urlscan.io logo urlscan.io
SecurityTrails logo

www.upay.co.uk Open in urlscan Pro
185.249.71.117  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.upay.co.uk/app/
Submission: On March 27 via manual from PH — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 43 HTTP transactions. The main IP is 185.249.71.117, located in United Kingdom and belongs to HYVE-UK, GB. The main domain is www.upay.co.uk.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 20th 2022. Valid for: a year.
This is the only time www.upay.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

17    185.249.71.117 (United Kingdom)

ASN204413 (HYVE-UK, GB)
www.upay.co.uk
1    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4013:c00::5c (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
pay.google.com
2    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::c6d9:fbfb (United States)

ASN13335 (CLOUDFLARENET, US)
songbirdstag.cardinalcommerce.com
15    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
play.google.com
4    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
17 upay.co.uk
www.upay.co.uk
5 MB
16 google.com
pay.google.com — Cisco Umbrella Rank: 2854
play.google.com — Cisco Umbrella Rank: 23
399 KB
4 gstatic.com
www.gstatic.com
104 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 25
20 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
2 KB
1 cardinalcommerce.com
songbirdstag.cardinalcommerce.com — Cisco Umbrella Rank: 165287
112 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
44 KB
43 7
Domain Requested by
17 www.upay.co.uk www.upay.co.uk
13 play.google.com www.gstatic.com
4 www.gstatic.com pay.google.com
www.gstatic.com
3 pay.google.com www.upay.co.uk
www.gstatic.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 fonts.googleapis.com client
1 songbirdstag.cardinalcommerce.com www.upay.co.uk
1 www.googletagmanager.com www.upay.co.uk
43 8

This site contains no links.

Subject Issuer Validity Valid
*.upay.co.uk
Sectigo RSA Domain Validation Secure Server CA		 2022-05-20 -
2023-06-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.cardinalcommerce.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-02-23 -
2024-03-25		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.upay.co.uk/app/
Frame ID: 64893395DCBAB69DF0E18C5847B36251
Requests: 23 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.upay.co.uk&mid=
Frame ID: 59F364E30D13209D92982DB8D916548E
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Upay - Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

