Submitted URL: http://johnhancocktravel.com/
Effective URL: https://www.johnhancocktravel.com/
Submission: On June 16 via manual from US — Scanned from DE

Summary

This website contacted 5 IPs in 3 countries across 6 domains to perform 65 HTTP transactions. The main IP is 20.49.97.17, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.johnhancocktravel.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 21st 2022. Valid for: a year.
This is the only time www.johnhancocktravel.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 58 20.49.97.17 8075 (MICROSOFT...)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
4 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2 13.36.218.177 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
65 5
Apex Domain
Subdomains
Transfer
58 johnhancocktravel.com
johnhancocktravel.com
www.johnhancocktravel.com
2 MB
4 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 432
38 KB
2 2o7.net
jhfsjhtravel.112.2o7.net
1 KB
2 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1083
69 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 96
43 KB
1 rawgit.com
rawgit.com — Cisco Umbrella Rank: 8935
65 6
Domain Requested by
56 www.johnhancocktravel.com www.johnhancocktravel.com
4 assets.adobedtm.com www.johnhancocktravel.com
assets.adobedtm.com
2 jhfsjhtravel.112.2o7.net 1 redirects
2 use.fontawesome.com www.johnhancocktravel.com
use.fontawesome.com
2 johnhancocktravel.com 2 redirects
1 www.googletagmanager.com assets.adobedtm.com
1 rawgit.com www.johnhancocktravel.com
65 7

This site contains links to these domains. Also see Links.

Domain
jhia.starrtravelinsurance.com
www.johnhancock.com
Subject Issuer Validity Valid
www.johnhancocktravel.com
Sectigo RSA Organization Validation Secure Server CA
2022-01-21 -
2023-01-21
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-06 -
2023-06-05
a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-10 -
2022-09-10
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2022-05-30 -
2022-08-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.johnhancocktravel.com/
Frame ID: C1CDFD2DF64E60AAF6D3A32B8AAB8580
Requests: 65 HTTP requests in this frame

Screenshot

Page Title

John Hancock Travel Insurance

Page URL History Show full URLs

  1. http://johnhancocktravel.com/ HTTP 301
    https://johnhancocktravel.com/ HTTP 301
    https://www.johnhancocktravel.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div class="[^"]*aem-Grid

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js


Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

65
Requests

98 %
HTTPS

60 %
IPv6

6
Domains

7
Subdomains

5
IPs

3
Countries

2127 kB
Transfer

2215 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://johnhancocktravel.com/ HTTP 301
    https://johnhancocktravel.com/ HTTP 301
    https://www.johnhancocktravel.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 61
  • https://jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/s77138448423353?AQB=1&ndh=1&pf=1&t=16%2F5%2F2022%2017%3A45%3A11%204%200&fid=5BC8533CA01947A2-2CA2690F3253FA61&ce=UTF-8&pageName=jh%3Atr%3A&g=https%3A%2F%2Fwww.johnhancocktravel.com%2F&cc=USD&v52=jh%3Atr%3A&v70=jh%3Atr%3A&v71=https%3A%2F%2Fwww.johnhancocktravel.com%2F&v115=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F102.0.5005.115%20Safari%2F537.36&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/s77138448423353?AQB=1&pccr=true&ndh=1&pf=1&t=16%2F5%2F2022%2017%3A45%3A11%204%200&fid=5BC8533CA01947A2-2CA2690F3253FA61&ce=UTF-8&pageName=jh%3Atr%3A&g=https%3A%2F%2Fwww.johnhancocktravel.com%2F&cc=USD&v52=jh%3Atr%3A&v70=jh%3Atr%3A&v71=https%3A%2F%2Fwww.johnhancocktravel.com%2F&v115=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F102.0.5005.115%20Safari%2F537.36&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

65 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.johnhancocktravel.com/
Redirect Chain
  • http://johnhancocktravel.com/
  • https://johnhancocktravel.com/
  • https://www.johnhancocktravel.com/
125 KB
127 KB
Document
General
Full URL
https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d9df199d05b45073c7e1093e0f74515cbcef454cd993c79b51b125ba1535f3ac
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
128196
Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Jun 2022 17:45:08 GMT
ETag
W/"1f4c4-A+k0Saf12dhCjRARW24nlJDzrRM"
Expect-CT
max-age=0
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-RateLimit-Limit
1000
X-RateLimit-Remaining
999
X-RateLimit-Reset
1655404137
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738

