f780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://plan-management.gympass.com/376.e01f916081569e9dc6ec.js

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/main.5c5abcd7803e320017e6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:20ab:e600:18:718f:f780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://plan-management.gympass.com/?af_xp=custom&origin=mkt&lid=8spj9zq1aaus&source_caller=ui&pid=braze&utm_content=none&utm_source=braze&shortlink=g9pe1e4p&utm_medium=email&utm_campaign=eu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524&af_channel=email&utm_term=growth-Email-01&c=first_purchase
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: txv6cr_kXM0oc0IXEA5OHhNLBM3ndXin
content-encoding: gzip
via: 1.1 c2c44e18165da827386e0ed36aeea344.cloudfront.net (CloudFront)
date: Mon, 08 Jul 2024 22:48:16 GMT
x-content-type-options: nosniff
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gympass.com *.googletagmanager.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.js *.survicate.com *.optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com *.survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: *.prd.us.gympass.cloud *.googleapis.com *.google-analytics.com *.browser-intake-datadoghq.com *.sentry.io *.gympass.com *.optimizely.com; font-src 'self' fonts.gstatic.com *.survicate.com; frame-src 'self' *.sentry.io *.optimizely.com; img-src 'self' *.gympass.com *.cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' *.gympass.com blob:;
x-amz-cf-pop: AMS58-P3
age: 14
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache: Hit from cloudfront
x-xss-protection: 1; mode=block
last-modified: Wed, 03 Jul 2024 17:17:33 GMT
server: AmazonS3
etag: W/"cc4514ce568f38f5f16a940b4128044c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=60, stale-while-revalidate=120
x-amz-cf-id: HUGZE1_xOzyF88P1Kc87k1yKSRNYrYp3ei_SVn6c3wtDf3EHs0o_yA==

GET frontend
unleash-edge-code.gympass.com/api/ 0
0

OPTIONS
H2 200 frontend
unleash-edge-code.gympass.com/api/ Frame 0
0 541ms
437ms Preflight 2600:9000:2127:9c00:13:fba0:c680:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://unleash-edge-code.gympass.com/api/frontend?sessionId=552239742&appName=plan-management&environment=default
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:9c00:13:fba0:c680:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: GET
Origin: https://plan-management.gympass.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: authorization,content-type
access-control-allow-methods: GET, PATCH, TRACE, DELETE, POST, OPTIONS, PUT, HEAD, CONNECT
access-control-allow-origin: *
content-length: 0
date: Mon, 08 Jul 2024 22:48:30 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
via: 1.1 bb390afd921c223e0fe4921fbc23bbe8.cloudfront.net (CloudFront)
x-amz-cf-id: QqA-iYU50xzO62i1U3jnVlgGgP69EqI6bjWtxwCXPlGrXFsv2rcEuQ==
x-amz-cf-pop: PRG50-C1
x-cache: Miss from cloudfront

OPTIONS
H2 200 installations
firebaseinstallations.googleapis.com/v1/projects/gympass-f522f/ Frame 0
0 150ms
65ms Preflight
text/html 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://firebaseinstallations.googleapis.com/v1/projects/gympass-f522f/installations

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-firebase-client,x-goog-api-key
Access-Control-Request-Method: POST
Origin: https://plan-management.gympass.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,x-firebase-client,x-goog-api-key
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://plan-management.gympass.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 08 Jul 2024 22:48:30 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST installations
firebaseinstallations.googleapis.com/v1/projects/gympass-f522f/ 0
0

GET
H2 200 js
www.googletagmanager.com/gtag/ 259 KB
91 KB 144ms
63ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?l=dataLayer&id=G-KHZSKE5NP3

Requested by

Host: plan-management.gympass.com
URL: https://plan-management.gympass.com/996.4d83083f1b4ea647afd7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://plan-management.gympass.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 22:48:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92919
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jul 2024 22:48:30 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
262 B 130ms
44ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-KHZSKE5NP3&gtm=45je4730v9177146748za200&_p=1720478910328&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&_fid=de7XvBiz5xE5AewHD1IGDu&cid=929697428.1720478911&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1720478910&sct=1&seg=0&dl=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3D8spj9zq1aaus%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Deu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524%26af_channel%3Demail%26utm_term%3Dgrowth-Email-01%26c%3Dfirst_purchase&dt=Wellhub&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1&ep.origin=firebase&tfd=2075&_z=fetch
Requested by: Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/7.118.0/bundle.tracing.replay.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://plan-management.gympass.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jul 2024 22:48:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://plan-management.gympass.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Inter-Regular.woff2
statics-account.gympass.com/assets/fonts/Inter/ 106 KB
107 KB 246ms
119ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Regular.woff2