43
Requests

100 %
HTTPS

86 %
IPv6

7
Domains

8
Subdomains

7
IPs

4
Countries

5948 kB
Transfer

9020 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

43 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.upay.co.uk/app/ 		21 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
9bb253cff37a8c011e29d9f65e139a2d14c31b9802c4016a4b0f89e3e7a4415e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache
content-encoding
gzip
content-length
5613
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
content-type
text/html
date
Mon, 27 Mar 2023 10:39:22 GMT
etag
"0e6aa0769d91:0"
expires
-1
last-modified
Tue, 06 Dec 2022 13:28:28 GMT
pragma
no-cache
server
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
vendor.css
www.upay.co.uk/app/css/ 		65 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/css/vendor.css
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
0e07df4b12d7774f8c74911eaf310c28b6d22d6c00f3c6198528b001282bb660
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
last-modified
Tue, 26 Apr 2022 12:32:38 GMT
server
date
Mon, 27 Mar 2023 10:39:22 GMT
etag
"077c1b66959d81:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
no-cache
accept-ranges
bytes
content-length
11465
expires
-1
chilli-full.css
www.upay.co.uk/app/css/ 		165 KB
165 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/css/chilli-full.css
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
81cd2ec36da64dd9f90a69160523c9dde80bd0d1293dfbb62a58d3b36f50bd81
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:22 GMT
last-modified
Mon, 18 Jul 2022 12:01:12 GMT
server
etag
"0f4e5129e9ad81:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
no-cache
accept-ranges
bytes
content-length
168846
expires
-1
vendor.js
www.upay.co.uk/app/scripts/ 		4 MB
4 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/scripts/vendor.js
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
714da482e3f3a841a8a90b0f92a412800119c54dbaf315b70f9dcced59a9f36c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:22 GMT
last-modified
Fri, 28 Oct 2022 15:22:33 GMT
server
etag
"f7236d1ae1ead81:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
no-cache
accept-ranges
bytes
content-length
4213119
expires
-1
bundle.js
www.upay.co.uk/app/scripts/ 		2 MB
251 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/scripts/bundle.js?v=
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
ef567864b4c9c6e455b17abd97373375907a57b25e6365e30d940414d3be941e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
last-modified
Thu, 24 Nov 2022 15:30:25 GMT
server
date
Mon, 27 Mar 2023 10:39:22 GMT
etag
"807e5bac190d91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
no-cache
accept-ranges
bytes
content-length
257128
expires
-1
print.css
www.upay.co.uk/app/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/css/print.css
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
faef153ef047e7c80524c7c5aba6eee538d0972e87996343072a2d6238d8827a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Mon, 18 Jul 2022 12:01:12 GMT
server
etag
"0f4e5129e9ad81:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
no-cache
accept-ranges
bytes
content-length
1943
expires
-1
chilli-theme.min.css
www.upay.co.uk/app/css/ 		9 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/css/chilli-theme.min.css
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
cab16faff8b5a4e8213eac29073e5353be70f5a3781d8d9a18a7675bd2c21dcd
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Mon, 18 Jul 2022 12:01:12 GMT
server
etag
"0f4e5129e9ad81:0"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
no-cache
accept-ranges
bytes
content-length
9207
expires
-1
js
www.googletagmanager.com/gtag/ 		112 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-114244871-1
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c832f448768fe7ab81764743ae13d05cabca5392084a343f7baae7935c627898
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 10:39:24 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44855
x-xss-protection
0
last-modified
Mon, 27 Mar 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 27 Mar 2023 10:39:24 GMT
logo_chilli_new.svg
www.upay.co.uk/app/images/svg/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.upay.co.uk/app/images/svg/logo_chilli_new.svg
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-theme.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
e830211a5c46bf8e5c2e5efc8c74335da809ba41ae4d204cb7b5047c79a82779
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/css/chilli-theme.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
no-cache
accept-ranges
bytes
content-length
2966
expires
-1
chilli-full.css
www.upay.co.uk/app/css/ 		165 KB
165 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.upay.co.uk/app/css/chilli-full.css
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-full.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/css/chilli-full.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
last-modified
Mon, 18 Jul 2022 12:01:12 GMT
server
date
Mon, 27 Mar 2023 10:39:24 GMT
etag
"0f4e5129e9ad81:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
no-cache
accept-ranges
bytes
content-length
25289
expires
-1
titilliumweb-bold-webfont.woff
www.upay.co.uk/app/styles/font/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/styles/font/titilliumweb-bold-webfont.woff
