urlscan.io logo urlscan.io
SecurityTrails logo

my.castandcrew.com Open in urlscan Pro
2600:9000:266a:600:4:b29d:8b80:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://startplus.castandcrew.com/
Effective URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Submission: On April 17 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 1 countries across 9 domains to perform 79 HTTP transactions. The main IP is 2600:9000:266a:600:4:b29d:8b80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is my.castandcrew.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on March 5th 2024. Valid for: a year.
This is the only time my.castandcrew.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 108.138.106.9 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2600:9000:251... 16509 (AMAZON-02)
3 18.164.116.55 16509 (AMAZON-02)
10 15.197.151.86 16509 (AMAZON-02)
2 2602:816:5001... 54113 (FASTLY)
1 162.247.243.29 54113 (FASTLY)
1 3 13.35.93.108 16509 (AMAZON-02)
21 2600:9000:266... 16509 (AMAZON-02)
1 108.138.128.117 16509 (AMAZON-02)
6 136.146.43.245 14340 (SALESFORCE)
3 2600:9000:23c... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 136.147.252.241 14340 (SALESFORCE)
3 34.107.204.85 396982 (GOOGLE-CL...)
1 162.247.243.30 54113 (FASTLY)
2 13.110.44.170 14340 (SALESFORCE)
2 34.232.140.78 14618 (AMAZON-AES)
79 19
11    108.138.106.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-9.jfk50.r.cloudfront.net
startplus.castandcrew.com
3    2607:f8b0:4006:80e::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2600:9000:2512:1800:1e:cb94:adc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
content.pendo.castandcrew.com
3    18.164.116.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-55.jfk50.r.cloudfront.net
cncflags.castandcrew.com
10    15.197.151.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: a9d4dea8e2661b2ed.awsglobalaccelerator.com
login.castandcrew.com
2    2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
1    162.247.243.29 (United States)

ASN54113 (FASTLY, US)
bam.nr-data.net
3    13.35.93.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-108.jfk50.r.cloudfront.net
sso-prd.prod.aws.castandcrew.com
21    2600:9000:266a:600:4:b29d:8b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
my.castandcrew.com
1    108.138.128.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-117.jfk50.r.cloudfront.net
cdn.plaid.com
6    136.146.43.245 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl12-ncg1-c8-iad5.na249-ia7.force.com
service.force.com
3    2600:9000:23ca:3400:1b:ef38:3680:21 (United States)

ASN16509 (AMAZON-02, US)
d21y75miwcfqoq.cloudfront.net
1    2607:f8b0:4006:816::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    136.147.252.241 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl16-ncg1-c7-iad4.na253-ia6.force.com
service.force.com
3    34.107.204.85 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 85.204.107.34.bc.googleusercontent.com
data.pendo.castandcrew.com
1    162.247.243.30 (United States)

ASN54113 (FASTLY, US)
bam-cell.nr-data.net
2    13.110.44.170 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl13-ncg1-c6-iad5.la3-c1-ia5.salesforceliveagent.com
d.la3-c1-ia5.salesforceliveagent.com
2    34.232.140.78 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-140-78.compute-1.amazonaws.com
d.la1-core1.sfdc-yfeipo.salesforceliveagent.com
Apex Domain
Subdomains		 Transfer
53 castandcrew.com
startplus.castandcrew.com
content.pendo.castandcrew.com
cncflags.castandcrew.com
login.castandcrew.com — Cisco Umbrella Rank: 968029
sso-prd.prod.aws.castandcrew.com Failed
my.castandcrew.com
data.pendo.castandcrew.com
3 MB
7 force.com
service.force.com — Cisco Umbrella Rank: 3968
31 KB
4 salesforceliveagent.com
d.la3-c1-ia5.salesforceliveagent.com — Cisco Umbrella Rank: 17035
d.la1-core1.sfdc-yfeipo.salesforceliveagent.com — Cisco Umbrella Rank: 11690
6 KB
3 cloudfront.net
d21y75miwcfqoq.cloudfront.net
1 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
3 KB
2 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 245
bam-cell.nr-data.net — Cisco Umbrella Rank: 3371
1 KB
2 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 641
31 KB
1 gstatic.com
fonts.gstatic.com
46 KB
1 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 14166
41 KB
79 9
Domain Requested by
21 my.castandcrew.com startplus.castandcrew.com
my.castandcrew.com
11 startplus.castandcrew.com startplus.castandcrew.com
10 login.castandcrew.com startplus.castandcrew.com
my.castandcrew.com
7 service.force.com my.castandcrew.com
3 data.pendo.castandcrew.com my.castandcrew.com
3 d21y75miwcfqoq.cloudfront.net my.castandcrew.com
3 sso-prd.prod.aws.castandcrew.com startplus.castandcrew.com
my.castandcrew.com
3 cncflags.castandcrew.com startplus.castandcrew.com
my.castandcrew.com
3 fonts.googleapis.com startplus.castandcrew.com
my.castandcrew.com
2 d.la1-core1.sfdc-yfeipo.salesforceliveagent.com my.castandcrew.com
2 d.la3-c1-ia5.salesforceliveagent.com my.castandcrew.com
2 js-agent.newrelic.com startplus.castandcrew.com
my.castandcrew.com
2 content.pendo.castandcrew.com startplus.castandcrew.com
my.castandcrew.com
1 bam-cell.nr-data.net my.castandcrew.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdn.plaid.com my.castandcrew.com
1 bam.nr-data.net startplus.castandcrew.com
js-agent.newrelic.com
79 17

This site contains links to these domains. Also see Links.

Domain
support.castandcrew.com
login.castandcrew.com
Subject Issuer Validity Valid
startplus.castandcrew.com
Amazon RSA 2048 M03		 2024-03-11 -
2025-04-10		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
content.pendo.castandcrew.com
Amazon RSA 2048 M01		 2023-07-26 -
2024-08-22		 a year crt.sh
cncflags.castandcrew.com
Amazon RSA 2048 M02		 2024-03-31 -
2025-04-29		 a year crt.sh
login.castandcrew.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-04 -
2024-09-20		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1		 2024-03-21 -
2025-04-22		 a year crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-29 -
2024-10-01		 a year crt.sh
my.castandcrew.com
Amazon RSA 2048 M02		 2024-03-05 -
2025-04-03		 a year crt.sh
secure.plaid.com
DigiCert EV RSA CA G2		 2024-03-12 -
2025-03-11		 a year crt.sh
*.na249.force.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-28 -
2024-08-21		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
sso-prd.prod.aws.castandcrew.com
Amazon RSA 2048 M01		 2023-05-28 -
2024-06-26		 a year crt.sh
*.na253.force.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-05 -
2024-09-22		 a year crt.sh
data.pendo.castandcrew.com
GTS CA 1D4		 2024-03-08 -
2024-06-06		 3 months crt.sh
la3-c1-ia5.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-01 -
2024-10-29		 a year crt.sh
la1-core1.sfdc-yfeipo.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-10 -
2025-02-09		 a year crt.sh

This page contains 4 frames:

Primary Page: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Frame ID: 14820D1F53C51EDFA045404CEE4006D4
Requests: 74 HTTP requests in this frame