Redirect headers

Content-Length
124
Content-Type
text/html; charset=utf-8
Date
Thu, 16 Jun 2022 17:45:07 GMT
Location
https://www.johnhancocktravel.com/
Vary
Accept
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
bootstrap.css
www.johnhancocktravel.com/css/
189 KB
190 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/bootstrap.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
61c0376f7a24edbfc10251067f110559b98547ad9f8a0498e82848eec7f16698
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
193253
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:08 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"2f2e5-18166cd8d20"
Accept-Ranges
bytes
aem-grid.css
www.johnhancocktravel.com/css/
121 KB
123 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/aem-grid.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f37d492cf0f9327059fb29e322dfe7f876371b6508a4dcae386221e358ae9581
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
124259
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"1e563-18166cd8d20"
Accept-Ranges
bytes
app.css
www.johnhancocktravel.com/css/
147 KB
148 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/app.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5873cae36806932cb534fd1e30d3e9b687e83414847c080b5220ad38a2f3ec30
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
150419
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:08 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"24b93-18166cd8d20"
Accept-Ranges
bytes
browserupdate.css
www.johnhancocktravel.com/css/
2 KB
3 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/browserupdate.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c085df67ce43310d11a78d263d92fd1ce16ea3d52622a23422ed27d1aa154cf6
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1594
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"63a-18166cd8d20"
Accept-Ranges
bytes
bootstrap-select.min.css
www.johnhancocktravel.com/css/
10 KB
11 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/bootstrap-select.min.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ca3467342a31c75c088d6058cc48740faf0b2cac0c593bb8a6df4ad2f9adeb36
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
9777
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"2631-18166cd8d20"
Accept-Ranges
bytes
owl.carousel.min.css
www.johnhancocktravel.com/css/
4 KB
5 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/owl.carousel.min.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f4bb5ca3cac09cf26c817d139f27d9e702b5bf05181c7423a67d36d899b9e210
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
3882
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"f2a-18166cd8d20"
Accept-Ranges
bytes
owl.theme.default.min.css
www.johnhancocktravel.com/css/
1 KB
3 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/owl.theme.default.min.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9c652e9d2d91d8834f7a55bc96e8f8eb68962213e4607e7cd31850ae9a24bf13
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1188
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"4a4-18166cd8d20"
Accept-Ranges
bytes
fullpage.css
rawgit.com/alvarotrigo/fullPage.js/dev/src/
0
0
Stylesheet
General
Full URL
https://rawgit.com/alvarotrigo/fullPage.js/dev/src/fullpage.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

daterangepicker.css
www.johnhancocktravel.com/css/
8 KB
10 KB
Stylesheet
General
Full URL
https://www.johnhancocktravel.com/css/daterangepicker.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
91a9338a03dab101c956390ff0b85d0cb8f7d554b387278face91a82363d3f49
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
8234
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:16 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"202a-18166cd8d20"
Accept-Ranges
bytes
all.css
use.fontawesome.com/releases/v5.1.0/css/
45 KB
10 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.1.0/css/all.css
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550