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-full.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
d6ad4aaa86dd0f9d7397fa93789e58e4fc995f1b07661c47cf33c9727dc58bca
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.upay.co.uk/app/css/chilli-full.css
Origin
https://www.upay.co.uk
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
font/x-woff
accept-ranges
bytes
content-length
27356
splash.jpg
www.upay.co.uk/app/images/chilli/ 		449 KB
449 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.upay.co.uk/app/images/chilli/splash.jpg
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-theme.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
11ef01d887ad3a563fc3db4697a0259f416b73e246d66f819833426ca175a16c
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/css/chilli-theme.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
no-cache
accept-ranges
bytes
content-length
459645
expires
-1
logo_text.png
www.upay.co.uk/app/images/chilli/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.upay.co.uk/app/images/chilli/logo_text.png
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-theme.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
3b89c4dcc768b57728ce58b9481a70723cd3990025d2b4bcf5cd8f6913def9b7
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/css/chilli-theme.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
no-cache
accept-ranges
bytes
content-length
12233
expires
-1
payframe
pay.google.com/gp/p/ui/ Frame 59F3 		18 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.upay.co.uk&mid=
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/scripts/vendor.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c00::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab89a9afca3a0122e7368da10a6e8d671613fc06628e85eada9c1953cf7b6cba
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-ebGzaQkkEbeYszgOc2N-KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.upay.co.uk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-ebGzaQkkEbeYszgOc2N-KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Mon, 27 Mar 2023 10:39:24 GMT
expires
Mon, 27 Mar 2023 10:39:24 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
css2
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d53b8656b8f584f2303e2ca2e8be93d17c0245e7d62c419c79f701c4219b30cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 27 Mar 2023 10:39:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 27 Mar 2023 09:32:48 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 27 Mar 2023 10:39:24 GMT
css2
fonts.googleapis.com/ 		6 KB
693 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,200;0,400;0,700;1,200;1,400;1,700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
bb2b8ff97e390fd5714879c9616a0e301df72228893ed11e3f90bc056a8cf549
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 27 Mar 2023 10:39:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 27 Mar 2023 10:39:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 27 Mar 2023 10:39:24 GMT
5.3b02bd2b4ae206a26e13.songbird.js
songbirdstag.cardinalcommerce.com/edge/v1/3b02bd2b4ae206a26e13/ 		387 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://songbirdstag.cardinalcommerce.com/edge/v1/3b02bd2b4ae206a26e13/5.3b02bd2b4ae206a26e13.songbird.js
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/scripts/vendor.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::c6d9:fbfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96fc75f4a8ccb249fb0398a50d1d972f5a8459c80e671d400772f90933116735
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://www.upay.co.uk/
Origin
https://www.upay.co.uk
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 10:39:24 GMT
strict-transport-security
max-age=15552000
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13545559
cf-polished
origSize=396016
cf-bgj
minify
last-modified
Mon, 29 Mar 2021 19:51:34 GMT
server
cloudflare
etag
W/"067e4ebd424d71:0"
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
application/javascript
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OeHlOVvnQ7rmMjXlmA0WX4%2BwfplUEwTNUTNhmJYAIr8E%2F0Xc6%2BEz3P57Tceb6be71zcQZAKxaGZsJqFP%2Fvv8rzh2oKxW4bpG%2BeA4NbZZcbXQ1MYJeAYPR2Xpm8FMG%2F4N0RtaVSNT2FqxsK4YEnSdYppH3LMr9tsCMTw26ndgXA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=15552000
cf-ray
7ae702632cde76cf-LHR
expires
Sat, 23 Sep 2023 10:39:24 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-114244871-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 27 Mar 2023 10:05:11 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
2053
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Mon, 27 Mar 2023 12:05:11 GMT
ListScriptInjections.uwh
www.upay.co.uk/app/v4.9.4/ 		281 B
710 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/v4.9.4/ListScriptInjections.uwh
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/scripts/vendor.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
2423c6c4a061a88a2bc3dfce861dc7d0a3240da8f928a12740b1e50ab9921b2a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Authorization
Bearer undefined
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/json
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.upay.co.uk/app/
App-Mode
0
X-Requested-With
XMLHttpRequest