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/realms/master/protocol/openid-connect/auth?client_id=mobile-sso&redirect_uri=https%3A%2F%2Fplan-management.gympass.com%2F%3Faf_xp%3Dcustom%26origin%3Dmkt%26lid%3D8spj9zq1aaus%26source_caller%3Dui%26pid%3Dbraze%26utm_content%3Dnone%26utm_source%3Dbraze%26shortlink%3Dg9pe1e4p%26utm_medium%3Demail%26utm_campaign%3Deu-de_b2c_onboarding__mb__ongoing_tagus_subscription_0524%26af_channel%3Demail%26utm_term%3Dgrowth-Email-01%26c%3Dfirst_purchase&state=862bd7da-9359-431c-a54e-2a950e591bfd&response_mode=query&response_type=code&scope=openid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: KsTgzOS.r6MuauQo_o9CTx6jvagX8Qtu
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 41
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 108488
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "46a1550a4bbaccd13a8eb46a359a9f89"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: 3h2kzvgHli6tGhLxqDxEJt1_oBXw9Pguh2BZea17hiFyqoXByi4RzQ==

GET
H2 200 Inter-Bold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 108 KB
110 KB 322ms
196ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Bold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

220976705fbec109f43c5cfdceca639e99ace7e51f3eb67292b105d3575eb39b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: OZiGcnXNiEWUIsft_qEgV3xVukY1WRrc
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 41
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111040
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "279e5a64038565325a5fda8f14a9b9ec"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: ExzVVI-T5CvW9liQBIeZkODcRn3p2ANCS-2-Uw2oE-29JyWtAuvtmA==

GET
H2 200 Inter-ExtraBold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 306ms
180ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-ExtraBold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98023dd780794f5f7f580bb0e8ca24591bc45f44f31c2c39bfd146c1d104cc4f

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Jms_RyOoBmAYZk57LYA4tJVU.zFModML
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 41
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111360
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "bfed6ba70058e1d8734fa9b2ddd41467"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: m4CXM__vY8_-duQhHdqsjkXhEZBgJyCCj6i55KZGDGDf_QwyOQ6vEA==

GET
H2 200 Inter-Medium.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 193ms
67ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Medium.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: qY5a2luHZhE6GY4hiITJ00MToRnIC_tK
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 41
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111380
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "60824932303e81c4af185cd9229dd24b"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: z6tPRQWNwTaQ2QtLsdfZQk869RbfPtbWtpDUCoAF7yD4Dsy-rml3Tw==

GET
H2 200 Inter-SemiBold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 306ms
180ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-SemiBold.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e52a861dc26ff4608c50bd7ff89b65d0d6216a2afe7b47ce5d84544811ca400

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Y.bwOJDfFhKAjf3wIUtXHWvrnqv_dqPP
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 41
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111588
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "01fdc3828f4efe9208e2149531a8933d"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: 4K9JVtEyuC5jtDbSwV-ZX34TKvZErxWFajyx5d0xxxUT6GmErByPjw==

GET
H2 200 modal.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 2 KB
1008 B 275ms
272ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/modal.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

4207d62d7276da8cd602cb8c4223e53b080923ac9bea36a1ad2949068ba87d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:21:19 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 30430
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: Ve0FHwzkYF7570HRuqhYqlgJtHnyugnpnCgEecVxcokqknwVXg9o-Q==
x-xss-protection: 1; mode=block

GET
H2 200 reset.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 1 KB
952 B 274ms
271ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/reset.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

8fe7d7be43cafdca862870fa7d0ee1c5ca53a66db3f09ebd0cbb7044a015849f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:44:42 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 29028
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: P3yozIRPlv09-ytY74-lyHt7eK0ASyTWj_h7wxQPJlpwzJZFQ-MLew==
x-xss-protection: 1; mode=block