Frame: https://login.castandcrew.com/oauth2/ausetjg5xy8y30npD356/v1/authorize?client_id=0oa88y7e9JjCjaHcO356&nonce=jM9gz15UwZ3CvTqpRQFvcxngBPXlwfQ6X9alj0Ju61A27h4T8LtlvY8GoVRGaYYw&prompt=none&redirect_uri=https%3A%2F%2Fstartplus.castandcrew.com&response_mode=okta_post_message&response_type=token&state=AVxZyXTwFjRPw9JEUH9Ud4hjTpqux5J5cLZGTs3RNJdfjdDKEdTFH13QETjDqJH2&scope=startplus_prod
Frame ID: 9D8B8D18FB260D635304B4AFD78038FD
Requests: 1 HTTP requests in this frame

Frame: https://service.force.com/embeddedservice/5.0/esw.html?parent=https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Frame ID: 7C43564372F058890DF363839974CF8B
Requests: 1 HTTP requests in this frame

Frame: https://login.castandcrew.com/oauth2/aus77kwrwSbSunX5s356/v1/authorize?client_id=0oa1b383d8XvfKYp0356&nonce=5BoBHY3dGnLQJxlETw8K2dbFDBJ5zfacWXMcu4lwMFMdVNDI4WIJ805N0EVneZQB&prompt=none&redirect_uri=https%3A%2F%2Fmy.castandcrew.com%2Fimplicit%2Fcallback&response_mode=okta_post_message&response_type=token&state=wOj0G8wkVd8gnsoFlMY1fCN5ZyzbeusKFKUAMT9RSRh673JWq4tfjVaonOugOvsk&scope=openid
Frame ID: B1D378109A5B16930A4846E2775534F6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

MyCast&Crew

Page URL History Show full URLs

  1. http://startplus.castandcrew.com/ HTTP 307
    https://startplus.castandcrew.com/ Page URL
  2. https://sso-prd.prod.aws.castandcrew.com/logout?fromURI=https://my.castandcrew.com/login?fromURI=https://startplus.ca... HTTP 302
    https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • service\.force\.com

Page Statistics

79
Requests

95 %
HTTPS

33 %
IPv6

9
Domains

17
Subdomains

19
IPs

1
Countries

2729 kB
Transfer

9951 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://startplus.castandcrew.com/ HTTP 307
    https://startplus.castandcrew.com/ Page URL
  2. https://sso-prd.prod.aws.castandcrew.com/logout?fromURI=https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/ HTTP 302
    https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://startplus.castandcrew.com/ HTTP 307
  • https://startplus.castandcrew.com/

79 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
startplus.castandcrew.com/
Redirect Chain
  • http://startplus.castandcrew.com/
  • https://startplus.castandcrew.com/
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
92fed32dfa7ba4e92b0aff7c84f653cd86be819c98065d5b8853b6caa8b057c0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

age
61
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
content-type
text/html
date
Wed, 17 Apr 2024 18:50:44 GMT
etag
W/"c0266c0b51f03b818c5cffe8e1dcb408"
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
x-amz-cf-id
VKPwR3iaijywv0OF22iWEvBkZfZicMNaRCZYBQdMSRnWGdLf-KmgYg==
x-amz-cf-pop
JFK50-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
BrWXWg9sYVulf9U9gGZ3MnqGY0zB1wnT
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