Request headers

Referer
Origin
https://www.johnhancocktravel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:09 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39691
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
GQECJKBBYAT57F8V
x-amz-id-2
5qsQ9I5t5K8i1jkEfegX/6kVUaKgl2rida1iUn6lwzvlCrNASJzp6N09JoysKFIE+zq1wA5j+K8=
last-modified
Wed, 30 Jun 2021 15:30:31 GMT
server
cloudflare
etag
W/"826c57385f3d35cfed5478ba7b1f5c03"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FAukRO%2F1i%2FZzY8yGegTGiga11b2%2FEnrjaKKocRyZ3tcgXr9laaL%2FJkkDJeVBfVCNZR2AUjqvDyCmKSUie3uGx414F%2BjcBDknikq2NVO15ZlvfQJ29wODflytSQTJFFIV%2FkUeHNkYxdrhPOMHhTcwSGo8"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
71c55b898b0c9193-FRA
launch-046391c7a3d0.min.js
assets.adobedtm.com/122318bb3e34/1b90b12e34aa/
73 KB
23 KB
Script
General
Full URL
https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/launch-046391c7a3d0.min.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:798::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
84e62c4739f95901b912550651fd8dcf292040f2e3e680a200131fa9b379a2b6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:09 GMT
content-encoding
gzip
last-modified
Tue, 14 Jun 2022 21:06:11 GMT
server
AkamaiNetStorage
etag
"5507ca0fd3e3be822e29f084e32ffb04:1655240771.971813"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
23250
expires
Thu, 16 Jun 2022 18:45:09 GMT
JHIA_horiz_distributed_by.svg
www.johnhancocktravel.com/images/header/
17 KB
18 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/header/JHIA_horiz_distributed_by.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
12e7a4c2bd49578fe212f14dd6e6d4aff4fa282e9e4d6bc33c7bab0b3abc64c2
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
17083
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"42bb-18166cdcba0"
Accept-Ranges
bytes
STARR_NEW.png
www.johnhancocktravel.com/images/header/
37 KB
39 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/header/STARR_NEW.png
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a81e930e26cb243f74c64b0ab548606e28a83bc5509e62cb00bd9f726cd34dea
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
38300
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/png
Cache-Control
public, max-age=0
ETag
W/"959c-18166cdcba0"
Accept-Ranges
bytes
JHIA_horiz_distributed_by.png
www.johnhancocktravel.com/images/header/
30 KB
31 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/header/JHIA_horiz_distributed_by.png
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b9c6264b8c4973a229cf76880f71217337b49af819c0c1f7868bc17c72494fe1
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
30327
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:11 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/png
Cache-Control
public, max-age=0
ETag
W/"7677-18166cdcba0"
Accept-Ranges
bytes
check-mark.svg
www.johnhancocktravel.com/images/
539 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/check-mark.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6dde612674680d9cd9dacc0778832f0e48fe3c864417bfd60d0d315fe0a318d5
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
539
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"21b-18166cdbc00"
Accept-Ranges
bytes
plane-icon.svg
www.johnhancocktravel.com/images/
911 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/plane-icon.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b7fd6bf50ed4a780a1b950ef73fbd7415f77bc314ece9bf19ef2787142312778
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
911
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"38f-18166cdcba0"
Accept-Ranges
bytes
luggage-icon.svg
www.johnhancocktravel.com/images/
839 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/luggage-icon.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
bdad8e57fa792f363d8b1c797dda9f91ed2c2834f2cd43e46fd52293be479cad
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
839
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:30 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"347-18166cdc3d0"
Accept-Ranges
bytes
heart-icon.svg
www.johnhancocktravel.com/images/
1 KB
3 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/heart-icon.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
54a6ba00bbd84f4819b751893af786e492312278de9aa10e61b8ce29f09f0f65
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1280
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:11 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"500-18166cdbc00"
Accept-Ranges
bytes
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
33 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/launch-046391c7a3d0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:798::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:09 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"d860c16ac938f7d839f0ec158d02d0f0:1644856531.418573"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12163
expires
Thu, 16 Jun 2022 18:45:09 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP171e731c9ba34f1c950c36d26e3efd61/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/launch-046391c7a3d0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:798::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:09 GMT
content-encoding
gzip
last-modified
Mon, 14 Feb 2022 16:35:31 GMT
server
AkamaiNetStorage
etag
"2d1382c349d480b6b41574ac0c1af066:1644856531.739514"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1597
expires
Thu, 16 Jun 2022 18:45:09 GMT
jquery.js
www.johnhancocktravel.com/js/vendor/
282 KB
283 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/jquery.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
288580
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"46744-18166cdd370"
Accept-Ranges
bytes
tether.js
www.johnhancocktravel.com/js/vendor/
55 KB
57 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/tether.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3a3e8792e3bfc0ced99ab6b1403c4989a5d12afd305b9b02a17cf87b989e23dd
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
56409
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"dc59-18166cdd370"
Accept-Ranges
bytes
popper.js
www.johnhancocktravel.com/js/vendor/
18 KB
20 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/popper.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ccc0ee783158d1ab3ae590ef8c982a827e38e8b82fd121551cdd4c20041fcd1b
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
18873
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"49b9-18166cdd370"
Accept-Ranges
bytes
bootstrap.js
www.johnhancocktravel.com/js/vendor/
59 KB
60 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/bootstrap.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
60089
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"eab9-18166cdd370"
Accept-Ranges
bytes
bootstrap-select.js
www.johnhancocktravel.com/js/vendor/
94 KB
96 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/bootstrap-select.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b02388e81be035549ce9f678c2266da8067fcda46d853b5efcd42565008652b1
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
96285
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"1781d-18166cdd370"
Accept-Ranges
bytes
owl.carousel.js
www.johnhancocktravel.com/js/vendor/
88 KB
89 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/owl.carousel.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
db9d6cf3c1c4b047c62f646e7d9991c06a212931c362bf53f9a2406b30f09466