GET
H2 200 login.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 22 KB
4 KB 138ms
135ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/login.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

abad031efd28350819daa36a6fd339176845f8c5364cae98e82059d96a7d1911

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:21:19 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 30430
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: KiSrzcBsbF9z2F1LXBqy_Ppy1XKe07ngSrqw3gDRuvlZ2487o8KEaw==
x-xss-protection: 1; mode=block

GET
H2 200 button.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 2 KB
956 B 214ms
211ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/button.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

1365972254748c92191312089162bb0449aa84c644570f0cf5148617f50ee5fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:21:19 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 30430
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: by-PNumnvasx7HcPRLAC5G0Fm4IbkCvbBOQyezFC5xfTT06HR6u5_Q==
x-xss-protection: 1; mode=block

GET
H2 200 input.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 2 KB
945 B 275ms
272ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/input.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

52d8ddb23163eafbdd89a29b93088c5be2cf2fa4fd4797b15bc049f14915d213

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:21:19 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 30430
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: XkM_TP59KH_-d6EiYl3xaRe4wk6LQ1P99PtiVxqhJFP4EBuycxhsjA==
x-xss-protection: 1; mode=block

GET
H2 200 alert.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 411 B
790 B 273ms
271ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/alert.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

35f33a00d0dff833d93ed972f14cbde6dcf9890f7771b4dced36b88625f8bdc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 10:56:33 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 42717
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
content-length: 411
x-xss-protection: 1; mode=block
x-amz-cf-id: IQduCSbPexPr7dZdfNChkNHkYNJn8aQfaanKruEZgGcuOkZDg9uZaw==

GET
H2 200 fonts.css
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/ 10 KB
1 KB 275ms
272ms Stylesheet
text/css 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/fonts.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

c08654e9ff0f610b4c5dde1f8ff5c67f53330c84ddd10ecc480fa231ff26cf0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:21:19 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 30430
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: jX2u-m243VwLVlAcpHb9h85qXKLRa4S-dDe_oX4wnL9DNIPU0kK3GA==
x-xss-protection: 1; mode=block

GET
H2 200 lottie.min.js Show response
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/ 259 KB
260 KB 145ms
143ms Script
text/javascript 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/lottie.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

e3e985f5df9224b3a4902e6efdfdc070c1fadee5f5dad5d365de7d81c15f23c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 10:56:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 42717
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: 4Lsut23boqSl5UdZ2d4pyd0MkOj2jO5U3pBZchOIVUSdyzENuH-l1w==
x-xss-protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/node_modules/jquery/dist/ 85 KB
86 KB 220ms
218ms Script
text/javascript 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/node_modules/jquery/dist/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 11:11:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 41791
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: GAe5mk2-NXTBwN7Q9s3S-uMtZMrIULXS5ROlSJWyNLoeVwtd5mojwA==
x-xss-protection: 1; mode=block

GET
H2 200 input.js Show response
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/ 1014 B
697 B 98ms
96ms Script
text/javascript 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/input.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

e589c3d302a4e3f8f21140fda9d1218766f536cf43291f02dec081bd818545e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 07:00:56 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 56855
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: 3IYxLNp0uio6f9sZ4P2lKg1SzO84EJPpn_DmSycca1nU1jThImnZ3w==
x-xss-protection: 1; mode=block

GET
H2 200 modal.js Show response
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/ 871 B
1 KB 69ms
68ms Script
text/javascript 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/modal.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

fd97c8e0bce3f85ed136ccae5b0dce9604f254ec2b7c2c8bae37f112548ca0e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 10:56:33 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 42718
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
content-length: 871
x-xss-protection: 1; mode=block
x-amz-cf-id: i3kbqRK3xAzjFJmnCsl7soBAap9xFwX9ZTEJdiJzilTT0KP00BS2jQ==

GET
H2 200 common.js Show response
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/ 4 KB
2 KB 273ms
271ms Script
text/javascript 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/common.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

0865c86fd178b963a35367b0d3406963dd51ce31705f2b2e94d88430f9d4b6ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:21:19 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 30430
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
x-amz-cf-id: UPCMvCB7sSR3LTq0j8HYIsMzKcAXNcVqpaKjxwf4YGiKwm74XWgrJg==
x-xss-protection: 1; mode=block

GET
H2 200 first-step.js Show response
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/ 262 B
645 B 275ms
273ms Script
text/javascript 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/js/first-step.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