Location
https://startplus.castandcrew.com/
Non-Authoritative-Reason
HttpsUpgrades
version.js
startplus.castandcrew.com/js/ 		402 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/js/version.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9827594b4ef23d2fdc370659277e9e946901fd6618fac504960abaef7b32d40b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
S7Wvq6qJDvQPdVdy7OaXup2RstoVza72
date
Wed, 17 Apr 2024 18:50:45 GMT
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
402
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
"18e65d03cb48f54f6e03a4caa7e07b7f"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
YHYutQvEmLNSK2e7EeHFT_iZmsJy2cW_sGB8911mKR9DvoqA6MzINg==
newrelic.js
startplus.castandcrew.com/js/ 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/js/newrelic.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c54143c6a2e64d7a440f02160cd211d78bf2ef342118ecf5fce2c68c5fd5ae2a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
LIjMFpGJCFsIxStyYOL3M3iT2w756HaB
content-encoding
br
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:50:45 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-amz-cf-pop
JFK50-P3
age
60
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
W/"f25d7483e875701ba788548e13f35cfb"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
jYvQ_acuKlPhOxJ81yqAqHynkZErlHKSW0NNbnueh4AsC8ud225_ng==
pendo.js
startplus.castandcrew.com/js/ 		773 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/js/pendo.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0cd376a8b8e76b454df66c3a04299159246a185df5d5c2a87da00b108a319e12
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
9j3cp_zaU1jzgUJ._GzKsg2wzvRhgkkc
date
Wed, 17 Apr 2024 18:50:45 GMT
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
773
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
"0ac53b6cfce9731a2deb944aba3486c5"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
goVmqzX9ZRNkBfMYIATF8adQHfexH2pQSxel_jYZpOvDetXR-o-Fsw==
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,500;0,700;1,700&display=swap
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cfb13613607e51018672f171240dfbc4f6b5b6df1d7991e6226724b68138263c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 17 Apr 2024 18:51:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 17 Apr 2024 18:51:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Apr 2024 18:51:39 GMT
2.20b8b2fe.chunk.css
startplus.castandcrew.com/static/css/ 		24 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/static/css/2.20b8b2fe.chunk.css
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a574a4b430fa0d646a2476a46444bf1f72c7121a9c86a78b0609085896d63e02
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
gDUOq6Mufh5CaCp1iI1g6aROiV3XsQEw
content-encoding
br
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:50:45 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
W/"5c68a9b8d2b7aae7fd90ae0a3ed854d9"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
2A5kerRmBoKi9II7yI9pdKq_DPhWZTq3g9kAlQ2rYjO6ZYiXtRCI1A==
main.b0d95e22.chunk.css
startplus.castandcrew.com/static/css/ 		93 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/static/css/main.b0d95e22.chunk.css
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5fd15d0715afe50b21d64e132da6569598c77356d6d1722deff6f227c8ac3b3f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
fTC86yqOPlQ.i86ezr4m30EU6A.Zs0Tp
content-encoding
br
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:50:45 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
W/"bae41f1ad7537f20b74a8d419f6e28ca"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
KE1ZjHdXEJXdTZ31BalCjJvWeoqTMsGSVQYheIT24FNNYprCYuRuGw==
salesforce.css
startplus.castandcrew.com/css/ 		543 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/css/salesforce.css
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
597823b1c15039bf2dd6dc9a72c884190a68cbcfd5f4643a1d041772c13e1902
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
Hpwk6QFDZ9MKUQRw7B1yRSv2fnbdqFVT
date
Wed, 17 Apr 2024 18:50:45 GMT
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK50-P3
age
60
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
543
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
"97154c4668a8b0a96c9a33f400063e1d"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
G64II-_nmYFdZ5UFJmYY9IlvCnXRlosZvsNWc8i9bkzoZB3OAz8ioQ==
runtime-main.276325f6.js
startplus.castandcrew.com/static/js/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/static/js/runtime-main.276325f6.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
eb00df12da2210720924c52b4abe030cc362232f17b5b2fc9898ce2b3815183b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
QTs5f_epQd4EeyIncR.b8Upd.MFcLZhM
content-encoding
gzip
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:50:45 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:26 GMT
server
AmazonS3
etag
W/"5122e9395a718ccb7f7a895b8bacdbb6"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
iVJBKlerPT-zN97NbRrMfgAPB6O-9sRVwQhmYfbJ1KpOiGupiHQyRw==
2.a146f92e.chunk.js
startplus.castandcrew.com/static/js/ 		3 MB
751 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/static/js/2.a146f92e.chunk.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
87560f8eed72fedfea93d6c6c3189d11f5dbd5ff1c7e1335acae47938ebeacce
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
tdZkXaGVwiernP9cGCwXlG0xPXgHM7jj
content-encoding
gzip
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:50:45 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
W/"d4374e28e99ff7aacc81d23ed2480e9d"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
5KekmsIw25A_BEd-HFDDGxAJ-SRlUnF9ArMWDZPIH-OYMuqbQv8rgg==
main.4b9a811d.chunk.js
startplus.castandcrew.com/static/js/ 		2 MB
365 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/static/js/main.4b9a811d.chunk.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f580e00b3392cd67d4a25d2d42adf9cdbd15978598f830184d02a677ea63f838
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
Th5KPNF_fe0VotOm1JPDFU0TEipa3PzK
content-encoding
br
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:50:45 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-amz-cf-pop
JFK50-P3
age
61
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:26 GMT
server
AmazonS3
etag
W/"c7131d00db47e8f45e4f1c245f414bbf"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
5mJPN2WKejwKdKOLtUa7P9dFVjY97fEa04BJ9OtYI_ZF6HIVwcUKrw==
pendo.js
content.pendo.castandcrew.com/agent/static/8aa9726b-0e80-40fa-6e2e-7229941bef5b/ 		473 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.pendo.castandcrew.com/agent/static/8aa9726b-0e80-40fa-6e2e-7229941bef5b/pendo.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:1800:1e:cb94:adc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
c805b974599d6a74bae11fc13f246f9f1e724ae35b755fba19734addf90be847
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:46:32 GMT
content-encoding
gzip
via
1.1 75b993b111cd9fbf19d5284ea3de78ec.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
JFK50-P7
age
308
x-guploader-uploadid
ABPtcProFSodb9GFby5h3m7Y2ASm5IGFvSMQ0UuAK6tshCMkGFjleFGxIVwJoRz2eLihldXsGDc
x-cache
Hit from cloudfront
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
157618
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 17 Apr 2024 14:29:24 GMT
server
UploadServer
etag
"6940b7e3711f19897d6d765c64a8dbd7"
vary
Accept-Encoding
x-goog-generation
1713364164411072
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=FftfMA==, md5=aUC343EfGYl9bXZcZKjb1w==
access-control-expose-headers
*
cache-control
max-age=450
x-goog-stored-content-length
157618
x-frame-options
DENY
accept-ranges
bytes
x-amz-cf-id
cIiyx2HsTxvMrJHGav4bVVC-wLY8xezuTgdp3SYkpwAVTW2p6u8BdA==
expires
Wed, 17 Apr 2024 18:54:02 GMT
graphql
cncflags.castandcrew.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cncflags.castandcrew.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-55.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://startplus.castandcrew.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://startplus.castandcrew.com
content-length
1
content-type
application/json
date
Wed, 17 Apr 2024 18:51:41 GMT
via
1.1 079cd4553da15b2329bffae6abe6157e.cloudfront.net (CloudFront)
x-amz-apigw-id
WYkJoF7MPHcEBRQ=
x-amz-cf-id
29Jbu1aFaCSMcZYRfN6isqUd8sEBcLIrOOFVxvuqZv8iJOl3V0ntMQ==
x-amz-cf-pop
JFK50-P6
x-amzn-requestid
9ac3b919-51f4-4974-8d28-1796d8993b9e
x-cache
Miss from cloudfront
graphql
cncflags.castandcrew.com/ 		0
0
me
login.castandcrew.com/api/v1/sessions/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://startplus.castandcrew.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
0
Date
Wed, 17 Apr 2024 18:51:40 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
accept-ch
Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-okta-user-agent-extended,Content-Type
access-control-allow-methods
DELETE, GET, OPTIONS
access-control-allow-origin
https://startplus.castandcrew.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cache-control
no-cache, no-store
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp
expires
0
p3p
CP="HONK"
pragma
no-cache
report-to
{"group":"csp","max_age":31536000,"endpoints":[{"url":"https://oktacsp.report-uri.com/a/t/g"}],"include_subdomains":true}
vary
Origin
x-frame-options
SAMEORIGIN
x-okta-request-id
ZiAaPGp1XXXJH1xpZVCDPAAAC5o
x-rate-limit-limit
10000
x-rate-limit-remaining
9959
x-rate-limit-reset
1713379930
x-xss-protection
0
me
login.castandcrew.com/api/v1/sessions/ 		163 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
5133b92f40c509cf3ccfe020a5653d6b3d0022fecd0cf89f59e2fbe171fa579c
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-okta-user-agent-extended
okta-auth-js-2.13.2
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZiAaPCweoajpojw3L51YEQAABqM
Date
Wed, 17 Apr 2024 18:51:40 GMT
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
517
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://startplus.castandcrew.com
x-rate-limit-reset
1713379913
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=99
expires
0
authorize
login.castandcrew.com/oauth2/ausetjg5xy8y30npD356/v1/ Frame 9D8B 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/oauth2/ausetjg5xy8y30npD356/v1/authorize?client_id=0oa88y7e9JjCjaHcO356&nonce=jM9gz15UwZ3CvTqpRQFvcxngBPXlwfQ6X9alj0Ju61A27h4T8LtlvY8GoVRGaYYw&prompt=none&redirect_uri=https%3A%2F%2Fstartplus.castandcrew.com&response_mode=okta_post_message&response_type=token&state=AVxZyXTwFjRPw9JEUH9Ud4hjTpqux5J5cLZGTs3RNJdfjdDKEdTFH13QETjDqJH2&scope=startplus_prod
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
22f507a6867e9415db436473af9f456aad31397e04260d9564627f349314075e
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Wed, 17 Apr 2024 18:51:40 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
accept-ch
Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store
content-language
en
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZiAaPCweoajpojw3L51YCwAABqM
x-rate-limit-limit
1200
x-rate-limit-remaining
1032
x-rate-limit-reset
1713379922
x-xss-protection
0
nr-spa-1177.min.js
js-agent.newrelic.com/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1177.min.js
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54cb1f867060c01677649ce2d5e65485b33ce06ea271cb4244cbdd22c31fe69a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
noxrO5H6YFXAlg5TsMA6DCG3almWJ7SN
content-encoding
br
via
1.1 varnish
date
Wed, 17 Apr 2024 18:51:40 GMT
strict-transport-security
max-age=300
x-amz-request-id
Q5RQ55R2NAW56AGY
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
14836
x-amz-id-2
qH9YHnGC5FcBSBoyBlgeOoNyXqvrLwSX+vwzZF8yTvy3mXYcDwXBvHFPyQLQjBXF2ytzzLIvxx0=
x-served-by
cache-mia-kmia1760030-MIA
last-modified
Wed, 18 Oct 2023 21:30:50 GMT
server
AmazonS3
etag
"d89642b485486b2c9af6da463597333c"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
1894
me
login.castandcrew.com/api/v1/sessions/ 		163 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
4fbacf4e2ba9e05942c5922ec621cf0afe096e57e51395660f33634215e9b485
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-okta-user-agent-extended
okta-auth-js-2.13.2
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZiAaPGp1XXXJH1xpZVCDQgAAC28
Date
Wed, 17 Apr 2024 18:51:40 GMT
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
515
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://startplus.castandcrew.com
x-rate-limit-reset
1713379913
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=100
expires
0
favicon.ico
startplus.castandcrew.com/ 		15 KB
16 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://startplus.castandcrew.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4d13396ff09332ec0422bca9b7f8590fed60a42df5bbdb839ac5c0da5a4ea8ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
hzpz5JPwZdPpmOqkcBYeiLMqIqScuSp4
date
Wed, 17 Apr 2024 18:50:54 GMT
via
1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
content-security-policy
default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK50-P3
age
47
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
15086
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Tue, 09 Apr 2024 14:35:25 GMT
server
AmazonS3
etag
"09cb116b605ded41777702a6b8ba1864"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/vnd.microsoft.icon
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
7ZvMyngCmGDEhgI7LyvZvjZzEZByhaPnSKPcz_PNbPWAGLU2N8mKFQ==
me
login.castandcrew.com/api/v1/sessions/ 		163 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e33db1a17ceada226037558a0b99155c53f0ee692edf3dd6ec0af6a21b48a126
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-okta-user-agent-extended
okta-auth-js-2.13.2
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZiAaPCweoajpojw3L51YFQAABqM
Date
Wed, 17 Apr 2024 18:51:40 GMT
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce; report-to csp
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
514
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://startplus.castandcrew.com
x-rate-limit-reset
1713379913
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=98
expires
0
6a4f005d6a
bam.nr-data.net/1/ 		79 B
579 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/6a4f005d6a?a=225096557&sa=1&v=1177.96a4d39&t=Unnamed%20Transaction&rst=2223&ck=1&ref=https://startplus.castandcrew.com/&be=502&fe=2015&dc=1412&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1713379898587,%22n%22:0,%22f%22:2,%22dn%22:39,%22dne%22:39,%22c%22:39,%22s%22:145,%22ce%22:258,%22rq%22:258,%22rp%22:368,%22rpe%22:369,%22dl%22:373,%22di%22:1412,%22ds%22:1412,%22de%22:1412,%22dc%22:2014,%22l%22:2014,%22le%22:2016%7D,%22navigation%22:%7B%7D%7D&fp=1077&fcp=1374&jsonp=NREUM.setToken
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:41 GMT
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
Connection
keep-alive
timing-allow-origin
*
Content-Length
79
x-served-by
cache-mia-kmia1760060-MIA
me
login.castandcrew.com/api/v1/sessions/ 		163 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
04f47fb811cb052879687410d1d8c0ba38af0c4aad69523610b536cf6df38d11
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-okta-user-agent-extended
okta-auth-js-2.13.2
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZiAaPWp1XXXJH1xpZVCDRQAAC28
Date
Wed, 17 Apr 2024 18:51:41 GMT
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
513
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://startplus.castandcrew.com
x-rate-limit-reset
1713379913
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=99
expires
0
me
login.castandcrew.com/api/v1/sessions/ 		163 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/js/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
a489e4639738a67eebb2d682041d19809026914f7b28e6c1521df82611a66c9d
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-okta-user-agent-extended
okta-auth-js-2.13.2
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZiAaPSweoajpojw3L51YGgAABqM
Date
Wed, 17 Apr 2024 18:51:41 GMT
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
512
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://startplus.castandcrew.com
x-rate-limit-reset
1713379913
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=97
expires
0
logout
sso-prd.prod.aws.castandcrew.com/ 		0
0
Primary Request login
my.castandcrew.com/
Redirect Chain
  • https://sso-prd.prod.aws.castandcrew.com/logout?fromURI=https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
  • https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
32 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Requested by
Host: startplus.castandcrew.com
URL: https://startplus.castandcrew.com/static/js/main.4b9a811d.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
70d867df2bfb9321d7bc0a2e33423820b093519d2f436868497503ae8130a7d6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
208
cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
frame-ancestors 'self'; object-src 'none'
content-type
text/html
date
Wed, 17 Apr 2024 18:48:15 GMT
etag
W/"711904e62dd1de860ec98318b8d64ae3"
last-modified
Fri, 12 Apr 2024 02:28:47 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
x-amz-cf-id
CkZ_gAhmoMctviMDGteWUKbygCPd_y0sRGwDTsN48RnGxSVYOLVOyg==
x-amz-cf-pop
JFK52-P5
x-amz-server-side-encryption
AES256
x-amz-version-id
0myVE1V2IAHF2hseC1bHrgNdXdVfgxWc
x-cache
Error from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/json
date
Wed, 17 Apr 2024 18:51:41 GMT
location
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
via
1.1 4810d74d0025d8ce3dbab6cb71a901d2.cloudfront.net (CloudFront)
x-amz-apigw-id
WYkJrHRGPHcEKow=
x-amz-cf-id
yDixgyUHub_QF8BIFoJC8WZtowyuJoIDt4FdpQu5M6qlUuwQbiW3Zw==
x-amz-cf-pop
JFK50-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
60b31d14-a49a-49de-8133-18a4aa5842f2
x-amzn-trace-id
Root=1-66201a3d-0d4148a15c8f34b777049737
x-cache
Miss from cloudfront
6a4f005d6a
bam.nr-data.net/events/1/ 		0
0
6a4f005d6a
bam.nr-data.net/jserrors/1/ 		0
0
css2
fonts.googleapis.com/ 		18 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dec36f15ba246cbcc1a584c1753b35ca3ff397859d849a6a7831d091959be3d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 17 Apr 2024 18:51:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 17 Apr 2024 17:05:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Apr 2024 18:51:42 GMT
css2
fonts.googleapis.com/ 		9 KB
844 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
79d08edb5b23fcc8da45fcc77210c8e18771fcf3876dda7d2596cb3ed0512333
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 17 Apr 2024 18:51:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 17 Apr 2024 18:49:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 17 Apr 2024 18:51:42 GMT
main.c37cc684.js
my.castandcrew.com/static/js/ 		2 MB
404 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/js/main.c37cc684.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7099a4d50a3124a144c51c7b1105a216ee8a82a7668b8ed2829ecd207b07f91c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
5NtVvkmhu2ESPLv.hiUiiDIwmEHIYt8.
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:48:19 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
203
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Apr 2024 02:28:43 GMT
server
AmazonS3
etag
W/"6e677c237dd340cec329b02ed70e8bde"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
WIuA8mLflIhcXXmo2MEjUQisufapr2mObT6I11JfQ5BpXguHtv6Luw==
main.7acefb32.css
my.castandcrew.com/static/css/ 		174 B
813 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/css/main.7acefb32.css
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f80bf5a7d9289d4c1fa5f3e0ebc2d8519ef840f03544cc0429370d454b54e7b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
dridrdAlUAYhhEPGrcwTX9b206P8GygC
date
Wed, 17 Apr 2024 18:48:19 GMT
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P5
age
203
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
174
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:20 GMT
server
AmazonS3
etag
"266721168997d576d0af6f941eb7d2c5"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
rK3vlQujp1k8kWgxs65W1QuNFLrW1xgE1EnSYebDCEB1Kp_L4spujg==
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		147 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
887a9d12890ed0564b981f9e11ef5a53afd839783f679ca189677d8ddde5f556

