urlscan.io logo urlscan.io
SecurityTrails logo

connect.demo2.ue1.vestwell.com Open in urlscan Pro
52.206.12.157  Public Scan

Go To Rescan Add Verdict Report
URL: https://connect.demo2.ue1.vestwell.com/
Submission: On December 24 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 17 HTTP transactions. The main IP is 52.206.12.157, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is connect.demo2.ue1.vestwell.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 22nd 2023. Valid for: a year.
This is the only time connect.demo2.ue1.vestwell.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 52.206.12.157 14618 (AMAZON-AES)
1 3.160.22.42 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42:200... 54113 (FASTLY)
1 35.174.80.114 14618 (AMAZON-AES)
1 2607:f8b0:400... 15169 (GOOGLE)
17 6
10    52.206.12.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-12-157.compute-1.amazonaws.com
connect.demo2.ue1.vestwell.com
1    3.160.22.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-22-42.cmh68.r.cloudfront.net
cdn.heapanalytics.com
3    2607:f8b0:4006:824::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    35.174.80.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-80-114.compute-1.amazonaws.com
heapanalytics.com
1    2607:f8b0:4006:81d::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
10 vestwell.com
connect.demo2.ue1.vestwell.com
474 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
2 KB
2 heapanalytics.com
cdn.heapanalytics.com — Cisco Umbrella Rank: 878
heapanalytics.com — Cisco Umbrella Rank: 784
40 KB
1 gstatic.com
fonts.gstatic.com
31 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 313
5 KB
17 5
Domain Requested by
10 connect.demo2.ue1.vestwell.com connect.demo2.ue1.vestwell.com
3 fonts.googleapis.com connect.demo2.ue1.vestwell.com
1 fonts.gstatic.com fonts.googleapis.com
1 heapanalytics.com
1 cdn.jsdelivr.net connect.demo2.ue1.vestwell.com
1 cdn.heapanalytics.com connect.demo2.ue1.vestwell.com
17 6

This site contains no links.

Subject Issuer Validity Valid
portal-nginx.demo2.ue1.vestwell.com
Amazon RSA 2048 M02		 2023-12-22 -
2025-01-19		 a year crt.sh
cdn.heapanalytics.com
Amazon RSA 2048 M01		 2023-06-29 -
2024-07-27		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh
heapanalytics.com
Amazon RSA 2048 M02		 2023-11-09 -
2024-12-08		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://connect.demo2.ue1.vestwell.com/
Frame ID: CCE3ED9CCB3C8ECC418BD0B4BB898863
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In / Vestwell

Detected technologies

Overall confidence: 100%
Detected patterns
  • heap-\d+\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

