app.btscoach.com Open in urlscan Pro
88.80.173.25 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app.btscoach.com/coach/4289/availability/2022/week/21
Effective URL:
https://app.btscoach.com/users/sign_in
Submission: On May 23 via manual (May 23rd 2022, 7:09:30 pm UTC) from US — Scanned from GB

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 88.80.173.25, located in United Kingdom and belongs to EQUINIX, GB. The main domain is app.btscoach.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on November 6th 2021. Valid for: a year.

This is the only time app.btscoach.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	88.80.173.25 88.80.173.25	15830 (EQUINIX) (EQUINIX)
3	2a06:98c1:312... 2a06:98c1:3120::a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
15	4

11 88.80.173.25 (United Kingdom) 2 redirects

ASN15830 (EQUINIX, GB)

app.btscoach.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::a (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	btscoach.com 2 redirects app.btscoach.com	1 MB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 882	77 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
0	newrelic.com Failed js-agent.newrelic.com Failed
15	4

	Domain	Requested by
11	app.btscoach.com	2 redirects app.btscoach.com
3	use.fontawesome.com	app.btscoach.com use.fontawesome.com
2	www.google-analytics.com	app.btscoach.com www.google-analytics.com
0	js-agent.newrelic.com Failed	app.btscoach.com
15	4

This site contains no links.

Subject Issuer	Validity	Valid
*.btscoach.com Entrust Certification Authority - L1K	`2021-11-06` - `2022-11-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-07` - `2022-07-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://app.btscoach.com/users/sign_in
Frame ID: D47070AC0384C574F82F682871EF8CC6
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BTS Coach

Page URL History Show full URLs

http://app.btscoach.com/coach/4289/availability/2022/week/21 HTTP 301
https://app.btscoach.com/coach/4289/availability/2022/week/21 HTTP 302
https://app.btscoach.com/users/sign_in Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

15
Requests

93 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1179 kB
Transfer

4950 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app.btscoach.com/coach/4289/availability/2022/week/21 HTTP 301
https://app.btscoach.com/coach/4289/availability/2022/week/21 HTTP 302
https://app.btscoach.com/users/sign_in Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request sign_in Show response
app.btscoach.com/users/
Redirect Chain

http://app.btscoach.com/coach/4289/availability/2022/week/21
https://app.btscoach.com/coach/4289/availability/2022/week/21
https://app.btscoach.com/users/sign_in

18 KB
11 KB

254ms
254ms

Document
text/html

88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

57684d3f92085aa71bac3ce2339ade1cbe28fe08c4b04428bb8cac8a1c19a053

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Access-Control-Request-Method: *
Cache-Control: must-revalidate, private, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 7395
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Content-Type: text/html; charset=utf-8
Date: Mon, 23 May 2022 19:09:25 GMT
ETag: W/"57684d3f92085aa71bac3ce2339ade1c-gzip"
Referrer-Policy: strict-origin-when-cross-origin strict-origin-when-cross-origin
Server: nginx
Status: 200 OK
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Rack-Cache: miss
X-Request-Id: 6e5661e5-0310-4c8c-85f5-2a3f389283dc
X-XSS-Protection: 1; mode=block

Redirect headers

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Access-Control-Request-Method: *
Cache-Control: no-cache
Connection: keep-alive
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Content-Type: text/html; charset=utf-8
Date: Mon, 23 May 2022 19:09:25 GMT
Location: https://app.btscoach.com/users/sign_in
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Status: 302 Found
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Rack-Cache: miss
X-Request-Id: 94f44052-5ad8-482a-9ff6-390dbf76fb4f
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK googleapis_fonts-eb9b30244c323fedd13b9d3286b353ee091560169ff67d6aac0c55c7e915dfa4.css
app.btscoach.com/assets/ 5 KB
3 KB 63ms
63ms Stylesheet
text/css 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/googleapis_fonts-eb9b30244c323fedd13b9d3286b353ee091560169ff67d6aac0c55c7e915dfa4.css

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

eb9b30244c323fedd13b9d3286b353ee091560169ff67d6aac0c55c7e915dfa4

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Access-Control-Request-Method: *
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 524
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 12 Jul 2019 14:26:08 GMT
Server: nginx
ETag: "1273-58d7cb0f72000-gzip"
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token