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
GlJiBTM26PidYa2ztbqIXkRVKsZn6IpM
content-encoding
br
via
1.1 f7c13eeb01f01c4623bb4e70dbaa731a.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:37:11 GMT
x-amz-request-id
JXYVV02X7WCTJ80S
x-amz-cf-pop
JFK50-P4
x-amz-server-side-encryption
AES256
age
872
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
U95xaK1rkSUOMtNWf6fEmAX0oZIr0qKKt4Axoj5yKzCVQKpZl+HcBc3dpP1l22cMC55PYvVzPjie0bIpb/Xrm5qtCGKzmuUdTjzPAr5imEQ=
last-modified
Tue, 16 Apr 2024 18:11:04 GMT
server
AmazonS3
etag
W/"2c2205358de65b668ce1d5ebabe9079a"
vary
Accept-Encoding
content-type
text/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
5Xf02HiDGPolQsV56flLYCL3pIUqlvR3bmz9EmdYBaB8kB8O-l7dFw==
esw.min.js
service.force.com/embeddedservice/5.0/ 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/esw.min.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.146.43.245 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c8-iad5.na249-ia7.force.com
Software
/
Resource Hash
ef4dcc4dab4d780f44939c455d4720cab662b2f5fabc36ebc33a21f4cdbecd4e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 17 Apr 2024 17:00:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 04 Jul 2023 00:26:54 GMT
Content-Encoding
gzip
Age
6644
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=86400
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
8455
Expires
Thu, 18 Apr 2024 17:00:58 GMT
5eaa57bc
d21y75miwcfqoq.cloudfront.net/ 		68 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d21y75miwcfqoq.cloudfront.net/5eaa57bc
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:3400:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:43 GMT
x-amz-version-id
tL_CTIHiQw3ribGLlhA7UngCyS3xe0wz
via
1.1 bd3e3884ce6fe1fd36336541cce9ec7e.cloudfront.net (CloudFront)
last-modified
Mon, 29 Jan 2024 18:06:57 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
etag
"91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
68
x-amz-cf-id
RZs4tXx0tATB6nOPsh5kAGUupjKq8AQ9uafqiQzWyJdCqufXhC3I2w==
pendo.js
content.pendo.castandcrew.com/agent/static/1e3667f1-3a8a-4706-53f7-380405fcc2ad/ 		473 KB
155 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.pendo.castandcrew.com/agent/static/1e3667f1-3a8a-4706-53f7-380405fcc2ad/pendo.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2512:1800:1e:cb94:adc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
10717c7ee6cddbbbea76580b1e0d9992679ee7b59d0f04ec1511361a29ef8ea9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:49:58 GMT
content-encoding
gzip
via
1.1 75b993b111cd9fbf19d5284ea3de78ec.cloudfront.net (CloudFront)
content-security-policy
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
JFK50-P7
age
104
x-guploader-uploadid
ABPtcPrUDrRZCYzTnb3OuFcv7xxWbIhv1shKL95W36DYNzk1J9K35KY--_CkMAhjB5QR2kSsJXE
x-cache
Hit from cloudfront
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
157614
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 17 Apr 2024 14:29:24 GMT
server
UploadServer
etag
"b84abb1449d3b0b39a4dd9992ed25f1a"
vary
Accept-Encoding
x-goog-generation
1713364164405016
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=SSvL5A==, md5=uEq7FEnTsLOaTdmZLtJfGg==
access-control-expose-headers
*
cache-control
max-age=450
x-goog-stored-content-length
157614
x-frame-options
DENY
accept-ranges
bytes
x-amz-cf-id
6f8P21zNoRBBCKB-fxUdrm9cOyGyIdUw8yz9OTlmsJz9fbcPrlBZ6Q==
expires
Wed, 17 Apr 2024 18:57:28 GMT
common.min.js
service.force.com/embeddedservice/5.0/utils/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/utils/common.min.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.146.43.245 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c8-iad5.na249-ia7.force.com
Software
/
Resource Hash
7c273510050e27ad1e0a533b0a766c6c597575710d578a104e60d4810e173648
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 17 Apr 2024 17:00:57 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 17 Feb 2022 23:57:30 GMT
Content-Encoding
gzip
Age
6646
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=86400
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
1918
Expires
Thu, 18 Apr 2024 17:00:57 GMT
5eaa57bc
d21y75miwcfqoq.cloudfront.net/ 		68 B
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d21y75miwcfqoq.cloudfront.net/5eaa57bc
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:3400:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:44 GMT
x-amz-version-id
tL_CTIHiQw3ribGLlhA7UngCyS3xe0wz
via
1.1 bd3e3884ce6fe1fd36336541cce9ec7e.cloudfront.net (CloudFront)
last-modified
Mon, 29 Jan 2024 18:06:57 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
etag
"91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
68
x-amz-cf-id
Sc4R4rmHhx_ISjH1fu0auLUEQhivx4Cy9u03G9Q9MJoEsRKVgaPDUw==
MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
my.castandcrew.com/static/media/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e8176a5aa803d964438269e98ca3d3801aa60ddbc106f37dc9292b1f048a848
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
16IvqCS8uwcs5G1iJClSKnJEYR8rM_EQ
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:48:19 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
213
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"6c5e46788917418c68e8e6d453da24a0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
UaRvqicOaVfk8zsH7DdydDMrza0yPSdBZ0G7ZrtwKXvv4N5czUnsqg==
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1245126bc3dd976cb257bc4f144770f0fa1154b7a586a541d147b2d24773eea8