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
89992
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"15f88-18166cdd370"
Accept-Ranges
bytes
parsley.js
www.johnhancocktravel.com/js/vendor/
91 KB
93 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/parsley.js?v=qlk9h
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
842dfdacd537aba61ff5317ba698eaa391cca5be136da5dd897e9dd8a1b257c9
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
93541
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"16d65-18166cdd370"
Accept-Ranges
bytes
parsley-rules.js
www.johnhancocktravel.com/js/vendor/
25 KB
26 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/parsley-rules.js?v=o4eas
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
971ef9fcb6600d293eb84202d5f28dbc432cf6aa5558575991c468e3c2de4823
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
25390
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"632e-18166cdd370"
Accept-Ranges
bytes
stacktable.js
www.johnhancocktravel.com/js/vendor/
8 KB
10 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/stacktable.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
58ee289cc3b0e66d80a8860ab61c78b003b2794a2b01059f5e5a1d6da47e7327
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
8219
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"201b-18166cdd370"
Accept-Ranges
bytes
polyfiller.js
www.johnhancocktravel.com/js/vendor/webshim/js-webshim/minified/
16 KB
17 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/webshim/js-webshim/minified/polyfiller.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
130ba9b22e06342d6fa2ce06d131b0a0033ab184becd181f6c0ca0755dcf02b2
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
15953
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"3e51-18166cdd370"
Accept-Ranges
bytes
footer.js
www.johnhancocktravel.com/js/partials/
4 KB
5 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/partials/footer.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
281fbe58c9d79547f47186abf842de54641ebb57f94e600c0e8b2229f4cfa626
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
3699
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"e73-18166cdd370"
Accept-Ranges
bytes
equal-height.js
www.johnhancocktravel.com/js/partials/
6 KB
8 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/partials/equal-height.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7e90846efa990cca616457a36dc2564a9b7a2c7552021a38a0ba3740a5e16fa9
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
6292
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"1894-18166cdd370"
Accept-Ranges
bytes
wcag.js
www.johnhancocktravel.com/js/partials/
10 KB
12 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/partials/wcag.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9c1b17a04179f8dd742df80f6dffc2abccda645d90e4760583cfa2ff5c10891c
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
10451
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"28d3-18166cdd370"
Accept-Ranges
bytes
card-wcag.js
www.johnhancocktravel.com/js/partials/
6 KB
7 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/partials/card-wcag.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0dd1a0f12ae5d5d0567627fb94360243c506ca708c1332063c1269d8b890346d
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
5779
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"1693-18166cdd370"
Accept-Ranges
bytes
stackable-table.js
www.johnhancocktravel.com/js/partials/
1 KB
3 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/partials/stackable-table.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
afeb78c77848adff17299def1146d31508cdc614016b50e616fb7337a91feb54
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1517
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"5ed-18166cdd370"
Accept-Ranges
bytes
tooltip.js
www.johnhancocktravel.com/js/partials/
2 KB
3 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/partials/tooltip.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
874d9ea203ac292a0f30166f6d1c706e3b766a072f5b4afdc8a5443258a119af
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1750
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"6d6-18166cdd370"
Accept-Ranges
bytes
jquery.creditCardValidator.js
www.johnhancocktravel.com/js/
9 KB
10 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/jquery.creditCardValidator.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8338536908dbf97a2eeaf21a1390f707b867571d222dcf7be3d905e0a882b9aa
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
8709
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"2205-18166cdd370"
Accept-Ranges
bytes
dateformat.js
www.johnhancocktravel.com/js/
5 KB
6 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/dateformat.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
92ad677def892fa914b5a442cfdb7933f3512f09a5c11c6b2bfdbb83ccf1e4b1
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
4638
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:11 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"121e-18166cdd370"
Accept-Ranges
bytes
moment.min.js
www.johnhancocktravel.com/js/
50 KB
52 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/moment.min.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
51465
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"c909-18166cdd370"
Accept-Ranges
bytes
daterangepicker.min.js
www.johnhancocktravel.com/js/
32 KB
33 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/daterangepicker.min.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3b34d9527ec5ca979f8e519099ec9001874f1e8cb8a88070008ec7454f0c8da8
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
32656
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:11 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"7f90-18166cdd370"
Accept-Ranges
bytes
jquery-input-mask-phone-number.min.js
www.johnhancocktravel.com/js/
2 KB
4 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/jquery-input-mask-phone-number.min.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
fc66f2496afd6a86552e852404bf5cf3fc9a13b2a8dfa1cfc3e28c891439c291
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
2246
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"8c6-18166cdd370"
Accept-Ranges
bytes
custom.js
www.johnhancocktravel.com/js/
29 KB
31 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/custom.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
41d9f7a9cb58af9a5e5aef544a2198551172c2a43a471b46aee6857a61b9c6bd
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
29910
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"74d6-18166cdd370"
Accept-Ranges
bytes
backdated-browser.js
www.johnhancocktravel.com/js/
418 B
2 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/backdated-browser.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b2c43cccdef8d4cbc43fef10346354ec8252b76a10d0717da1654374cda6445c
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
418
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"1a2-18166cdd370"
Accept-Ranges
bytes
nav-icon-mortgage.svg
www.johnhancocktravel.com/images/
731 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/nav-icon-mortgage.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f427007a6d6b3e26fed945cd8fa062d538805fab49355bdef1d55c738ad6d997
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
731
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"2db-18166cdcba0"
Accept-Ranges
bytes
nav-icon-blog.svg
www.johnhancocktravel.com/images/