GET
H/1.1 200
OK bootstrap.min-4d83132fb5d1c8432ba981ca4611d19daca9d0057f3452c19e532a2cb7f13c88.css
app.btscoach.com/assets/new_style/ 157 KB
26 KB 133ms
68ms Stylesheet
text/css 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/new_style/bootstrap.min-4d83132fb5d1c8432ba981ca4611d19daca9d0057f3452c19e532a2cb7f13c88.css

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

4d83132fb5d1c8432ba981ca4611d19daca9d0057f3452c19e532a2cb7f13c88

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Access-Control-Request-Method: *
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 23734
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 08 Jan 2021 10:37:09 GMT
Server: nginx
ETag: "27505-5b86123695f40-gzip"
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token

GET
H/1.1 200
OK application-332e20b206beb3a13415718dcb12ea0416f55d6350570faab5bb63a66a9516ef.css
app.btscoach.com/assets/new_style/ 182 KB
33 KB 251ms
129ms Stylesheet
text/css 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/new_style/application-332e20b206beb3a13415718dcb12ea0416f55d6350570faab5bb63a66a9516ef.css

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

09badd66c893ae8b2c48885377b55c0f689d96d4b5dd4f59d10c17aebc790c70

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Access-Control-Request-Method: *
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 31307
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 16 May 2022 09:27:25 GMT
Server: nginx
ETag: "2d78b-5df1da1ca7940-gzip"
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token

GET
H2 200 v4-shims.css
use.fontawesome.com/releases/v5.2.0/css/ 26 KB
5 KB 224ms
82ms Stylesheet
text/css 2a06:98c1:3120::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/v4-shims.css
Requested by: Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a87ada0ef6e37011f09cfd265e2fd4571edff7c7c981b20cdd9946ef616b06db

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 23 May 2022 19:09:25 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10372884
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: DPJSCSYG5AY937H9
x-amz-id-2: Dyn5PmLe+tG546KKhjbIoYtsacuPOXp18QaR9cAqLVZz0QrRSjG99TKLvUGajUlqfq2I0WFRYBc=
last-modified: Wed, 30 Jun 2021 15:41:36 GMT
server: cloudflare
etag: W/"4ee3c6f5911f21e55fef7b98b80c06f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=98gtF9hfghiSGdpAdXtcVPCp%2Bu%2BEKPZEX6g6HgNUYwDCXZDxaL8Citd8HLiYsDS%2FYUAYIrZI2TKTzeQH%2B8nfyhPoVBsmErBnB%2BDFbGSFU74of055KUG1s9%2FzZMoB1FN%2Fn2YOtMfDP%2FdCQ1WvS7labnJ%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 710015fab89b5fdc-MRS

GET
H2 200 all.css
use.fontawesome.com/releases/v5.2.0/css/ 46 KB
11 KB 228ms
86ms Stylesheet
text/css 2a06:98c1:3120::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by: Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer: https://app.btscoach.com/
Origin: https://app.btscoach.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 23 May 2022 19:09:25 GMT
content-encoding: br
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47527
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: VF9DTNHXJ536N9A4
x-amz-id-2: 5kPqaZ7wpdZYurR8+0hvpl0d8lN6khKXTKR6+rX4nVg0WFvXGCwtUJbQWe/+waAk9jxLykMoRlU=
last-modified: Wed, 30 Jun 2021 15:41:36 GMT
server: cloudflare
etag: W/"20a9ce516eaea76da29a23adc43e8998"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z7ehKkiDWT8UlPkaHk3s7W5xbyLD64SuLvSt6D5HSbKe7TPbUwAtc70lJeUi44qnw0D3rHWaJ9TtIUZjRHkXpqtPUi0sQ5YVGQs5RHuxxgV8fv6ZjhPRfNj9H%2FbfXp4%2Fy0I2Sz1hfwK4O4%2BORmIQEtni"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 710015fab8ea0fde-MRS