7b146c3101d495f5e6deaa9ad5ee4c9aea83317a97cfb7c554fd3d6d3562d0b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 08:00:10 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 53300
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
content-length: 262
x-xss-protection: 1; mode=block
x-amz-cf-id: M5f3htU9hbFmZRrZwyMqo0l-6TrSQrodfdlTXk_JpbW-9n_l49sXwA==

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 128ms
51ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?hl=de&onload=onRecaptchaLoad&render=6LcjSroaAAAAAIemn-rhKELeAssTGxpo5r6lSQ2l

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

361fa704c26ee7f9dda6d5d45bdba5517bdeb5f213a231033446874ab309a8c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 22:48:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 08 Jul 2024 22:48:30 GMT

GET
H2 200 RebrandingLogo.png
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/img/ 47 KB
47 KB 276ms
275ms Image
image/png 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/img/RebrandingLogo.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

90275db647cd06dd41e3605624992b11d3223f4a864fc1ec6ce17448a6756bbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 14:59:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 28113
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=2592000
x-amz-cf-id: DUFrT5qaR4ajJG7dza007ROQS9d2ntjMYiNGUlZ2__9FRApyVHzT_Q==
x-xss-protection: 1; mode=block

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 536 KB
213 KB 178ms
37ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?hl=de&onload=onRecaptchaLoad&render=6LcjSroaAAAAAIemn-rhKELeAssTGxpo5r6lSQ2l

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 16:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217833
x-xss-protection: 0
last-modified: Sun, 23 Jun 2024 08:01:07 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 08 Jul 2025 16:38:29 GMT

GET
H2 200 Inter-Regular.woff2
statics-account.gympass.com/assets/fonts/Inter/ 106 KB
107 KB 59ms
58ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Regular.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: KsTgzOS.r6MuauQo_o9CTx6jvagX8Qtu
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 42
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 108488
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "46a1550a4bbaccd13a8eb46a359a9f89"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: 99F63f2M50lyoJeGxykajwzF85UDucrmhwEYBBOPZs__xueZqXlU4Q==

GET
H2 200 Inter-Bold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 108 KB
110 KB 60ms
59ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Bold.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

220976705fbec109f43c5cfdceca639e99ace7e51f3eb67292b105d3575eb39b

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: OZiGcnXNiEWUIsft_qEgV3xVukY1WRrc
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 42
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111040
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "279e5a64038565325a5fda8f14a9b9ec"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: sPTKJS8SvTXwV3RouL_fHyCaOa8ft26dLa7DH_rSrKCSzLh7ODbWRQ==

GET
H2 200 Inter-Medium.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 49ms
49ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-Medium.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: qY5a2luHZhE6GY4hiITJ00MToRnIC_tK
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 42
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111380
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "60824932303e81c4af185cd9229dd24b"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: pbgHfQMAzjPL6-F9IMCnsBUWA98IXqgCG1pe8QzbyrtXRLdZ9pMrwg==

GET
H2 200 Inter-SemiBold.woff2
statics-account.gympass.com/assets/fonts/Inter/ 109 KB
110 KB 66ms
66ms Font
font/woff2 2600:9000:2127:7800:1e:dcb6:d040:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://statics-account.gympass.com/assets/fonts/Inter/Inter-SemiBold.woff2?v=4.0

Requested by

Host: identity.gympass.com
URL: https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/css/fonts.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:7800:1e:dcb6:d040:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8e52a861dc26ff4608c50bd7ff89b65d0d6216a2afe7b47ce5d84544811ca400

Security Headers

Name	Value
Content-Security-Policy	frame-src 'self' hrrps://.gympass.com https://.google.com; frame-ancestors 'self' https://.google.com; font-src 'self' data: https://.gympass.com https://.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://.gympass.com https://.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
Origin: https://identity.gympass.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: Y.bwOJDfFhKAjf3wIUtXHWvrnqv_dqPP
date: Mon, 08 Jul 2024 22:48:30 GMT
via: 1.1 1f98172ca4214b0e937b7d3d534b34cc.cloudfront.net (CloudFront)
content-security-policy: frame-src 'self' hrrps://*.gympass.com https://*.google.com; frame-ancestors 'self' https://*.google.com; font-src 'self' data: https://*.gympass.com https://*.gympass.com https://fonts.gstatic.com; object-src 'none'; script-src 'self' https://*.gympass.com https://*.gympass.cloud https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.datadoghq-browser-agent.com *.browser-intake-datadoghq.com *.sentry-cdn.com *.sentry.io *.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub45199af8b7c6e66332644e0f4fdad01a&dd-evp-origin=content-security-policy&ddsource=csp-report
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: PRG50-C1
age: 42
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 111588
x-xss-protection: 1; mode=block
last-modified: Mon, 25 Mar 2024 14:01:02 GMT
server: AmazonS3
etag: "01fdc3828f4efe9208e2149531a8933d"
access-control-max-age: 3600
access-control-allow-methods: POST, GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-frame-options: SAMEORIGIN
accept-ranges: bytes
x-amz-cf-id: zVd03pfad9cXZmz8u4eGEdxOSTg1JB1AeZil4ky7miXvAf2dVldPEw==