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://my.castandcrew.com
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 22:13:15 GMT
x-content-type-options
nosniff
age
160708
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Apr 2025 22:13:15 GMT
me
login.castandcrew.com/api/v1/sessions/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://my.castandcrew.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
0
Date
Wed, 17 Apr 2024 18:51:43 GMT
Keep-Alive
timeout=5, max=99
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
accept-ch
Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-okta-user-agent-extended,Content-Type
access-control-allow-methods
DELETE, GET, OPTIONS
access-control-allow-origin
https://my.castandcrew.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cache-control
no-cache, no-store
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
expires
0
p3p
CP="HONK"
pragma
no-cache
vary
Origin
x-frame-options
SAMEORIGIN
x-okta-request-id
ZiAaP2p1XXXJH1xpZVCDcwAAC5o
x-rate-limit-limit
10000
x-rate-limit-remaining
9955
x-rate-limit-reset
1713379930
x-xss-protection
0
me
login.castandcrew.com/api/v1/sessions/ 		163 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/api/v1/sessions/me
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
844fa94bfb5069254e2da41cd6bb55f134651785fa999edd966c238f48f36f49
Security Headers
Name Value
Content-Security-Policy default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-Okta-User-Agent-Extended
okta-auth-js/7.5.0
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZiAaPyweoajpojw3L51YUQAABqM
Date
Wed, 17 Apr 2024 18:51:43 GMT
content-security-policy
default-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; connect-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com castandcrew.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; style-src 'unsafe-inline' 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com; frame-src 'self' castandcrew.okta.com castandcrew-admin.okta.com login.castandcrew.com login.okta.com com-okta-authenticator:; img-src 'self' castandcrew.okta.com login.castandcrew.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' castandcrew.okta.com login.castandcrew.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
509
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://my.castandcrew.com
x-rate-limit-reset
1713379913
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=96
expires
0
esw.min.css
service.force.com/embeddedservice/5.0/ 		9 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/esw.min.css
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.146.43.245 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c8-iad5.na249-ia7.force.com
Software
/
Resource Hash
721f2d2fe18f13edc2ae51c1918c1b0a2d7b668318c559310ab35fa22363fdad
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 17 Apr 2024 17:01:37 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 14:11:56 GMT
Content-Encoding
gzip
Age
6606
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public,max-age=86400
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
4027
Expires
Thu, 18 Apr 2024 17:01:37 GMT
liveagent.esw.min.js
service.force.com/embeddedservice/5.0/client/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.146.43.245 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c8-iad5.na249-ia7.force.com
Software
/
Resource Hash
1df96aff7c1a0b4a1f03d51ec741df8d542fcf32eddee1a0295068e4a7f0017b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 17 Apr 2024 17:01:44 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 17 Aug 2022 20:11:18 GMT
Content-Encoding
gzip
Age
6599
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=86400
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
5913
Expires
Thu, 18 Apr 2024 17:01:44 GMT
MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
my.castandcrew.com/static/media/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/static/js/main.c37cc684.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e8176a5aa803d964438269e98ca3d3801aa60ddbc106f37dc9292b1f048a848
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
16IvqCS8uwcs5G1iJClSKnJEYR8rM_EQ
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:51:43 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
213
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"6c5e46788917418c68e8e6d453da24a0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
hMN2IR6t3-94G-QUz5ym0yKyjPHB_ckSqop1uRHEVUKGdj-AsWPzsQ==
graphql
sso-prd.prod.aws.castandcrew.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sso-prd.prod.aws.castandcrew.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-108.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://my.castandcrew.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent,X-Amzn-Trace-Id,x-client-version
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://my.castandcrew.com
content-length
0
content-type
application/json
date
Wed, 17 Apr 2024 18:51:44 GMT
via
1.1 39947baba82573c8d139cba81c505476.cloudfront.net (CloudFront)
x-amz-apigw-id
WYkKEHAnvHcEv0Q=
x-amz-cf-id
gfo__X6SclBpa5YVGBBiPWo_5z_o0pCMHAVZGgKSAQmZgCDnAuMvtQ==
x-amz-cf-pop
JFK50-P8
x-amzn-requestid
77cec6dc-2fae-48c7-9fd7-85d48bdf6849
x-amzn-trace-id
Root=1-66201a40-0bf972ee154456731ba5ea5f
x-cache
Miss from cloudfront
graphql
sso-prd.prod.aws.castandcrew.com/ 		3 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sso-prd.prod.aws.castandcrew.com/graphql
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.108 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-108.jfk50.r.cloudfront.net
Software
/
Resource Hash
01fb80d3bee2195be35e502a842de2989fe4d003d05f12e4d9c9f2e50d125e92
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json
accept
*/*
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
x-amzn-remapped-content-length
2583
via
1.1 4810d74d0025d8ce3dbab6cb71a901d2.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-amz-cf-pop
JFK50-P8
x-amzn-requestid
942a9bd0-831e-4eb1-8702-e01fbd86c7a3
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
cross-origin-resource-policy
same-origin
x-amz-apigw-id
WYkKHHjovHcEmyw=
content-length
2583
x-xss-protection
0
referrer-policy
no-referrer
cross-origin-opener-policy
same-origin
etag
W/"a17-Gcl2W4hvmyg4qpti73tkKNv6sLM"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://my.castandcrew.com
origin-agent-cluster
?1
access-control-allow-credentials
true
x-amzn-trace-id
Root=1-66201a40-7263421c2a2ecc915d5d27a1
x-amz-cf-id
nYMsR4DXi_2sn_oytd6xkhhNOREtzqqDwqx1ATgBIlXHkdiiOhp5_Q==
nr-spa-1210.min.js
js-agent.newrelic.com/ 		41 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1210.min.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ae2fc8f8e0697701399521441a03445a3c11d79719accd0099f41687c1536c49
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
VyYKZswnALGR.malamtbtfAmvUCTQzpB
content-encoding
br
via
1.1 varnish
date
Wed, 17 Apr 2024 18:51:43 GMT
strict-transport-security
max-age=300
x-amz-request-id
Q5RKP2YQQ5DD278Y
x-amz-server-side-encryption
AES256
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
16301
x-amz-id-2
LF0BKQjgFbxaqeBvgNb7UBihauhpWRwLlYkN+cBh5AFZ0vDo0lxXGpWAaEpnLpUQB6hS53DMHcrKlwh6Pi/vfzq9e0JB1/ar6iC08T+bA9s=
x-served-by
cache-mia-kmia1760030-MIA
last-modified
Wed, 18 Oct 2023 21:31:09 GMT
server
AmazonS3
etag
"d5eff122d09ab2c851fb1780f0287cbf"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges
bytes
x-cache-hits
4344
esw.html
service.force.com/embeddedservice/5.0/ Frame 7C43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/esw.html?parent=https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.147.252.241 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c7-iad4.na253-ia6.force.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Cache-Control
public,max-age=86400
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Type
text/html;charset=UTF-8
Date
Wed, 17 Apr 2024 18:51:44 GMT
Expires
Thu, 18 Apr 2024 18:51:44 GMT
Last-Modified
Thu, 14 Sep 2023 00:07:46 GMT
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Robots-Tag
none
1e3667f1-3a8a-4706-53f7-380405fcc2ad
data.pendo.castandcrew.com/data/ptm.gif/ 		42 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.pendo.castandcrew.com/data/ptm.gif/1e3667f1-3a8a-4706-53f7-380405fcc2ad?v=2.226.1_prod&ct=1713379903866&jzb=eJzNUctqwzAQ_BedjR-y4tiBUkrTQugjoXUuKcUotuw42JKR1nkQ8u9ZJ40vhdwK1UmanR3N7nwdCOwbQUakFsCJRZZabY3QCZQ1ot7Q8_1hFLl-OAgssilNCUonZYYNyezpfTxN4mScSralbDqLAQV4mqpWwpkj26qySKsrpK8AGjNynHpvp9wAl1mqxdZOVe1Uqijlfa5VPf-Y3F2JyNHQVK35xcdfGq0aQ0aHq6XuestVxWXR8qIbVMhk_kmOvdNra2cW0YZrIeGhryGUcegavaHjMoe6lKHgRmhTKokwtSkNbC9BS1knexGI-XLSbwAuD9K-aZPK2CxyU4av0SPq5JrX4lxcvKwNe96tRF4sdx6suzD2IHBK5tGj1QdVKZ7dDCr8l0F1tn_MUjcIbRrhGTBK_cD3_2RtNAqP3yf3O_LG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:44 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
22
access-control-allow-headers
*
content-length
42
alt-svc
clear
1e3667f1-3a8a-4706-53f7-380405fcc2ad
data.pendo.castandcrew.com/data/guide.js/ 		458 B
540 B 		Script
General
Check archive.org
Download Go to
Full URL
https://data.pendo.castandcrew.com/data/guide.js/1e3667f1-3a8a-4706-53f7-380405fcc2ad?id=6&jzb=eJx9jkFLAzEQhf_LnMumDYvCgohQD73Yoq3XMCRxDWQnSzJpEdn_3lmk60HwFl6-N-_7hnMogVPeOejAHJ5ftntzNFtL7UW3-8ORYQVobarEM0I1xhXUHIX-ZB5Lp9Tw1VgsjORs9pfGpkHF1Ad6_MhpOL3uHm6gMJnHWMsfXkZSdO-_Kj87g2d0yAjd4jk_wz-uEamv2HshPJnTG0yL_60635Z0xOyJn5Y_iWRrLm7u1bpVeq1bOXj2uYREEutG67tmY8acHEzTFf1naas&v=2.226.1_prod&ct=1713379903869
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
0476cea5b43fdb790c7e0245f41701d430fdd5bf2257edc7fb26e50dcf5a1510
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:44 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
10
access-control-allow-headers
*
content-length
458
alt-svc
clear
1e3667f1-3a8a-4706-53f7-380405fcc2ad
data.pendo.castandcrew.com/data/guide.gif/ 		42 B
303 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.pendo.castandcrew.com/data/guide.gif/1e3667f1-3a8a-4706-53f7-380405fcc2ad?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1713379903869&v=2.226.1_prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:44 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
2
access-control-allow-headers
*
content-length
42
alt-svc
clear
94bb01a884
bam-cell.nr-data.net/1/ 		79 B
628 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam-cell.nr-data.net/1/94bb01a884?a=169871662&sa=1&v=1210.e2a3f80&t=Unnamed%20Transaction&rst=2785&ck=1&ref=https://my.castandcrew.com/login&be=1388&fe=2707&dc=2180&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1713379901129,%22n%22:0,%22f%22:638,%22dn%22:733,%22dne%22:733,%22c%22:733,%22s%22:843,%22ce%22:958,%22rq%22:958,%22rp%22:1363,%22rpe%22:1365,%22dl%22:1373,%22di%22:2034,%22ds%22:2180,%22de%22:2180,%22dc%22:2707,%22l%22:2707,%22le%22:2709%7D,%22navigation%22:%7B%7D%7D&fp=2189&fcp=2189&jsonp=NREUM.setToken
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
envoy /
Resource Hash
f2205c30ab0d0a86cd0d715cf483bafd550c0ea9d4ddb24e2c182f1d7f024144