GET
H/1.1 200
OK application-916ef0a0372226f2c5acc1f70d307ec462dad8b2e4177d7137f5b2a8394fd78e.js Show response
app.btscoach.com/assets/new_style/ 4 MB
944 KB 266ms
142ms Script
application/javascript 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/new_style/application-916ef0a0372226f2c5acc1f70d307ec462dad8b2e4177d7137f5b2a8394fd78e.js

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

916ef0a0372226f2c5acc1f70d307ec462dad8b2e4177d7137f5b2a8394fd78e

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Access-Control-Request-Method: *
Connection: keep-alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 19 May 2022 10:51:47 GMT
Server: nginx
ETag: "4374e1-5df5b290896c0-gzip"
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token

GET
H/1.1 200
OK BTS_Coach_Logo_White-9aa0463ad26662b8376610a050e47405a17b241a48f4a8d95d58da3181ee5778.png
app.btscoach.com/assets/ 43 KB
45 KB 65ms
64ms Image
image/png 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.btscoach.com/assets/BTS_Coach_Logo_White-9aa0463ad26662b8376610a050e47405a17b241a48f4a8d95d58da3181ee5778.png

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

9aa0463ad26662b8376610a050e47405a17b241a48f4a8d95d58da3181ee5778

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Access-Control-Request-Method: *
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43633
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 12 Jul 2019 14:26:08 GMT
Server: nginx
ETag: "aa71-58d7cb0f72000"
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token

GET
H/1.1 200
OK print-21070bb638a5b88f9f83e13196e64d20381671d770573172cd76423db0bf41d0.css
app.btscoach.com/assets/new_style/ 392 B
3 KB 65ms
64ms Stylesheet
text/css 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/new_style/print-21070bb638a5b88f9f83e13196e64d20381671d770573172cd76423db0bf41d0.css

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

21070bb638a5b88f9f83e13196e64d20381671d770573172cd76423db0bf41d0

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/users/sign_in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Access-Control-Request-Method: *
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 220
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 28 Feb 2020 09:12:19 GMT
Server: nginx
ETag: "188-59f9f3c0302c0-gzip"
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token

GET
H/1.1 200
OK select2.min.css
app.btscoach.com/assets/ 15 KB
5 KB 81ms
81ms Stylesheet
text/css 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/select2.min.css

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/assets/new_style/application-332e20b206beb3a13415718dcb12ea0416f55d6350570faab5bb63a66a9516ef.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/assets/new_style/application-332e20b206beb3a13415718dcb12ea0416f55d6350570faab5bb63a66a9516ef.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 0
Status: 200 OK
X-Content-Digest: ae5735562faabd1a2d9803bbd7bf4c502b5e4f51
Connection: keep-alive
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Content-Length: 1998
X-XSS-Protection: 1; mode=block
X-Request-Id: 6190e347-6836-4b23-b7c8-57fdba85612c
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Access-Control-Request-Method: *
ETag: "15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81-gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Cache-Control: public, must-revalidate
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token
X-Rack-Cache: stale, valid, store

GET
H/1.1 200
OK jquery-ui.css
app.btscoach.com/assets/new_style/ 31 KB
11 KB 78ms
78ms Stylesheet
text/css 88.80.173.25
EQUINIX

General

Check archive.org

Show headers Download Go to

Full URL

https://app.btscoach.com/assets/new_style/jquery-ui.css

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/assets/new_style/application-332e20b206beb3a13415718dcb12ea0416f55d6350570faab5bb63a66a9516ef.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