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame C06F 0
0 110ms
55ms Document
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcjSroaAAAAAIemn-rhKELeAssTGxpo5r6lSQ2l&co=aHR0cHM6Ly9pZGVudGl0eS5neW1wYXNzLmNvbTo0NDM.&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&cb=igd87li31stp

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-tV-J-2WupRwFK4w92459Zg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-tV-J-2WupRwFK4w92459Zg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jul 2024 22:48:31 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 favicon-32x32.png
identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/img/ 2 KB
2 KB 75ms
74ms Other
image/png 65.9.95.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.gympass.com/auth/resources/23.0.1/login/gympass-4.0/img/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.95.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-95-27.prg50.r.cloudfront.net

Software

Resource Hash

5c9e3816dab4271fddbd5a4e2e04c6cf6577867ed35308441d3c66c0bafaa8e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 08 Jul 2024 08:57:05 GMT
strict-transport-security: max-age=31536000;includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
via: 1.1 d05dc840d6cf3901928326ad8b6d38c2.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 49886
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=2592000
content-length: 2092
x-xss-protection: 1; mode=block
x-amz-cf-id: KMzXoQnr1WZLHEaUEAVaWsnMFOZ8dxEwB_CHKihw6nR8t1zMF6erWg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: unleash-edge-code.gympass.com
URL: https://unleash-edge-code.gympass.com/api/frontend?sessionId=552239742&appName=plan-management&environment=default

Domain: firebaseinstallations.googleapis.com
URL: https://firebaseinstallations.googleapis.com/v1/projects/gympass-f522f/installations

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
identity.gympass.com/auth/realms/master/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID Value: z3c2686b1-1f03-4c3d-94c4-699f8d50b5d5.keycover-779df88cbd-ssnrl-31922
identity.gympass.com/auth/realms/master/	1969-12-31 23:59:59	Name: AUTH_SESSION_ID_LEGACY Value: z3c2686b1-1f03-4c3d-94c4-699f8d50b5d5.keycover-779df88cbd-ssnrl-31922
identity.gympass.com/auth/realms/master/	1969-12-31 23:59:59	Name: KC_RESTART Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqd3Quc2lna2V5In0.eyJjaWQiOiJtb2JpbGUtc3NvIiwicHR5Ijoib3BlbmlkLWNvbm5lY3QiLCJydXJpIjoiaHR0cHM6Ly9wbGFuLW1hbmFnZW1lbnQuZ3ltcGFzcy5jb20vP2FmX3hwPWN1c3RvbSZvcmlnaW49bWt0JmxpZD04c3BqOXpxMWFhdXMmc291cmNlX2NhbGxlcj11aSZwaWQ9YnJhemUmdXRtX2NvbnRlbnQ9bm9uZSZ1dG1fc291cmNlPWJyYXplJnNob3J0bGluaz1nOXBlMWU0cCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1ldS1kZV9iMmNfb25ib2FyZGluZ19fbWJfX29uZ29pbmdfdGFndXNfc3Vic2NyaXB0aW9uXzA1MjQmYWZfY2hhbm5lbD1lbWFpbCZ1dG1fdGVybT1ncm93dGgtRW1haWwtMDEmYz1maXJzdF9wdXJjaGFzZSIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS5neW1wYXNzLmNvbS9hdXRoL3JlYWxtcy9tYXN0ZXIiLCJyZXNwb25zZV90eXBlIjoiY29kZSIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vcGxhbi1tYW5hZ2VtZW50Lmd5bXBhc3MuY29tLz9hZl94cD1jdXN0b20mb3JpZ2luPW1rdCZsaWQ9OHNwajl6cTFhYXVzJnNvdXJjZV9jYWxsZXI9dWkmcGlkPWJyYXplJnV0bV9jb250ZW50PW5vbmUmdXRtX3NvdXJjZT1icmF6ZSZzaG9ydGxpbms9ZzlwZTFlNHAmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249ZXUtZGVfYjJjX29uYm9hcmRpbmdfX21iX19vbmdvaW5nX3RhZ3VzX3N1YnNjcmlwdGlvbl8wNTI0JmFmX2NoYW5uZWw9ZW1haWwmdXRtX3Rlcm09Z3Jvd3RoLUVtYWlsLTAxJmM9Zmlyc3RfcHVyY2hhc2UiLCJzdGF0ZSI6Ijg2MmJkN2RhLTkzNTktNDMxYy1hNTRlLTJhOTUwZTU5MWJmZCIsInJlc3BvbnNlX21vZGUiOiJxdWVyeSJ9fQ.YGTBDFKTTDT0wcVHyzjNvoVQKu9avCj0dMoPGGkluUw
.gympass.com/	1970-01-20 21:54:40	Name: _sp_ses.d9bd Value: *
.gympass.com/	1970-01-21 07:30:38	Name: _sp_id.d9bd Value: aa3695bf-fde2-4c6d-967f-555ef40516c1.1720478910.1.1720478910..05f1d271-6ede-43f0-9799-9d9b4048f284....0
.gympass.com/	1970-01-21 07:30:38	Name: _ga_KHZSKE5NP3 Value: GS1.1.1720478910.1.0.1720478910.0.0.0
.gympass.com/	1970-01-21 07:30:38	Name: _ga Value: GA1.1.929697428.1720478911