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:44 GMT
server
envoy
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
cross-origin-resource-policy
cross-origin
Connection
keep-alive
timing-allow-origin
*
Content-Length
79
x-served-by
cache-mia-kmia1760047-MIA
favicon.ico
my.castandcrew.com/ 		22 KB
23 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b3543ac0467e8bc26e5caa6fde665c9975cbb13f55d89e43150f164d39cdda82
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
J1xUxzsy8V3UECsixOFJBzkGmKCkkgR9
date
Wed, 17 Apr 2024 18:50:18 GMT
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P5
age
100
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22382
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:23 GMT
server
AmazonS3
etag
"23b76a9f7a56bc13f06d10e83654ed0f"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/vnd.microsoft.icon
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
8ei-IoV5ZHDF7dJ3p2T-kqEB_z8QAl0BodcXXhEZLnr-QFByUnmSog==
EmbeddedServiceConfig.jsonp
d.la3-c1-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/ 		174 B
565 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la3-c1-ia5.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp?Settings.prefix=EmbeddedService&org_id=00Di0000000aHzN&EmbeddedServiceConfig.configName=Cast_and_Crew_Chat_Bot&callback=embedded_svc.liveAgentAPI.handleChatSettings&version=48
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.44.170 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c6-iad5.la3-c1-ia5.salesforceliveagent.com
Software
/
Resource Hash
e3dd6ec563bf0c7670cdc8e20a1ff5d6346221ce2ff15159643fb1766d06076e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
invite.esw.min.js
service.force.com/embeddedservice/5.0/client/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.146.43.245 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c8-iad5.na249-ia7.force.com
Software
/
Resource Hash
11b97392fe91256a463d66e0a68f1ed068dd3ba2200289fa89e0afb2b0558b12
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 17 Apr 2024 15:12:43 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 Sep 2021 16:25:36 GMT
Content-Encoding
gzip
Age
13141
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=86400
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
4540
Expires
Thu, 18 Apr 2024 15:12:43 GMT
truncated
/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
10a396cf83a1f0fa5ae02c199215e1b8e32fdb313f3d5e24c3e61a56f01e3eb5