88.80.173.25 , United Kingdom, ASN15830 (EQUINIX, GB),

Reverse DNS

Software

nginx /

Resource Hash

9d71fd0d84122e26ca97f5884fd4f6adb44752ad190207794dbf0a94b3e7eb04

Security Headers

Name	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/assets/new_style/application-332e20b206beb3a13415718dcb12ea0416f55d6350570faab5bb63a66a9516ef.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Mon, 23 May 2022 19:09:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 0
Status: 200 OK
X-Content-Digest: 326fca13c8fe2a699d41fbad162711e42b062a91
Connection: keep-alive
Strict-Transport-Security: max-age=15768000; includeSubdomains;
Content-Length: 7888
X-XSS-Protection: 1; mode=block
X-Request-Id: cb85fcde-e3a5-4ae4-b04d-6dd2c657853e
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Access-Control-Request-Method: *
ETag: "9d71fd0d84122e26ca97f5884fd4f6adb44752ad190207794dbf0a94b3e7eb04-gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: POST, PUT, DELETE, GET, OPTIONS
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Authorization
Cache-Control: public, must-revalidate
Content-Security-Policy: default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://*.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://*.btscoach.com https://*.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://*.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://*.btscoach.com wss://*.btscoach.com https://*.bts.com https://*.btspulse.com wss://*.twelveshifts.com wss://*.twelveshifts.com:7777/cable https://www.google-analytics.com https://*.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://*.btscoach.com https://*.btspulse.com https://*.btsmomenta.com https://*.twelveshifts.com https://*.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://*.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Content-Length, Accept, Accept-Encoding, Authorization, X-CSRF-Token
X-Rack-Cache: stale, valid, store

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 131ms
41ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: app.btscoach.com
URL: https://app.btscoach.com/users/sign_in

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app.btscoach.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5680
date: Mon, 23 May 2022 17:34:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 23 May 2022 19:34:46 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 61 KB
62 KB 98ms
98ms Font
font/woff2 2a06:98c1:3120::a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://app.btscoach.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 23 May 2022 19:09:26 GMT
access-control-allow-methods: GET
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 47523
cf-ray: 710015fee96d0fde-MRS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 62472
x-amz-id-2: gc46EusfMAtRJyVdUwXAIJhXd7fDGcchgmJ0CBSjx9RcypSrpWsRiYysytZxJ3oztonj+XfdhM8=
last-modified: Wed, 30 Jun 2021 15:41:55 GMT
server: cloudflare
etag: "b75b4bfe0d58faeced5006c785eaae23"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H%2FkVUNxr8fGqwEipbjV7Oo%2FV%2B%2B4XtLtWMvIf87Yv64xh57LoTkrJjv8B1kwp8kppkqCv3UIuSG7iMLfFrDaKQ6Sxpo5pdMEB93J%2FOaNugV3cIcnBsFP4sWyBFuPHD7tmE8cYPcYfpj7wABjfe7B8RICE"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: R349W2YXEDSM4KYF
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
content-type: font/woff2

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 130ms
47ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=175056223&t=pageview&_s=1&dl=https%3A%2F%2Fapp.btscoach.com%2Fusers%2Fsign_in&ul=en-us&de=UTF-8&dt=BTS%20Coach&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1420630816&gjid=1516205577&cid=1707954566.1653332966&tid=UA-69645310-1&_gid=1074315647.1653332966&_r=1&_slc=1&z=666783788

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.btscoach.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 May 2022 19:09:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://app.btscoach.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET nr-1216.min.js
js-agent.newrelic.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js