Response headers

expires
-1
pragma
no-cache
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
access-control-allow-methods
GET,POST,PUT,DELETE
content-type
application/json; charset=utf-8
access-control-expose-headers
auth-token
cache-control
private,no-cache
access-control-allow-credentials
true
access-control-request-methods
GET,POST,PUT,DELETE
access-control-allow-headers
app-mode,auth-token,Content-Type,Content-Length,Authorization
content-length
281
access-control-request-headers
app-mode,auth-token,Content-Type,Content-Length,Authorization
titilliumweb-regular-webfont.woff
www.upay.co.uk/app/styles/font/ 		28 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/styles/font/titilliumweb-regular-webfont.woff
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-full.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
4c14c497b838f98c9175275123b95b20f9b7da80813c1674c031bdc606f88578
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.upay.co.uk/app/css/chilli-full.css
Origin
https://www.upay.co.uk
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
font/x-woff
accept-ranges
bytes
content-length
28164
titilliumweb-semibold-webfont.woff2
www.upay.co.uk/app/styles/font/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.upay.co.uk/app/styles/font/titilliumweb-semibold-webfont.woff2
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-full.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
a333545d25ee94e2f8bab4405a4ac5b7624e14ebf4c95626d4a31543ed9b8c5e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.upay.co.uk/app/css/chilli-full.css
Origin
https://www.upay.co.uk
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:24 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
content-length
21476
collect
www.google-analytics.com/j/ 		1 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1210157418&t=pageview&_s=1&dl=https%3A%2F%2Fwww.upay.co.uk%2Fapp%2F&ul=en-us&de=UTF-8&dt=Upay%20-%20Modernised%20Payments%20%26%20Loyalty&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=472068336&gjid=2003305030&cid=1527094561.1679913565&tid=UA-114244871-1&_gid=638751340.1679913565&_r=1&gtm=457e33m0&jsscut=1&z=1989830471
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.upay.co.uk/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 27 Mar 2023 10:39:24 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.upay.co.uk
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 59F3 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4013:c00::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.upay.co.uk&mid=
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 27 Mar 2023 10:39:24 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1608
content-type
text/html; charset=UTF-8
m=_b,_tp,_r
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMit... Frame 59F3 		157 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fwww.upay.co.uk&mid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8573720a8f707ebd1721d16b0a489c2e659c776ba5d98cbc073027eb0d9b91aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 16:28:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
238279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56489
x-xss-protection
0
last-modified
Fri, 24 Mar 2023 04:24:35 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 23 Mar 2024 16:28:05 GMT
m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.y0t... Frame 59F3 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.y0tWZmIFzD0.L.B1.O/am=wGgAEA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrikNsUxuWfJo_1G2argZVjLlxr4Fg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=IZT63,ZyYHPb,ws9Tlc,vfuNJf,PrPYRd,hc6Ubd,Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c3dda755c00aab1006909aeddd49310ce0854a9954ce74af18b35608f2877e42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 16:28:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
238280
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26390
x-xss-protection
0
last-modified
Thu, 23 Mar 2023 00:30:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 23 Mar 2024 16:28:05 GMT
pay
pay.google.com/gp/p/ui/ Frame 59F3 		1 MB
386 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4013:c00::5c Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9af0b6afa8f9e2f45f54124f34889ee223d648ceec616f5d8230ea55f973dfd9
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-bUExFwXVAc7_nRs1Q0Tgqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport, script-src 'report-sample' 'nonce-bUExFwXVAc7_nRs1Q0Tgqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
x-ua-compatible
IE=edge
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
unsafe-none
server
ESF
x-frame-options
DENY