Request headers

Referer
https://service.force.com/
Origin
https://my.castandcrew.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
application/octet-stream
Settings.jsonp
d.la3-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/ 		177 B
565 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la3-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?Settings.prefix=Visitor&Settings.buttonIds=[5734y00000000No]&Settings.updateBreadcrumb=1&callback=embedded_svc.liveAgentAPI.connection.handlePing&deployment_id=5724y00000000NA&org_id=00Di0000000aHzN&version=48
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.44.170 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c6-iad5.la3-c1-ia5.salesforceliveagent.com
Software
/
Resource Hash
15c6f85fdc21b7de702e115e4b7ab6d8f0094518bc3548834d8ea507315d4795
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
inert.min.js
service.force.com/embeddedservice/5.0/utils/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://service.force.com/embeddedservice/5.0/utils/inert.min.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.146.43.245 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c8-iad5.na249-ia7.force.com
Software
/
Resource Hash
12834f596f899e7e17cc2a4a76a1ee77ea0f1ebbfb61e8a33dafe426327c71a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 17 Apr 2024 17:02:25 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 18 Aug 2020 17:12:46 GMT
Content-Encoding
gzip
Age
6559
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=86400
Origin-Trial
AkBgNlDiY3u6JLOlyCHNo+uI//ZsQNGdALGkaqj2TaJPsaytJKhRW2ej+qKdkIs3auzeCWPCYX2AE/jVxzJS0AwAAABaeyJvcmlnaW4iOiJodHRwczovL2ZvcmNlLmNvbTo0NDMiLCJmZWF0dXJlIjoiVHBjZCIsImV4cGlyeSI6MTczNTM0Mzk5OSwiaXNTdWJkb21haW4iOnRydWV9
Accept-Ranges
bytes
X-Robots-Tag
none
Content-Length
2469
Expires
Thu, 18 Apr 2024 17:02:25 GMT
MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
my.castandcrew.com/static/media/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/static/js/main.c37cc684.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e8176a5aa803d964438269e98ca3d3801aa60ddbc106f37dc9292b1f048a848
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
16IvqCS8uwcs5G1iJClSKnJEYR8rM_EQ
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:51:43 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
214
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"6c5e46788917418c68e8e6d453da24a0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
3JmGsyBAx5DWLW-o_uOMjTQUCPSjMyDxZOZakRCpxDqUnnFn_J67rA==
graphql
cncflags.castandcrew.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://cncflags.castandcrew.com/graphql
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-55.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://my.castandcrew.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods
OPTIONS,POST
access-control-allow-origin
https://my.castandcrew.com
content-length
1
content-type
application/json
date
Wed, 17 Apr 2024 18:51:44 GMT
via
1.1 079cd4553da15b2329bffae6abe6157e.cloudfront.net (CloudFront)
x-amz-apigw-id
WYkKMFv8vHcEISA=
x-amz-cf-id
n0rDB9KgwYSZD2Ueb6XGpxqZsQzFi8U5Xtj7MSxhZLDymfZrsMbTNQ==
x-amz-cf-pop
JFK50-P6
x-amzn-requestid
23b7deaf-445d-49d6-8cc9-189d0ed4b3dd
x-cache
Miss from cloudfront
graphql
cncflags.castandcrew.com/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cncflags.castandcrew.com/graphql
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.55 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-55.jfk50.r.cloudfront.net
Software
/
Resource Hash
554ee7d20ae7454a002182dd0fba3aa5571a9230b8a2e8d132bccffd93c9af48
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
content-type
application/json