Verdicts & Comments Add Verdict or Comment

167 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.btscoach.com/	1970-01-20 03:16:59	Name: __Host-coach_in_a_box_session Value: V3Q0UkZyWmcvWVlUWDRsYjRVd1dtQ3U3Z0o3QkhpMXVXVjdDM0NBQU04RysrQ3R2dDF1WXJsRG5IR3hUOGpjS2JqT2VJYllCdU9Zd2VxcnFnc1djczJGMUFVWjI4azdmeXo0YUNxWkw4c0lrZ0ovcHBUUk5tbVlDMnpiVER0OXpLTlJOY0p1aVM2ZmtFTzh5aWVaSG9oSWp5ekFKMXFlWjY2STF1aVJGMnRGUldOSzk4aUoxY0ZXNEhZTG82elE3Wjh3dkpnV3N1aVlJaXFmUE05MVFhU0c0eDkrcWsyVWFWSndZdnd4bTJ0aEVVa0NBMnhYVmpBVXJvTHloMmhmSkdvbzZlMWtJcUMyYlRRdzFja1pvWjRsclBrNTZiekNha3JvbkltKyt3MTVCbjVHQ0tDZktQZEJPa3dwd0xlS3UtLVVtNUI4akVOTWl4LzRONE1RekpvcWc9PQ%3D%3D--b674189c08807bdcad54c1ce62d444bc6b94f9c4
.btscoach.com/	1970-01-20 20:46:44	Name: _ga Value: GA1.2.1707954566.1653332966
.btscoach.com/	1970-01-20 03:16:59	Name: _gid Value: GA1.2.1074315647.1653332966
.btscoach.com/	1970-01-20 03:15:33	Name: _gat Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://app.btscoach.com/users/sign_in(Line 4) Message: Refused to load the script 'https://js-agent.newrelic.com/nr-1216.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.twelveshifts.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.rawgit.com https://jawj.github.io https://www.google.com/jsapi https://maps.google.com https://maps.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://github.hubspot.com/odometer/ https://cdn.jsdelivr.net/npm/ https://js.stripe.com/v3/; style-src 'self' 'unsafe-inline' https://.twelveshifts.com https://use.fontawesome.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://github.hubspot.com/odometer/; img-src 'self' data: https://.btscoach.com https://.twelveshifts.com https://csi.gstatic.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://cdn.rawgit.com https://raw.githubusercontent.com https://ciab-twelve-shifts-decks-live.s3.amazonaws.com https://coach-in-a-box-private-document-library.s3.amazonaws.com https://coach-in-a-box-public-docs.s3.amazonaws.com https://coach-in-a-box-public-docs.s3-eu-west-1.amazonaws.com https://coach-in-a-box-public-docs.s3.eu-west-1.amazonaws.com https://bts.box.com https://public.boxcloud.com https://dl.boxcloud.com https://.bts.com https://bts.app.box.com; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com; media-src 'self' https://bts.box.com https://bts.app.box.com https://bts.account.box.com https://public.boxcloud.com https://dl.boxcloud.com; connect-src 'self' 'unsafe-inline' https://.btscoach.com wss://.btscoach.com https://.bts.com https://.btspulse.com wss://.twelveshifts.com wss://.twelveshifts.com:7777/cable https://www.google-analytics.com https://.twelveshifts.com; object-src 'self'; frame-ancestors 'self' https://.btscoach.com https://.btspulse.com https://.btsmomenta.com https://.twelveshifts.com https://.myworkdaycdn.com; frame-src 'self' https://js.stripe.com/ https://d5s7vnxq3lpty.cloudfront.net/ https://.btspulse.com https://*.myworkdaycdn.com https://coach-in-a-box-private-document-library.s3.amazonaws.com;
Strict-Transport-Security	max-age=15768000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.btscoach.com
js-agent.newrelic.com
use.fontawesome.com
www.google-analytics.com
js-agent.newrelic.com
2a00:1450:4001:82f::200e
2a06:98c1:3120::a
88.80.173.25
09badd66c893ae8b2c48885377b55c0f689d96d4b5dd4f59d10c17aebc790c70
15d6ad4dfdb43d0affad683e70029f97a8f8fc8637a28845009ee0542dccdf81
21070bb638a5b88f9f83e13196e64d20381671d770573172cd76423db0bf41d0
4d83132fb5d1c8432ba981ca4611d19daca9d0057f3452c19e532a2cb7f13c88
57684d3f92085aa71bac3ce2339ade1cbe28fe08c4b04428bb8cac8a1c19a053
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
916ef0a0372226f2c5acc1f70d307ec462dad8b2e4177d7137f5b2a8394fd78e
9aa0463ad26662b8376610a050e47405a17b241a48f4a8d95d58da3181ee5778
9d71fd0d84122e26ca97f5884fd4f6adb44752ad190207794dbf0a94b3e7eb04
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a87ada0ef6e37011f09cfd265e2fd4571edff7c7c981b20cdd9946ef616b06db
eb9b30244c323fedd13b9d3286b353ee091560169ff67d6aac0c55c7e915dfa4

app.btscoach.com Open in urlscan Pro 88.80.173.25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

93 %HTTPS

67 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

1179 kBTransfer

4950 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

167 JavaScript Global Variables

4 Cookies

1 Console Messages

Security Headers

Indicators

app.btscoach.com Open in urlscan Pro
88.80.173.25 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1179 kB
Transfer

4950 kB
Size

4
Cookies

15 HTTP transactions
0 data transactions