urlscan.io logo urlscan.io
SecurityTrails logo

vm.sb-bau-1.rwrd057.rewardcloud.net Open in urlscan Pro
54.216.43.43  Public Scan

Go To Rescan Add Verdict Report
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Submission: On December 20 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 54.216.43.43, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is vm.sb-bau-1.rwrd057.rewardcloud.net.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 20th 2023. Valid for: a year.
This is the only time vm.sb-bau-1.rwrd057.rewardcloud.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 54.216.43.43 16509 (AMAZON-02)
2 2607:f8b0:402... 15169 (GOOGLE)
21 3
Apex Domain
Subdomains		 Transfer
16 rewardcloud.net
vm.sb-bau-1.rwrd057.rewardcloud.net
950 KB
2 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 357
65 KB
21 2
Domain Requested by
16 vm.sb-bau-1.rwrd057.rewardcloud.net vm.sb-bau-1.rwrd057.rewardcloud.net
2 maps.googleapis.com vm.sb-bau-1.rwrd057.rewardcloud.net
maps.googleapis.com
21 2

This site contains no links.

Subject Issuer Validity Valid
vm.rlp2.sb-bau-1.green.rwrd057.rewardcloud.net
Amazon RSA 2048 M02		 2023-12-20 -
2025-01-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Frame ID: 723ACB49F73BF70FB4EDE35196F38A26
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login || Virgin Money Rewards

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/

Page Statistics

21
Requests

86 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1015 kB
Transfer

3291 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
3259b89f27976bd1d7f11fe203a2305ec274cf9df983176901719ed6139b98c1
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
public, max-age=31536000
content-encoding
gzip
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Wed, 20 Dec 2023 18:06:23 GMT
etag
W/"183f-189975e50c0"
expect-ct
max-age=0
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
last-modified
Thu, 27 Jul 2023 12:41:28 GMT
referrer-policy
no-referrer
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-envoy-upstream-service-time
2
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-robots-tag
noindex
x-xss-protection
0
sf-ui-display-regular.otf
vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/ 		283 KB
107 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-regular.otf
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
acc82d2639201e3e87c74000b6289e082ae7bd4d0a6df5c29b8dde458c3d7d18
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
8
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:27 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/otf
vary
Accept-Encoding
etag
W/"46dac-189975e4cd8"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
sf-ui-display-bold.otf
vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/ 		304 KB
118 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-bold.otf
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
9ad6b255fdf5c15a22b73ba758a58b6ec52585d9300a252c7b1b29f2b81bd07a
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
7
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:27 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/otf
vary
Accept-Encoding
etag
W/"4be6e-189975e4cd8"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
sf-ui-display-semibold.otf
vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/ 		304 KB
119 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-semibold.otf
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
92a6c79a110b3ec592bf03be220a1cf600298429637e4b1a95934e74da8b5654
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
7
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:27 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/otf
vary
Accept-Encoding
etag
W/"4bf5e-189975e4cd8"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
sf-ui-display-medium.otf
vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/ 		302 KB
118 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-medium.otf
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
0ee1577f849a46d7a1b6b5f84ac31935d6e819254dca23c6b2e935cbb83a0545
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
6
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:27 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
font/otf
vary
Accept-Encoding
etag
W/"4b994-189975e4cd8"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
js
maps.googleapis.com/maps/api/ 		194 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?v=3.51&key=AIzaSyBVNkgY73camApWMRCUKNI8SR_hfMz_szU&libraries=places&callback=googleMapsCallback
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
5755151d81e4f77336775de6836bd1d8e5e127b0d9f44a7745992285366a6918
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Accept-Language, Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66483
x-xss-protection
0
runtime.22752a67e657a82a.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		5 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/runtime.22752a67e657a82a.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
baca5c482321c6cdfb0ea95d1339171570324fdba0a9d9ff5fb01de17cf46654
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
5
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"1337-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
polyfills.a3c32bd48b55a40f.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		33 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/polyfills.a3c32bd48b55a40f.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
8511e5223c2cd392f7919cd020899434ac1407c32448e31bb59161aacd905583
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
4
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"8434-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
main.3371fe9f10727619.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		990 KB
285 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/main.3371fe9f10727619.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
0e83b95d6a770a316a6ab78f0948e2f7da0581d132e4390e6f39286ee49001f7
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
9
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"f79e7-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?v=3.51&key=AIzaSyBVNkgY73camApWMRCUKNI8SR_hfMz_szU&libraries=places&callback=googleMapsCallback
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
styles.2889f9a2d2c8d2a9.css
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		206 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/styles.2889f9a2d2c8d2a9.css
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
0117891d3e8fc4b936ab6b98170fb6ae51feac64a1ead1ec1a98876beeabaf19
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:23 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
4
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
etag
W/"3361e-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
styles.2889f9a2d2c8d2a9.css
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		206 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/styles.2889f9a2d2c8d2a9.css
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
0117891d3e8fc4b936ab6b98170fb6ae51feac64a1ead1ec1a98876beeabaf19
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
4
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
etag
W/"3361e-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
config.json
vm.sb-bau-1.rwrd057.rewardcloud.net/assets/ 		214 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/config.json?reload=1703095584298
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/polyfills.a3c32bd48b55a40f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
4f2ed0cadfc21752a6a3777c9eb1a9b1a6e583391edaf67d2199c0cd90095199
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
1
cross-origin-resource-policy
cross-origin
content-length
214
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Wed, 20 Dec 2023 14:00:48 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
vary
Accept-Encoding
etag
W/"d6-18c87876cee"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
common.e70f18c4b8d69321.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/common.e70f18c4b8d69321.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/runtime.22752a67e657a82a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
70e8e44dc6c7fd090c3b230a4d7a86cd7dfda38ca621bec8aa668df3e439b631
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
2
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"3a01-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
3236.1b704a4bdfaa0a57.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/3236.1b704a4bdfaa0a57.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/runtime.22752a67e657a82a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
e2adc1209df3e956323b0be28ca0d609dedcaf772a1f042e92d1f6c7dfa5c9da
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
3
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"acfa-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
9291.9a2309d240cbed7b.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		183 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/9291.9a2309d240cbed7b.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/runtime.22752a67e657a82a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
186312dc894339275db0a4667897d16f50dd9e56c130bace182a417db3841770
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
3
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"2db66-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
2933.983d5de8b3496e2c.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		188 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/2933.983d5de8b3496e2c.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/runtime.22752a67e657a82a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
d30a985a09b3cf231ca6f286a4de6faabc6d1a3d8f6aa73e542229ddd4604d3d
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
3
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"2f17b-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
b5e05aec-1105-4312-8bdb-81f24d8664a3
https://vm.sb-bau-1.rwrd057.rewardcloud.net/ 		27 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://vm.sb-bau-1.rwrd057.rewardcloud.net/b5e05aec-1105-4312-8bdb-81f24d8664a3
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2939299f2116e418f105568578f1c92214abe85c097253cdc49c9147cf7853c4