780 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/nav-icon-blog.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
375f60243ab99c2bc50ff4ae511faa8457bae022ca74c941aa75bf39d4d6fc22
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
780
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"30c-18166cdcba0"
Accept-Ranges
bytes
nav-icon-support.svg
www.johnhancocktravel.com/images/
1 KB
3 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/nav-icon-support.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5f15c999a69b36d2fb7ed8bd7edd3e11a19eca38c8d9c8031cae6a281b332d85
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1320
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"528-18166cdcba0"
Accept-Ranges
bytes
phone-icon-1.svg
www.johnhancocktravel.com/images/
1 KB
3 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/phone-icon-1.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c088373e36fd880195dc66e94c3f519b47bb625031e94944b8b91ecef1d55989
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1534
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"5fe-18166cdcba0"
Accept-Ranges
bytes
legal.svg
www.johnhancocktravel.com/images/
276 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/legal.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2ec938f32bd00672a6da7e12ddb01363fea5592c739b239d346304a283f60b70
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
276
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:30 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"114-18166cdc3d0"
Accept-Ranges
bytes
alert-icon.svg
www.johnhancocktravel.com/images/
382 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/alert-icon.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
535ba6ed9422003793065b56d0e763fab2d60fce9ebf1d675692d5b39bc0a025
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
382
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"17e-18166cdbc00"
Accept-Ranges
bytes
icon-search-close.svg
www.johnhancocktravel.com/images/
273 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/icon-search-close.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
51e2fd255a9adc10679094454f1e26d732454e89ec5c6ce39029e7dcee51ac1f
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
273
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:30 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"111-18166cdc3d0"
Accept-Ranges
bytes
travel-insurance-hero-d.png
www.johnhancocktravel.com/images/header/
156 KB
158 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/header/travel-insurance-hero-d.png
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
06ef5874dce3d7c33d5ffd189bca826cdb917b64352561297167dcc17b845d36
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.johnhancocktravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
159882
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/png
Cache-Control
public, max-age=0
ETag
W/"2708a-18166cdd370"
Accept-Ranges
bytes
info-tooltip-icon.svg
www.johnhancocktravel.com/images/
1005 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/info-tooltip-icon.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7886e68cae125e02469198038f5a5abea894d2526d1ae6c20505b8268a073872
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1005
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:30 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"3ed-18166cdc3d0"
Accept-Ranges
bytes
date-range.svg
www.johnhancocktravel.com/images/
1006 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/date-range.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f91d6d1509554ad401d10a2b7792151c61f3b1d6d0dad5de4d6cddbefe79c324
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
1006
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"3ee-18166cdbc00"
Accept-Ranges
bytes
select-dropdown-arrow.svg
www.johnhancocktravel.com/images/
219 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/select-dropdown-arrow.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8f054c0c2d694dae199afdf795d4680226c06f6de38849c14c1a30c5f107433b
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
219
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:32 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"db-18166cdcba0"
Accept-Ranges
bytes
btn-icon-sprite.svg
www.johnhancocktravel.com/images/
3 KB
4 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/btn-icon-sprite.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
39be64a0ba71dc35e58852ea1347bf8742b28e123cc7fbb7bf49c75a6fea9c40
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
3008
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"bc0-18166cdbc00"
Accept-Ranges
bytes
icon-contact.svg
www.johnhancocktravel.com/images/
302 B
2 KB
Image
General
Full URL
https://www.johnhancocktravel.com/images/icon-contact.svg
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b2fe3eca9799ae94bf2cca092575e85a1ecd33f7920991b38eb280b334b51d5c
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
302
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:30 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:11 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
image/svg+xml
Cache-Control
public, max-age=0
ETag
W/"12e-18166cdc3d0"
Accept-Ranges
bytes
ManulifeJHSans-Regular.woff2
www.johnhancocktravel.com/fonts/
47 KB
48 KB
Font
General
Full URL
https://www.johnhancocktravel.com/fonts/ManulifeJHSans-Regular.woff2
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
365690660f64c87ecad36962bacce3bb1f810c23697a5d0e52b6a3928ea547ac
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.johnhancocktravel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
48060
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:10 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
font/woff2
Cache-Control
public, max-age=0
ETag
W/"bbbc-18166cdbc00"
Accept-Ranges
bytes
ManulifeJHSans-Bold.woff2
www.johnhancocktravel.com/fonts/
44 KB
46 KB
Font
General
Full URL
https://www.johnhancocktravel.com/fonts/ManulifeJHSans-Bold.woff2
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8b209e2366b79d4a7228952bdeee2f7c9f0845d6394e0bc040cc514f3fdf012e
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.johnhancocktravel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
45276
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:26 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
font/woff2
Cache-Control
public, max-age=0
ETag
W/"b0dc-18166cdb430"
Accept-Ranges
bytes
ManulifeJHSans-Semibold.woff2
www.johnhancocktravel.com/fonts/
45 KB
46 KB
Font
General
Full URL
https://www.johnhancocktravel.com/fonts/ManulifeJHSans-Semibold.woff2
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e92ab03190640edfb9979313426abfafbec230fab768df4ed04af7c7369346c
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
Origin
https://www.johnhancocktravel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
45596
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:28 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:09 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
font/woff2
Cache-Control
public, max-age=0
ETag
W/"b21c-18166cdbc00"
Accept-Ranges
bytes
fa-solid-900.woff2
use.fontawesome.com/releases/v5.1.0/webfonts/
58 KB
59 KB
Font
General
Full URL
https://use.fontawesome.com/releases/v5.1.0/webfonts/fa-solid-900.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.1.0/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a83079124373d924ad1402fbc08d2e24d0043234d4c26565f1c368745f55f5d9