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .gympass.com .googletagmanager.com .browser-intake-datadoghq.com .sentry-cdn.com .sentry.io .js .survicate.com .optimizely.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com/css fonts.googleapis.com/css2 cdnjs.cloudflare.com .survicate.com https://www.datadoghq-browser-agent.com; object-src 'none'; base-uri 'self'; connect-src 'self' ws: wss: .prd.us.gympass.cloud .googleapis.com .google-analytics.com .browser-intake-datadoghq.com .sentry.io .gympass.com .optimizely.com; font-src 'self' fonts.gstatic.com .survicate.com; frame-src 'self' .sentry.io .optimizely.com; img-src 'self' .gympass.com .cloudfront.net data:; manifest-src 'self'; media-src 'self'; worker-src 'self' .gympass.com blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ablink.mail.wellhub.com
browser.sentry-cdn.com
firebase.googleapis.com
firebaseinstallations.googleapis.com
gympass.onelink.me
identity.gympass.com
js.sentry-cdn.com
o4504963224764416.ingest.sentry.io
plan-management.gympass.com
region1.google-analytics.com
statics-account.gympass.com
survey.survicate.com
surveys-static.survicate.com
unleash-edge-code.gympass.com
www.google.com
www.googletagmanager.com
www.gstatic.com
firebaseinstallations.googleapis.com
unleash-edge-code.gympass.com
13.225.78.42
2001:4860:4802:32::36
23.48.23.36
2400:52e0:1e00::1079:1
2400:52e0:1e00::1082:1
2600:9000:20ab:e600:18:718f:f780:93a1
2600:9000:2127:7800:1e:dcb6:d040:93a1
2600:9000:2127:9c00:13:fba0:c680:93a1
2a00:1450:4001:80b::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:812::200a
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2008
2a04:4e42::729
34.120.195.249
65.9.95.27
00db3235f08e341ddc464a31e5ec5c41d9164aa5c088e24daa834a09826fd07f
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
05a95d2e6da0783cf3536f30d2c9b4aeb8a0acbae5591e7bdf6a6831999e63d0
0865c86fd178b963a35367b0d3406963dd51ce31705f2b2e94d88430f9d4b6ec
110bc5c4b134e2c87613250b3aa9b267a441ff95bc56912d47a383466f8ce2f5
1365972254748c92191312089162bb0449aa84c644570f0cf5148617f50ee5fc
174d357b3404a7c299f42fadcfd801d0b8fd24d5731ea20062a573e055b8b19d
220976705fbec109f43c5cfdceca639e99ace7e51f3eb67292b105d3575eb39b
2ca3d44191e822500b330ae74a7b981fddc94188da2e683a1e1508fd188d2b1b
354ae780bea7c23252aa547913a1e998f6dce6712093d24e2ec5a705a9e86d97
35f33a00d0dff833d93ed972f14cbde6dcf9890f7771b4dced36b88625f8bdc7
361fa704c26ee7f9dda6d5d45bdba5517bdeb5f213a231033446874ab309a8c6
4207d62d7276da8cd602cb8c4223e53b080923ac9bea36a1ad2949068ba87d6f