6
IPs

1
Countries

552 kB
Transfer

1492 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
connect.demo2.ue1.vestwell.com/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f81da2848016f7325e69cbefdd28a922d9284279de86fb9f6842bc5886af279e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1215
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
content-type
text/html; charset=utf-8
date
Sun, 24 Dec 2023 06:57:05 GMT
etag
"1dc09d84-4bf"
expires
Thu, 01 Jan 1970 00:00:01 GMT
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains;
x-content-type-options
nosniff
x-forwarded-proto
https
x-frame-options
deny
x-xss-protection
1; mode=block
runtime.864bb0d9.js
connect.demo2.ue1.vestwell.com/auth/static/js/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/auth/static/js/runtime.864bb0d9.js
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
49e5f3f97a9232809042fa28bf439458c4863a786324f2b87838ffb4ecbcdb97
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
1268
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx
etag
"1dc09d84-4f4"
x-frame-options
deny
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Mon, 25 Dec 2023 06:57:05 GMT
shared.bc3ab51f.js
connect.demo2.ue1.vestwell.com/auth/static/js/ 		848 KB
264 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
feee89ce1c79ef5b8c78239fffe658cf13a5aa5b395c02fd1ae75d7f5b800752
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
268482
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx
etag
"1dc09d84-418c2"
x-frame-options
deny
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Mon, 25 Dec 2023 06:57:05 GMT
main.71998899.js
connect.demo2.ue1.vestwell.com/auth/static/js/ 		173 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/auth/static/js/main.71998899.js
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
982bf9b6cdda5eca99db623f9da1a902a8a0473864309f2b13e981124508b0c9
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
42245
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx
etag
"1dc09d84-a505"
x-frame-options
deny
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Mon, 25 Dec 2023 06:57:05 GMT
shared.c79fc28a7794e6d0eabc.css
connect.demo2.ue1.vestwell.com/auth/static/css/ 		33 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/auth/static/css/shared.c79fc28a7794e6d0eabc.css
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9f33a94451f3bb4fd1b0d5ba3ad4c21321595b1cd25e64ede37e111048ef9148
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
8025
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx
etag
"1dc09d84-1f59"
x-frame-options
deny
content-type
text/css
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Mon, 25 Dec 2023 06:57:05 GMT
main.c79fc28a7794e6d0eabc.css
connect.demo2.ue1.vestwell.com/auth/static/css/ 		130 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/auth/static/css/main.c79fc28a7794e6d0eabc.css
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
aaf4cf955d59c68aab61b73f6aced7024720c9a222a0585cbbe386a3d06a8a10
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
strict-transport-security
max-age=31536000; includeSubdomains;
x-forwarded-proto
https
content-length
28687
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
server
nginx
etag
"1dc09d84-700f"
x-frame-options
deny
content-type
text/css
cache-control
max-age=86400, no-store, no-cache, must-revalidate
accept-ranges
bytes
expires
Mon, 25 Dec 2023 06:57:05 GMT
heap-1418109408.js
cdn.heapanalytics.com/js/ 		125 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.heapanalytics.com/js/heap-1418109408.js
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.22.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-22-42.cmh68.r.cloudfront.net
Software
nginx / Express
Resource Hash
6542968e6900d66b23525cd16dee4e67e3511cd55dd46cad14d7f246b8a7d9c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:55:47 GMT
content-encoding
br
via
1.1 3b2dd9ca40903562e8f0412d796f5600.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
x-amz-cf-pop
CMH68-P3
age
78
x-powered-by
Express
etag
W/"1f539-8WW0N9csJaQLqwny4s9dNHxUnTQ"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=120
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
-7Bvwds0st_-70NkQHFC-f6n56VV74Pn-ht7bG4ZzwORrx9-7WyHKw==
css
fonts.googleapis.com/ 		9 KB
795 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito+Sans:400,600,700,800&display=swap
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/css/main.c79fc28a7794e6d0eabc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bd9ff61e493c5ef913bc749ac6351d9e947c9a415ae0098e6c1812cdded64595
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 24 Dec 2023 06:48:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Dec 2023 06:57:05 GMT
css
fonts.googleapis.com/ 		1 KB
558 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Serif:400&display=swap
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/css/main.c79fc28a7794e6d0eabc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
123f471c58b5cedb78d67b24cfffdaa30a69c7e436410aded09625fa2eca0d1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 24 Dec 2023 06:35:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Dec 2023 06:57:05 GMT
css
fonts.googleapis.com/ 		2 KB
1010 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto+Mono:400&display=swap
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/css/main.c79fc28a7794e6d0eabc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d99d2429e8e90014f3b5cb16a9bc0a773d0ddfb3d384c6e6b7f706236ae4848f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 24 Dec 2023 06:57:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 24 Dec 2023 06:48:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Dec 2023 06:57:05 GMT
swiper-bundle.min.css
cdn.jsdelivr.net/npm/swiper@8/ 		16 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/css/main.c79fc28a7794e6d0eabc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
322d15d99efb792c941a5202fa8fc7ee9e932847227383ff9605163338a08eac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sun, 24 Dec 2023 06:57:05 GMT
x-content-type-options
nosniff
content-encoding
br
age
9873
x-jsd-version
8.4.7
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
4878
x-served-by
cache-fra-etou8220040-FRA, cache-ewr18151-EWR
x-jsd-version-type
version
etag
W/"406d-rwCOh5O6dcNGNg6U6W482jFM4n8"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
whitelabel
connect.demo2.ue1.vestwell.com/api/ 		4 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/api/whitelabel
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9cd422ad3af868d7bbfe5b569c1cf14d2e4a030ec80db8e9afdbedf3725ad4a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, deny
X-Xss-Protection 0, 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://connect.demo2.ue1.vestwell.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
x-permitted-cross-domain-policies
none
content-security-policy-report-only
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-forwarded-proto
https
content-length
3959
x-xss-protection
0, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-frame-options
SAMEORIGIN, deny
x-ratelimit-remaining
99
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate
x-ratelimit-reset
0
x-ratelimit-limit
100
h
heapanalytics.com/ 		37 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heapanalytics.com/h?a=1418109408&u=6968149347280500&v=1404142609487472&s=2290797453718192&b=web&tv=4.0&z=0&h=%2F&d=connect.demo2.ue1.vestwell.com&ts=1703401025924&st=1703401025926
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.174.80.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-174-80-114.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 24 Dec 2023 06:57:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
etag
W/"25-4iFqfptz9csCeTUceM5hwzR1zqc"
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
vestwell.webp
connect.demo2.ue1.vestwell.com/images/banners/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://connect.demo2.ue1.vestwell.com/images/banners/vestwell.webp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
81c98ba7deee55d71e69a6cf1a554500f43e46cd727e76c60b0394e787ce2197