Request headers

Referer
https://use.fontawesome.com/releases/v5.1.0/css/all.css
Origin
https://www.johnhancocktravel.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:10 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
39691
cf-ray
71c55b8e0ca19193-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
59572
x-amz-id-2
4WHumaWHUDlRelmQtg9RqKV8FDbFJYakUTdyWVKjef1wSADokl00YnE93x90eL14rpqA/nX8PKY=
last-modified
Wed, 30 Jun 2021 15:30:49 GMT
server
cloudflare
etag
"18d2347ab2a9f40ca2247cdb03303d84"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OT8gTPMz0fwp0rgg204fjP8G9la3m7TX0XVxSvnRBADQMl68QqkNyBRPZsTsYEFnDdX9oDFWsThpl6E0ciiQ8OATkdQep03CqGWLYTOZcuSOTrG4TUXknX9ttPLrVzSKVj%2FenFT%2BoBTZFBmoVyyyzUAJ"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
4M4B3NJGANKG527E
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
update.js
www.johnhancocktravel.com/js/vendor/
7 KB
8 KB
Script
General
Full URL
https://www.johnhancocktravel.com/js/vendor/update.js
Requested by
Host: www.johnhancocktravel.com
URL: https://www.johnhancocktravel.com/js/backdated-browser.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.97.17 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b34ea4149903d44dc9c25c5df44521c124a60f2439053770b0c7fe00b2fad48e
Security Headers
Name Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Content-Length
7151
X-XSS-Protection
0
request-context
appId=cid-v1:2c818b37-50c0-4364-96fe-702e5527d738
Referrer-Policy
no-referrer
Last-Modified
Wed, 15 Jun 2022 09:59:34 GMT
X-Frame-Options
SAMEORIGIN
Date
Thu, 16 Jun 2022 17:45:11 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
ETag
W/"1bef-18166cdd370"
Accept-Ranges
bytes
s77138448423353
jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/
Redirect Chain
  • https://jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/s77138448423353?AQB=1&ndh=1&pf=1&t=16%2F5%2F2022%2017%3A45%3A11%204%200&fid=5BC8533CA01947A2-2CA2690F3253FA61&ce=UTF-8&pageName=j...
  • https://jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/s77138448423353?AQB=1&pccr=true&ndh=1&pf=1&t=16%2F5%2F2022%2017%3A45%3A11%204%200&fid=5BC8533CA01947A2-2CA2690F3253FA61&ce=UTF-8&...
43 B
307 B
Image
General
Full URL
https://jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/s77138448423353?AQB=1&pccr=true&ndh=1&pf=1&t=16%2F5%2F2022%2017%3A45%3A11%204%200&fid=5BC8533CA01947A2-2CA2690F3253FA61&ce=UTF-8&pageName=jh%3Atr%3A&g=https%3A%2F%2Fwww.johnhancocktravel.com%2F&cc=USD&v52=jh%3Atr%3A&v70=jh%3Atr%3A&v71=https%3A%2F%2Fwww.johnhancocktravel.com%2F&v115=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F102.0.5005.115%20Safari%2F537.36&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Protocol
H2
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:11 GMT
x-content-type-options
nosniff
x-c
main-1649.I02425a.M0-575
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Fri, 17 Jun 2022 17:45:11 GMT
server
jag
xserver
anedge-658967d5d4-xh2hj
etag
3554947676167798784-4619886877869349052
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Wed, 15 Jun 2022 17:45:11 GMT

Redirect headers

date
Thu, 16 Jun 2022 17:45:11 GMT
x-content-type-options
nosniff
x-c
main-1649.I02425a.M0-575
p3p
CP="This is not a P3P policy"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
location
https://jhfsjhtravel.112.2o7.net/b/ss/jhfsjhtravel/1/JS-2.22.4-LCS4/s77138448423353?AQB=1&pccr=true&ndh=1&pf=1&t=16%2F5%2F2022%2017%3A45%3A11%204%200&fid=5BC8533CA01947A2-2CA2690F3253FA61&ce=UTF-8&pageName=jh%3Atr%3A&g=https%3A%2F%2Fwww.johnhancocktravel.com%2F&cc=USD&v52=jh%3Atr%3A&v70=jh%3Atr%3A&v71=https%3A%2F%2Fwww.johnhancocktravel.com%2F&v115=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F102.0.5005.115%20Safari%2F537.36&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
last-modified
Fri, 17 Jun 2022 17:45:11 GMT
server
jag
xserver
anedge-658967d5d4-kq8vd
vary
Origin
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Wed, 15 Jun 2022 17:45:11 GMT
RC04a465365ba64dc1ad5168fa63eb4c9b-source.min.js
assets.adobedtm.com/122318bb3e34/1b90b12e34aa/6451b7f590f5/
628 B
626 B
Script
General
Full URL
https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/6451b7f590f5/RC04a465365ba64dc1ad5168fa63eb4c9b-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/launch-046391c7a3d0.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:798::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8e4fb2dfa4a5c95810a8a25ae7fcd939201d6be7f82f7c7d8fcb91e357fb9e1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:11 GMT
content-encoding
gzip
last-modified
Tue, 14 Jun 2022 21:06:12 GMT
server
AkamaiNetStorage
etag
"f7686ab03656f8709bc4fe3f2587423f:1655240772.697351"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
380
expires
Thu, 16 Jun 2022 18:45:11 GMT
js
www.googletagmanager.com/gtag/
108 KB
43 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-803172548
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/launch-046391c7a3d0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cf9921fea417239851507f9d40eab4db065a62e7c2aaf2c7a397e1b6dc995539
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Thu, 16 Jun 2022 17:45:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43376
x-xss-protection
0
last-modified
Thu, 16 Jun 2022 15:30:45 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 16 Jun 2022 17:45:11 GMT