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length
27881
Content-Type
2531.2654ccaae225543c.js
vm.sb-bau-1.rwrd057.rewardcloud.net/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vm.sb-bau-1.rwrd057.rewardcloud.net/2531.2654ccaae225543c.js
Requested by
Host: vm.sb-bau-1.rwrd057.rewardcloud.net
URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/runtime.22752a67e657a82a.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.43.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-43-43.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
803764574a7a60db18dc0be52089a9d92093d1a643d8caaae9d41fb3bca6aa79
Security Headers
Name Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://vm.sb-bau-1.rwrd057.rewardcloud.net
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Wed, 20 Dec 2023 18:06:24 GMT
content-security-policy
img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-permitted-cross-domain-policies
none
cross-origin-embedder-policy
unsafe-none
x-dns-prefetch-control
off
x-envoy-upstream-service-time
2
cross-origin-resource-policy
cross-origin
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Thu, 27 Jul 2023 12:41:23 GMT
x-forwarded-host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
cross-origin-opener-policy
same-origin
x-client-version
sb-bau-1 - 551e102006596fc667667d4f5796229a698c3072
server
istio-envoy
host
api.sb-bau-1.green.virgin.rwrd057.rewardcloud.net
x-download-options
noopen
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
etag
W/"751-189975e3d38"
cache-control
public, max-age=31536000
accept-ranges
bytes
x-robots-tag
noindex
common.js
maps.googleapis.com/maps-api-v3/api/js/55/4/ 		0
0
util.js
maps.googleapis.com/maps-api-v3/api/js/55/4/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
maps.googleapis.com
URL
https://maps.googleapis.com/maps-api-v3/api/js/55/4/common.js
Domain
maps.googleapis.com
URL
https://maps.googleapis.com/maps-api-v3/api/js/55/4/util.js

Verdicts & Comments Add Verdict or Comment

177 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| googleMapsCallback object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| webpackChunkapp function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononscrollendpatched object| DD_RUM object| Ionic object| __zone_symbol__clicktrue object| __zone_symbol__touchstarttrue object| __zone_symbol__keydowntrue object| __zone_symbol__scrolltrue object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__focusfalse object| __zone_symbol__blurfalse object| __zone_symbol__beforeunloadfalse object| __zone_symbol__pagehidetrue object| __zone_symbol__visibilitychangetrue object| __zone_symbol__pointerdowntrue function| __zone_symbol__ON_PROPERTYerror object| __zone_symbol__errorfalse function| __zone_symbol__ON_PROPERTYunhandledrejection object| __zone_symbol__unhandledrejectionfalse object| __zone_symbol__resizefalse object| __zone_symbol__ionKeyboardDidShowfalse object| __zone_symbol__ionKeyboardDidHidefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__resizetrue object| __zone_symbol__keyboardDidShowfalse object| __zone_symbol__keyboardDidHidefalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

0 Cookies

4 Console Messages

Source Level URL
Text
javascript warning URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Message:
The resource https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-medium.otf was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Message:
The resource https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-regular.otf was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Message:
The resource https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-semibold.otf was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://vm.sb-bau-1.rwrd057.rewardcloud.net/
Message:
The resource https://vm.sb-bau-1.rwrd057.rewardcloud.net/assets/fonts/sf-ui-display-bold.otf was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src 'self' data: *.amazonaws.com *.rewardcloud.net *.cloudfront.net *.gstatic.com *.googleapis.com;default-src 'self' *.rewardcloud.net *.googleapis.com *.cardinalcommerce.com *.google.com *.browser-intake-datadoghq.eu;script-src 'self' blob: 'unsafe-inline' *.googleapis.com https://www.google.com/recaptcha/api.js *.gstatic.com;script-src-attr 'unsafe-inline';object-src blob:;form-action *.cardinalcommerce.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0