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 27 Mar 2023 10:39:25 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.y0t... Frame 59F3 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.y0tWZmIFzD0.L.B1.O/am=wGgAEA/d=1/exm=Das5Le,IZT63,PrPYRd,ZyYHPb,_b,_r,_tp,hc6Ubd,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrikNsUxuWfJo_1G2argZVjLlxr4Fg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7db42dcb553c42856d5a11712b2a372506b8131c2f9a0dda2520676069533c04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 16:28:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
238280
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9276
x-xss-protection
0
last-modified
Thu, 23 Mar 2023 00:30:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 23 Mar 2024 16:28:05 GMT
m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.y0t... Frame 59F3 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.y0tWZmIFzD0.L.B1.O/am=wGgAEA/d=1/exm=Das5Le,FCpbqb,IZT63,PrPYRd,WhJNk,Wt6vjf,ZyYHPb,_b,_r,_tp,hc6Ubd,hhhU8,vfuNJf,ws9Tlc/excm=_b,_r,_tp,payframeview/ed=1/wt=2/rs=AMitfrikNsUxuWfJo_1G2argZVjLlxr4Fg/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yEQyxe:p8L0ob;yxTchf:KUM7Z;qddgKe:xQtZb;JsbNhc:Xd8iUd;iFQyKf:vfuNJf;nAFL3:NTMZac;oGtAuc:sOXFj;wR5FRb:siKnQd;dIoSBb:SpsfSb;eBAeSb:zbML3c;EmZ2Bf:zr1jrb;NPKaK:PVlQOd;LBgRLc:XVMNvd;NSEoX:lazG7b;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ebc37b493d54ebe4a8b9a9bbc5f3e98469eb2d14119f644ba9000e973fb60e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Fri, 24 Mar 2023 16:28:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
238279
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13540
x-xss-protection
0
last-modified
Thu, 23 Mar 2023 00:30:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 23 Mar 2024 16:28:06 GMT
log
play.google.com/ Frame 59F3 		131 B
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Mon, 27 Mar 2023 10:39:25 GMT
expires
Mon, 27 Mar 2023 10:39:25 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 59F3 		131 B
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Mon, 27 Mar 2023 10:39:25 GMT
expires
Mon, 27 Mar 2023 10:39:25 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 59F3 		131 B
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Mon, 27 Mar 2023 10:39:25 GMT
expires
Mon, 27 Mar 2023 10:39:25 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 59F3 		131 B
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Mon, 27 Mar 2023 10:39:25 GMT
expires
Mon, 27 Mar 2023 10:39:25 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 59F3 		131 B
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Mon, 27 Mar 2023 10:39:25 GMT
expires
Mon, 27 Mar 2023 10:39:25 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 59F3 		131 B
273 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
X-Goog-AuthUser
0
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://pay.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://pay.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/plain; charset=UTF-8
date
Mon, 27 Mar 2023 10:39:25 GMT
expires
Mon, 27 Mar 2023 10:39:25 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
arrow_chilli_right.svg
www.upay.co.uk/app/images/svg/ 		382 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.upay.co.uk/app/images/svg/arrow_chilli_right.svg
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-theme.min.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
7aae7731a2e4818c477ffcc4542711f14d458431d750d069255dcc9bd2f56440
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/css/chilli-theme.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:25 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
no-cache
accept-ranges
bytes
content-length
382
expires
-1
chk_chilli_radio.svg
www.upay.co.uk/app/images/svg/ 		319 B
364 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.upay.co.uk/app/images/svg/chk_chilli_radio.svg
Requested by
Host: www.upay.co.uk
URL: https://www.upay.co.uk/app/css/chilli-full.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.249.71.117 , United Kingdom, ASN204413 (HYVE-UK, GB),
Reverse DNS
Software
/
Resource Hash
7f9c0e8e6b002c560293889b58b293aa8a492fc632ed84af95dbf3369cf68755
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.upay.co.uk/app/css/chilli-full.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubdomains
content-security-policy
default-src https: data: 'unsafe-inline' 'unsafe-eval'
date
Mon, 27 Mar 2023 10:39:25 GMT
last-modified
Wed, 03 Mar 2021 14:32:48 GMT
server
etag
"0e82a153a10d71:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
no-cache
accept-ranges
bytes
content-length
319
expires
-1
log
play.google.com/ Frame 59F3 		131 B
578 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.en_US.EUKB3z9k3a8.es5.O/am=wGgAEA/d=1/excm=_b,_r,_tp,payframeview/ed=1/dg=0/wt=2/rs=AMitfrgkeyxc0MHj1aQY5yIFnk5sg15c1g/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://pay.google.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Mon, 27 Mar 2023 10:39:25 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pay.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 27 Mar 2023 10:39:25 GMT