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| _satellite boolean| __satelliteLoaded function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s_c_il number| s_c_in function| $ function| jQuery function| Tether object| Popper number| uidEvent object| bootstrap function| _slice function| _slicedToArray function| _extends function| _toConsumableArray object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| parsley boolean| ShowGenaralErrormsg function| DateFieldSummaryValidation object| webshims object| webshim function| convertAccordion function| equalHeight function| equalHeightMortgage boolean| flag boolean| isCard object| strings object| selectors object| classes object| body object| btn function| addAriaHiddenProgressbar number| planCounter function| dateFormat function| moment function| daterangepicker function| getFormattedDate object| countrylist function| phoneNumberCheck function| agecalculation function| todate function| datecheck function| counter function| total_cost object| $buoop function| $buo_f function| $bu_getBrowser function| $buo object| _buorgres object| s_i_jhfsjhtravel object| google_tag_manager object| dataLayer

5 Cookies

Domain/Path Name / Value
www.johnhancocktravel.com/ Name: _csrf
Value: n6ONL8Ct573p4cQaNt7XMuqy
www.johnhancocktravel.com/ Name: connect.sid
Value: s%3AzF8U-EOT7EnwzTN77HS0ekPr13iQs4qV.gT5TBiv5%2Bm9JLK7oDkl9K73BJJB1rZeMxSIpArvUUJw
.johnhancocktravel.com/ Name: s_fid
Value: 5BC8533CA01947A2-2CA2690F3253FA61
.johnhancocktravel.com/ Name: s_cc
Value: true
.2o7.net/ Name: s_vi_fdjx7Ffdxxx7Emzix60
Value: [CS]v4|3155B61399151B95-600002A361E418BD|62AB6C27[CE]