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:06 GMT
x-amz-version-id
B3z_.rvdQLwCy1WJty6uaUYLbMf5h5Hh
last-modified
Tue, 19 Dec 2023 20:40:36 GMT
server
nginx
etag
"d87fe2478d75e65adb585e3a617e5ca7"
x-amz-server-side-encryption
AES256
content-type
image/webp
cache-control
max-age=315360000, public, max-age=3600
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
56488
expires
Thu, 31 Dec 2037 23:55:55 GMT
whitelabel
connect.demo2.ue1.vestwell.com/api/ 		4 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://connect.demo2.ue1.vestwell.com/api/whitelabel
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9cd422ad3af868d7bbfe5b569c1cf14d2e4a030ec80db8e9afdbedf3725ad4a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, deny
X-Xss-Protection 0, 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://connect.demo2.ue1.vestwell.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:06 GMT
strict-transport-security
max-age=15552000; includeSubDomains, max-age=31536000; includeSubdomains;
x-content-type-options
nosniff, nosniff
content-security-policy
default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
x-permitted-cross-domain-policies
none
content-security-policy-report-only
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
x-forwarded-proto
https
content-length
3959
x-xss-protection
0, 1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-download-options
noopen
x-frame-options
SAMEORIGIN, deny
x-ratelimit-remaining
99
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-cache, must-revalidate
x-ratelimit-reset
0
x-ratelimit-limit
100
vestwell.webp
connect.demo2.ue1.vestwell.com/images/banners/ 		55 KB
56 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://connect.demo2.ue1.vestwell.com/images/banners/vestwell.webp
Requested by
Host: connect.demo2.ue1.vestwell.com
URL: https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.12.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-12-157.compute-1.amazonaws.com
Software
nginx /
Resource Hash
81c98ba7deee55d71e69a6cf1a554500f43e46cd727e76c60b0394e787ce2197

Request headers

accept-language
en-US,en;q=0.9
Referer
https://connect.demo2.ue1.vestwell.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 06:57:06 GMT
x-amz-version-id
B3z_.rvdQLwCy1WJty6uaUYLbMf5h5Hh
last-modified
Tue, 19 Dec 2023 20:40:36 GMT
server
nginx
etag
"d87fe2478d75e65adb585e3a617e5ca7"
x-amz-server-side-encryption
AES256
content-type
image/webp
cache-control
max-age=315360000, public, max-age=3600
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-length
56488
expires
Thu, 31 Dec 2037 23:55:55 GMT
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:400,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://connect.demo2.ue1.vestwell.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 19 Dec 2023 14:21:18 GMT
x-content-type-options
nosniff
age
405348
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 18 Dec 2024 14:21:18 GMT

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| heap object| webpackChunk_vestwell_frontend_auth function| _

3 Cookies

Domain/Path Name / Value
.vestwell.com/ Name: _hp2_id.1418109408
Value: %7B%22userId%22%3A%226968149347280500%22%2C%22pageviewId%22%3A%221404142609487472%22%2C%22sessionId%22%3A%222290797453718192%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.vestwell.com/ Name: _hp2_ses_props.1418109408
Value: %7B%22ts%22%3A1703401025924%2C%22d%22%3A%22connect.demo2.ue1.vestwell.com%22%2C%22h%22%3A%22%2F%22%7D
.vestwell.com/ Name: Session
Value: pBOHUvGuFsCfzjkDTvZDHpna9izdryQyfznnuGFpajp0Q%2B%2BW3H3AuKCOLJC7RYMmI2mChaXlk%2FCD7w3KFy3Gs5sGMsaR6%2FVZS1tB3DjF%2FJoht5KVpqv6hohx.JfdOAVVbpOUlLruDiclRf%2FWx5q7Wy2cR

3 Console Messages

Source Level URL
Text
network error URL: https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js(Line 1)
Message:
WebSocket connection to 'wss://connect.demo2.ue1.vestwell.com/hermes/?EIO=4&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 200
network error URL: https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js(Line 1)
Message:
WebSocket connection to 'wss://connect.demo2.ue1.vestwell.com/hermes/?EIO=4&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 200
network error URL: https://connect.demo2.ue1.vestwell.com/auth/static/js/shared.bc3ab51f.js(Line 1)
Message:
WebSocket connection to 'wss://connect.demo2.ue1.vestwell.com/hermes/?EIO=4&transport=websocket' failed: Error during WebSocket handshake: Unexpected response code: 200

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: gap: ws: https://cdn.plaid.com https://ekr.zdassets.com https://static.zdassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.smooch.io https://heapanalytics.com https://cdn.heapanalytics.com http://cdn.plaid.com https://widget.intercom.io https://js.intercomcdn.com https://static.zdassets.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com https://www.google-analytics.com/analytics.js https://unpkg.com http://cdn.quilljs.com http://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io https://api.smooch.io; frame-src https://form.typeform.com http://fast.wistia.com https://cdn.plaid.com/; img-src 'self' data: https://*.vestwell.com https://zendesk-eu.my.sentry.io https://*.zendesk.com https://d2gx1ajsvrvamt.cloudfront.net https://heapanalytics.com; style-src 'self' 'unsafe-inline' https://heapanalytics.com https://fonts.googleapis.com http://cdnjs.cloudflare.com https://use.typekit.net https://p.typekit.net http://cdn.quilljs.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com http://cdnjs.cloudflare.com https://use.typekit.net; child-src 'self'; connect-src 'self' https://zendesk-eu.my.sentry.io https://heapanalytics.com https://*.zendesk.com https://ekr.zdassets.com https://api-iam.intercom.io/messenger/web/ping https://api-iam.intercom.io/messenger/web/metrics https://api.gusto-demo.com data: gap: ws:
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block