Verdicts & Comments Add Verdict or Comment

313 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| appDetails function| getQueryString string| appMode function| overrideAppMode undefined| lastAppMode string| bid string| url undefined| queryStringAppModeOverride string| metaAppMode string| metaVersion string| metaTestHandler number| APP string| APP_TEST_HANDLER boolean| TEST_MODE function| getServiceVersion object| Platforms boolean| _IsMob function| IsMob function| getCssUrl boolean| isUpay boolean| isUpayChilli string| id string| script1 string| script2 object| initialQueryString number| appModeOverride function| gtag object| dataLayer object| google_tag_manager undefined| trimBeginRegexp undefined| trimEndRegexp object| typeformEmbed function| $ function| jQuery function| Inputmask object| webpackJsonp object| denylistedDomainsHashedValueListForGpayButtonWithCardInfo object| whitelistedDomainsHashedValueListForGpayButtonWithCardInfo object| denylistedMerchentIdsHashedValueListForGpayButtonWithCardInfo object| google function| FastClick object| Handlebars function| UAParser function| moment object| intlTelInputGlobals function| intlTelInput object| __SECRET_EMOTION__ object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| Chartist function| introJs object| braintree number| __mobxInstanceCount object| __mobxGlobals object| Base64 function| JSEncrypt number| 2f1acc6c3a606b082e5eef5e54414ffb function| _ object| DNAPayments function| songbirdLoader object| Cardinal object| google_tag_data string| GoogleAnalyticsObject function| ga object| LoggingTypes number| LoggingType object| Apps function| addDocEvent function| clickProtect function| mobileNumberInput string| PCI_LINK_UPAY string| PCI_LINK_MINT number| loadedImageCount number| maxImageCount function| getUrlParameter function| isLiveSite function| enableConsoleLog function| consoleLog function| consoleLogIf function| consoleGroupCollapsed function| consoleError function| getRandomInt function| getMatches function| isCapslock boolean| loadingScreen number| loadingScreenThrottleTimeout function| showLoadScreen function| hideLoadScreen function| arrMin function| arrMax function| arrContains function| addLog function| OpenNewWindow function| getAttrs function| getElem number| HEADER_HEIGHT function| cancelEvent function| formatCurrency function| catchOpenMenuClick function| cs function| user object| Months object| monthNames function| firstOrNull object| StartScreens object| AppLinks object| SystemData object| Payment function| toggleMobileFooter function| footerLink object| scanner function| didLaunchAppFromLink function| onDeviceReady object| KeyCodes function| setCookie object| EUCookie function| processOpenMessage object| openMessage object| viewPortInterval function| setViewPortInterval function| ShowMessage object| paths function| __assign function| __awaiter function| __generator function| __extends function| App function| cookiesEnabled function| getInternetExplorerVersion function| guid function| AppData function| SubscribedEvent function| Authentication function| AutoRegistration function| Balances function| Barcode function| ContactUs function| ContactHelpdesk function| DeviceCamera function| Errors function| Firebase object| Receipts object| VoucherTypes function| Vouchers object| TicketModes object| OfferTypes object| WeekDays function| Promotions object| NotificationStatuses function| Notifications object| StatementModes function| GetMonthName function| GetShortMonthName object| st function| Statement function| statementDrawMobRow function| statementFormatDate function| GuestPay function| SiteCard function| Account object| SignUp function| PayrollTopup function| AutoTopUp function| QuickTopUp object| ChargingModels function| Shop object| VatType object| OrderType function| Fulfilment object| PaymentMethod function| Checkout function| CheckoutConfirmation function| Favourites object| FunctionBooking object| EventBookings object| OtherPaymentsModule object| Wallet function| IDCards function| DayPass object| FormStyles object| ButtonStyles function| supportsPlaceholder function| placeholderFocus function| placeholderBlur object| Forms object| Translations function| registerPartials function| Util object| AccountSettings object| MessageTypes object| Documents object| TermsAndConditions object| PrivacyPolicy object| FCA object| About object| ReleaseNotes object| PaymentsWF object| DeliveryPromptOptions object| DateTimeSelections object| Order number| transitionSpeed object| FormFactory string| gcpApiKeyUpay function| GoogleMaps function| Home object| TransactionPaymentMethod object| Menu function| PasswordResets function| QuickPay function| CallQueue object| ServerData function| Session function| SideDrawer function| StripeCard function| StripeApi function| TouchId function| IosTouchId function| AndroidTouchId function| VersionService function| VoucherShop function| MobilePrompt function| ProfileImage function| Referral object| Api function| BookForUser function| Bookings function| MenuBasket object| Closure undefined| mySwipe function| Carousel function| checkboxOn function| checkboxOff function| executeCheckboxCallback function| toggleCheckbox function| toggleCheckboxKey function| checkboxModelFor function| DropDown function| FullscreenControl object| Radio function| Features function| ActionEvent function| findFuncFromString object| Refreshing function| trackAppEvent function| hideKeyboard object| UpayPermissions function| sumByProperty function| distinctByProperty object| Modal function| PopUp function| Router object| ScriptInjection function| SessionCheck function| SiteMessages function| touchDeviceTest function| startRewire function| rewireEvents function| findParentClick object| keys function| preventDefault function| keydown function| wheel function| disable_scroll function| enable_scroll function| LinkManager function| OtherPaymentControls function| OtherPaymentStatement function| OtherPayments function| AmountScreen function| BraintreeApi function| ContinueScript function| tileClick object| PaymentTypes object| Payments function| PayPal object| PspTypes function| CardManagement function| TopUp object| Registration function| SpendLimits function| Basket function| SingleItemRenderer function| CompoundItemRenderer function| BasketRenderer object| Survey function| TypeformSurveys object| UpayGo function| Company object| dayNames function| DateTime function| TimeSpan object| Logging function| Money function| Throttler object| WalletModes object| Templates function| scrollDown function| handleOpenURL boolean| typeformEmbedIsloaded object| gaplugins object| gaGlobal object| gaData object| onTouchLast