4b366908bb6d1834a639e44d392308c187dd5773726383413438bc88be5c2476
52d8ddb23163eafbdd89a29b93088c5be2cf2fa4fd4797b15bc049f14915d213
58bb4d85fc889f7fd93bd6b42cc21a200293446313563126913a05abebee5b85
5c9e3816dab4271fddbd5a4e2e04c6cf6577867ed35308441d3c66c0bafaa8e4
679bab4715b909a08e9e8f7206c6ba4a331637f96458207e2c0047216dc606f8
71d3e60278f8953fb749e5bb24db243daf81a1fc5e951f298220040bcc205ea4
71f7b01a72d9de0d889cd2e5887a7e28d0c7e814e3bd9523e73bb6fe83c52a0e
7712bb0af584a463ea23912238faeb8fb79f0221fbcedab8bf4bc435f09449a0
789e8685a564e07274fec164118e89fa040ff2779c6efe3d781b94aeea6f06eb
7a9fe36a34494ba775ed12bf23efd354473115ea1a29eb72c79eeadb4a130aac
7b146c3101d495f5e6deaa9ad5ee4c9aea83317a97cfb7c554fd3d6d3562d0b7
8458f8afa67b5691c1fcbe51607a2dafb53a9839e48131c608a186b65415d96d
8773eab4872230eaa21246e1a54ab8f56d0cd9fa2f8b71c107379ac7137013c4
88d108a0e7d5563cda357eca3134a5c01869b71d76f91c87be3b979e54b2d51d
8e52a861dc26ff4608c50bd7ff89b65d0d6216a2afe7b47ce5d84544811ca400
8fe7d7be43cafdca862870fa7d0ee1c5ca53a66db3f09ebd0cbb7044a015849f
90275db647cd06dd41e3605624992b11d3223f4a864fc1ec6ce17448a6756bbd
98023dd780794f5f7f580bb0e8ca24591bc45f44f31c2c39bfd146c1d104cc4f
9a66625f26f2fdefb8147107d61950d139db9e1f12e171021ac4946f7037b905
a46472b98cbc84a76e70cd1de6f8d3dc8bc3451d7f7dcafc15e31b72c1c49873
abad031efd28350819daa36a6fd339176845f8c5364cae98e82059d96a7d1911
b56a3748bf76bf4a8a10fef5047624ec210a73bf89b8062eb4c5091b36e7a3d7
b6f9db9e45be20f3c1312c97fbee7ec36b7d8280f8caa4d53c9ba0408cc9997a
bcc2d11bf0873656644507bf89d942d92655d8193af4369f677e9a114a0d4033
c08654e9ff0f610b4c5dde1f8ff5c67f53330c84ddd10ecc480fa231ff26cf0f
c18181d31463d6a087dc583ead869dcd98cf28ecee800437b678e422b03cf4da
e3e985f5df9224b3a4902e6efdfdc070c1fadee5f5dad5d365de7d81c15f23c6
e589c3d302a4e3f8f21140fda9d1218766f536cf43291f02dec081bd818545e9
f43c0c0b06ddbfb9c46dc9e3a18dbec88ae77a50a3058a644daf0911332d19fb
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
fd97c8e0bce3f85ed136ccae5b0dce9604f254ec2b7c2c8bae37f112548ca0e6

identity.gympass.com Open in urlscan Pro 65.9.95.27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

95 %HTTPS

75 %IPv6

11 Domains

17 Subdomains

15 IPs

2 Countries

2591 kBTransfer

5052 kBSize

7 Cookies

5 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

identity.gympass.com Open in urlscan Pro
65.9.95.27 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

95 %
HTTPS

75 %
IPv6

11
Domains

17
Subdomains

15
IPs

2
Countries

2591 kB
Transfer

5052 kB
Size

7
Cookies

64 HTTP transactions
0 data transactions