2 Console Messages

Source Level URL
Text
network error URL: https://rawgit.com/alvarotrigo/fullPage.js/dev/src/fullpage.css
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://assets.adobedtm.com/122318bb3e34/1b90b12e34aa/launch-046391c7a3d0.min.js(Line 1)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net". Either the 'unsafe-inline' keyword, a hash ('sha256-OuSJQICM33t8hRtD2223HvHooGB6+QCV2eQ+kho+aIw='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.demdex.net cm.everesttech.net *.bing.com wss://*.bing.com assets.adobedtm.com;script-src 'self' *.googleadservices.com *.google.com *.googletagmanager.com assets.adobedtm.com connect.facebook.net facebook.com bat.bing.com *.demdex.net r.bing.com cm.everesttech.net;frame-src 'self' *.demdex.net sdx.microsoft.com;img-src 'self' *.fls.doubleclick.net *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com facebook.com *.demdex.net *.bing.com *.microsoft.com cm.everesttech.net assets.adobedtm.com jhfsjhtravel.112.2o7.net;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
jhfsjhtravel.112.2o7.net
johnhancocktravel.com
rawgit.com
use.fontawesome.com
www.googletagmanager.com
www.johnhancocktravel.com
13.36.218.177
20.49.97.17
2a00:1450:4001:800::2008
2a02:26f0:3500:798::1e80
2a06:98c1:3121::3
06ef5874dce3d7c33d5ffd189bca826cdb917b64352561297167dcc17b845d36
0dd1a0f12ae5d5d0567627fb94360243c506ca708c1332063c1269d8b890346d
12e7a4c2bd49578fe212f14dd6e6d4aff4fa282e9e4d6bc33c7bab0b3abc64c2
130ba9b22e06342d6fa2ce06d131b0a0033ab184becd181f6c0ca0755dcf02b2
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
281fbe58c9d79547f47186abf842de54641ebb57f94e600c0e8b2229f4cfa626
2ec938f32bd00672a6da7e12ddb01363fea5592c739b239d346304a283f60b70
365690660f64c87ecad36962bacce3bb1f810c23697a5d0e52b6a3928ea547ac
375f60243ab99c2bc50ff4ae511faa8457bae022ca74c941aa75bf39d4d6fc22
39be64a0ba71dc35e58852ea1347bf8742b28e123cc7fbb7bf49c75a6fea9c40
3a3e8792e3bfc0ced99ab6b1403c4989a5d12afd305b9b02a17cf87b989e23dd
3b34d9527ec5ca979f8e519099ec9001874f1e8cb8a88070008ec7454f0c8da8
41d9f7a9cb58af9a5e5aef544a2198551172c2a43a471b46aee6857a61b9c6bd
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
51e2fd255a9adc10679094454f1e26d732454e89ec5c6ce39029e7dcee51ac1f
535ba6ed9422003793065b56d0e763fab2d60fce9ebf1d675692d5b39bc0a025
54a6ba00bbd84f4819b751893af786e492312278de9aa10e61b8ce29f09f0f65
5873cae36806932cb534fd1e30d3e9b687e83414847c080b5220ad38a2f3ec30
58ee289cc3b0e66d80a8860ab61c78b003b2794a2b01059f5e5a1d6da47e7327
5c36e28c9a7bd864b673e223db7e1934923227536ffbdf871f58b6f09b9ac8c9
5e92ab03190640edfb9979313426abfafbec230fab768df4ed04af7c7369346c
5f15c999a69b36d2fb7ed8bd7edd3e11a19eca38c8d9c8031cae6a281b332d85
61c0376f7a24edbfc10251067f110559b98547ad9f8a0498e82848eec7f16698
6dde612674680d9cd9dacc0778832f0e48fe3c864417bfd60d0d315fe0a318d5
7886e68cae125e02469198038f5a5abea894d2526d1ae6c20505b8268a073872
7e90846efa990cca616457a36dc2564a9b7a2c7552021a38a0ba3740a5e16fa9
8338536908dbf97a2eeaf21a1390f707b867571d222dcf7be3d905e0a882b9aa
842dfdacd537aba61ff5317ba698eaa391cca5be136da5dd897e9dd8a1b257c9
84e62c4739f95901b912550651fd8dcf292040f2e3e680a200131fa9b379a2b6
874d9ea203ac292a0f30166f6d1c706e3b766a072f5b4afdc8a5443258a119af
8b209e2366b79d4a7228952bdeee2f7c9f0845d6394e0bc040cc514f3fdf012e
8e4fb2dfa4a5c95810a8a25ae7fcd939201d6be7f82f7c7d8fcb91e357fb9e1c
8f054c0c2d694dae199afdf795d4680226c06f6de38849c14c1a30c5f107433b
91a9338a03dab101c956390ff0b85d0cb8f7d554b387278face91a82363d3f49
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
92ad677def892fa914b5a442cfdb7933f3512f09a5c11c6b2bfdbb83ccf1e4b1
971ef9fcb6600d293eb84202d5f28dbc432cf6aa5558575991c468e3c2de4823
9c1b17a04179f8dd742df80f6dffc2abccda645d90e4760583cfa2ff5c10891c
9c652e9d2d91d8834f7a55bc96e8f8eb68962213e4607e7cd31850ae9a24bf13
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a81e930e26cb243f74c64b0ab548606e28a83bc5509e62cb00bd9f726cd34dea
a83079124373d924ad1402fbc08d2e24d0043234d4c26565f1c368745f55f5d9
afeb78c77848adff17299def1146d31508cdc614016b50e616fb7337a91feb54
b02388e81be035549ce9f678c2266da8067fcda46d853b5efcd42565008652b1
b2c43cccdef8d4cbc43fef10346354ec8252b76a10d0717da1654374cda6445c
b2fe3eca9799ae94bf2cca092575e85a1ecd33f7920991b38eb280b334b51d5c
b34ea4149903d44dc9c25c5df44521c124a60f2439053770b0c7fe00b2fad48e
b7fd6bf50ed4a780a1b950ef73fbd7415f77bc314ece9bf19ef2787142312778
b9c6264b8c4973a229cf76880f71217337b49af819c0c1f7868bc17c72494fe1
bdad8e57fa792f363d8b1c797dda9f91ed2c2834f2cd43e46fd52293be479cad
c085df67ce43310d11a78d263d92fd1ce16ea3d52622a23422ed27d1aa154cf6
c088373e36fd880195dc66e94c3f519b47bb625031e94944b8b91ecef1d55989
ca3467342a31c75c088d6058cc48740faf0b2cac0c593bb8a6df4ad2f9adeb36
ccc0ee783158d1ab3ae590ef8c982a827e38e8b82fd121551cdd4c20041fcd1b
ce91e2144ea27f82292ef2c87c5d9e1d0b9994df63836130293865aca18fc550
cf9921fea417239851507f9d40eab4db065a62e7c2aaf2c7a397e1b6dc995539
d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238
d9df199d05b45073c7e1093e0f74515cbcef454cd993c79b51b125ba1535f3ac
db9d6cf3c1c4b047c62f646e7d9991c06a212931c362bf53f9a2406b30f09466
f37d492cf0f9327059fb29e322dfe7f876371b6508a4dcae386221e358ae9581
f427007a6d6b3e26fed945cd8fa062d538805fab49355bdef1d55c738ad6d997
f4bb5ca3cac09cf26c817d139f27d9e702b5bf05181c7423a67d36d899b9e210
f91d6d1509554ad401d10a2b7792151c61f3b1d6d0dad5de4d6cddbefe79c324
fc66f2496afd6a86552e852404bf5cf3fc9a13b2a8dfa1cfc3e28c891439c291