5 Cookies

Domain/Path Name / Value
.upay.co.uk/ Name: _ga
Value: GA1.3.1527094561.1679913565
.upay.co.uk/ Name: _gid
Value: GA1.3.638751340.1679913565
.upay.co.uk/ Name: _gat_gtag_UA_114244871_1
Value: 1
.google.com/ Name: NID
Value: 511=HRMyBKg1ZMkTVcOazyVVbIKWEmLemWzxl-ROJnNfFOy739fBPE3RMQqfEPjuKrtlxvHHt-otNmtGGVOpxUZh3AWsmy3pAPnCFrLqpyl4zfqvZnTh7Lxkx7rEagTGILK2U1SXsn3229E79b2IrrK8viPXe7vVJCv5RNiLgdPMiv0
www.upay.co.uk/ Name: ASP.NET_SessionId
Value: kwrt5ysoykmjzebjpij4jtfh

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
pay.google.com
play.google.com
songbirdstag.cardinalcommerce.com
www.google-analytics.com
www.googletagmanager.com
www.gstatic.com
www.upay.co.uk
185.249.71.117
2606:4700::c6d9:fbfb
2a00:1450:4001:813::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2008
2a00:1450:4001:82f::200e
2a00:1450:4013:c00::5c
0e07df4b12d7774f8c74911eaf310c28b6d22d6c00f3c6198528b001282bb660
11ef01d887ad3a563fc3db4697a0259f416b73e246d66f819833426ca175a16c
2423c6c4a061a88a2bc3dfce861dc7d0a3240da8f928a12740b1e50ab9921b2a
3b89c4dcc768b57728ce58b9481a70723cd3990025d2b4bcf5cd8f6913def9b7
4c14c497b838f98c9175275123b95b20f9b7da80813c1674c031bdc606f88578
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
714da482e3f3a841a8a90b0f92a412800119c54dbaf315b70f9dcced59a9f36c
7aae7731a2e4818c477ffcc4542711f14d458431d750d069255dcc9bd2f56440
7db42dcb553c42856d5a11712b2a372506b8131c2f9a0dda2520676069533c04
7f9c0e8e6b002c560293889b58b293aa8a492fc632ed84af95dbf3369cf68755
81cd2ec36da64dd9f90a69160523c9dde80bd0d1293dfbb62a58d3b36f50bd81
8573720a8f707ebd1721d16b0a489c2e659c776ba5d98cbc073027eb0d9b91aa
96fc75f4a8ccb249fb0398a50d1d972f5a8459c80e671d400772f90933116735
9af0b6afa8f9e2f45f54124f34889ee223d648ceec616f5d8230ea55f973dfd9
9bb253cff37a8c011e29d9f65e139a2d14c31b9802c4016a4b0f89e3e7a4415e
a333545d25ee94e2f8bab4405a4ac5b7624e14ebf4c95626d4a31543ed9b8c5e
ab89a9afca3a0122e7368da10a6e8d671613fc06628e85eada9c1953cf7b6cba
bb2b8ff97e390fd5714879c9616a0e301df72228893ed11e3f90bc056a8cf549
c3dda755c00aab1006909aeddd49310ce0854a9954ce74af18b35608f2877e42
c832f448768fe7ab81764743ae13d05cabca5392084a343f7baae7935c627898
cab16faff8b5a4e8213eac29073e5353be70f5a3781d8d9a18a7675bd2c21dcd
d53b8656b8f584f2303e2ca2e8be93d17c0245e7d62c419c79f701c4219b30cd
d6ad4aaa86dd0f9d7397fa93789e58e4fc995f1b07661c47cf33c9727dc58bca
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e830211a5c46bf8e5c2e5efc8c74335da809ba41ae4d204cb7b5047c79a82779
ebc37b493d54ebe4a8b9a9bbc5f3e98469eb2d14119f644ba9000e973fb60e49
ef567864b4c9c6e455b17abd97373375907a57b25e6365e30d940414d3be941e
faef153ef047e7c80524c7c5aba6eee538d0972e87996343072a2d6238d8827a