Response headers

date
Wed, 17 Apr 2024 18:51:45 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
via
1.1 079cd4553da15b2329bffae6abe6157e.cloudfront.net (CloudFront)
x-amzn-remapped-content-length
4339
x-amz-cf-pop
JFK50-P6
x-amzn-requestid
f2af3b02-25aa-4856-9c09-a48a907e0d89
x-amzn-trace-id
Root=1-66201a41-0c92eb7516ce45fe525c6cbb;Parent=44a77c9667b0910a;Sampled=0;lineage=371e87c8:0
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
x-amz-apigw-id
WYkKPHfsPHcEHcg=
content-length
4339
x-amz-cf-id
iSYxYMYIgiugus6utesLCOoanhhxXcrItJOQLgr8Uhrc51KN76j79Q==
EmbeddedServiceConfig.jsonp
d.la1-core1.sfdc-yfeipo.salesforceliveagent.com/chat/rest/EmbeddedService/ 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la1-core1.sfdc-yfeipo.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceConfig.jsonp?Settings.prefix=EmbeddedService&org_id=00Di0000000aHzN&EmbeddedServiceConfig.configName=Cast_and_Crew_Chat_Bot&callback=embedded_svc.liveAgentAPI.handleChatSettings&version=48
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.232.140.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-232-140-78.compute-1.amazonaws.com
Software
envoy /
Resource Hash
b91f1b29d2712319bd737fc75fcbddbf5a0122032b1809c98543fcd868923fae
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 17 Apr 2024 18:51:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
transfer-encoding
chunked
content-type
text/javascript
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
x-envoy-upstream-service-time
13
expires
-1
Settings.jsonp
d.la1-core1.sfdc-yfeipo.salesforceliveagent.com/chat/rest/Visitor/ 		351 B
644 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la1-core1.sfdc-yfeipo.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?Settings.prefix=Visitor&Settings.buttonIds=[5734y00000000No]&Settings.updateBreadcrumb=1&callback=embedded_svc.liveAgentAPI.connection.handlePing&deployment_id=5724y00000000NA&org_id=00Di0000000aHzN&version=48
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.232.140.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-232-140-78.compute-1.amazonaws.com
Software
envoy /
Resource Hash
aaade738ea6b4b694730c4c7aaed64961bb0a5b028edca25921f2134a2d2d6d7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 17 Apr 2024 18:51:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
envoy
transfer-encoding
chunked
content-type
text/javascript
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
expires
-1
MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
my.castandcrew.com/static/media/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/static/js/main.c37cc684.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e8176a5aa803d964438269e98ca3d3801aa60ddbc106f37dc9292b1f048a848
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
16IvqCS8uwcs5G1iJClSKnJEYR8rM_EQ
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:51:43 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
216
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"6c5e46788917418c68e8e6d453da24a0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
0OG68QFKWwzkwI7lrDuQsRdZ3vnNnKavIONxvtROjMSj_oh5g122mA==
authorize
login.castandcrew.com/oauth2/aus77kwrwSbSunX5s356/v1/ Frame B1D3 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.castandcrew.com/oauth2/aus77kwrwSbSunX5s356/v1/authorize?client_id=0oa1b383d8XvfKYp0356&nonce=5BoBHY3dGnLQJxlETw8K2dbFDBJ5zfacWXMcu4lwMFMdVNDI4WIJ805N0EVneZQB&prompt=none&redirect_uri=https%3A%2F%2Fmy.castandcrew.com%2Fimplicit%2Fcallback&response_mode=okta_post_message&response_type=token&state=wOj0G8wkVd8gnsoFlMY1fCN5ZyzbeusKFKUAMT9RSRh673JWq4tfjVaonOugOvsk&scope=openid
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.151.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9d4dea8e2661b2ed.awsglobalaccelerator.com
Software
nginx /
Resource Hash
4e83e52d58c3b3412a7d7cb4b422343301b93fef32f7c5d30d8501beaee5ed6e
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Wed, 17 Apr 2024 18:51:46 GMT
Keep-Alive
timeout=5, max=95
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
accept-ch
Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store
content-language
en
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZiAaQiweoajpojw3L51YkAAABqM
x-rate-limit-limit
1200
x-rate-limit-remaining
1015
x-rate-limit-reset
1713379922
x-xss-protection
0
meta.json
my.castandcrew.com/ 		19 B
662 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/meta.json?1713379906276
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1e0eeba743c0b38179a59c89c90e0fddadad918e049b38fa7184376184337261
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
tracestate
1117440@nr=0-1-2071650-169871662-f39920c4e522019b----1713379906276
traceparent
00-ae0ee4b93ee3e93716852d7e21703800-f39920c4e522019b-01
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
cVMNtMm9aIBBl2Jy0V4b7xxuhZY4mdQT
date
Wed, 17 Apr 2024 18:51:08 GMT
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P5
age
39
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
19
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 28 Mar 2024 02:28:27 GMT
server
AmazonS3
etag
"d783488e501e5306f64aada0f95c2bf4"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
x-amz-cf-id
ucrlNIRW6CvLDOyDitPVmB5R0H7Pv7xlGiJScSEl274ahCr_8xBMaQ==
483.f0ea3cf9.chunk.css
my.castandcrew.com/static/css/ 		572 KB
213 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/css/483.f0ea3cf9.chunk.css
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1149b9068493b1a71b122d2bb7f5ba791ee52f3575dc387163cfbd277e2ee49a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
1UMdEYyG4pyI2QeSMbfGgTN5sQKyVdg0
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:49:21 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
146
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 28 Mar 2024 02:28:24 GMT
server
AmazonS3
etag
W/"641c2bc6db9abc85661508e14f50a850"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
hdSpwa-k2QpUlfi38V8XXvZAAZ40VcOKPG9If7UG3u4cM6R0jL24bg==
483.784cce5d.chunk.js
my.castandcrew.com/static/js/ 		1 MB
307 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/js/483.784cce5d.chunk.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf084b6c26c0494bd85c596cb70c8cf0adfe6c66a88e04b3b11ea00ec71822d5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
nDJgNgOg_2GGfNDjJrOXiLGiq.apJOfr
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:49:21 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
146
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:18 GMT
server
AmazonS3
etag
W/"732dbca5c220de6f645387e336aef1d2"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
a-BhddFr3PpaMjv0kkiPzYvfPJZGORih_fAyR8vTiDdzLGon4waMfg==
933.c5d68074.chunk.css
my.castandcrew.com/static/css/ 		12 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/css/933.c5d68074.chunk.css
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
880e9ef8e0ddb2cfe3a924aa7be03af4f5fc4972fadfe04e92d565c63efce969
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
AW6EYHxgAEJeschm4vXkF8LKp6uXupfI
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:49:21 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
146
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 15 Mar 2024 02:37:02 GMT
server
AmazonS3
etag
W/"60d9ff77d2bf488d2d2fe9f59811560e"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
63uXpvE7RduFLvn5ozuQLwoyEeY0oHDDmxO-wDlqj_cconL3SnRJkA==
933.b8a13020.chunk.js
my.castandcrew.com/static/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/js/933.b8a13020.chunk.js
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f315b5fa790b2eb2c2fbc79316af6c82d7de79e7aad143097169b04de11327b3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
GkmWBhezIt_lWsUdSwZovO5PWYG8yJIx
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:49:21 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
146
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Fri, 12 Apr 2024 02:28:42 GMT
server
AmazonS3
etag
W/"e255571e133521b04fb0803f085bec45"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
iJyN7f2gXROEkxQNHLeBSdk2HHqU6ZO9_U9H3aO-FnOxY-KqhB_IXA==
MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
my.castandcrew.com/static/media/ 		9 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/MyCast&CrewBlackLogo.ba6ab179f05ca7cfd75216d059277f4f.svg
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/static/js/main.c37cc684.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e8176a5aa803d964438269e98ca3d3801aa60ddbc106f37dc9292b1f048a848
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
16IvqCS8uwcs5G1iJClSKnJEYR8rM_EQ
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:51:43 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
216
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"6c5e46788917418c68e8e6d453da24a0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
Ijz7CxR5Evp2uEAyOCvWGDpIweaZ57YGI5xZjXQ3k3rtFUCFECT5TA==
login_cnc_caps_ms_logo.bc68e2166bbfea36b37a1a58a871133b.svg
my.castandcrew.com/static/media/ 		47 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/login_cnc_caps_ms_logo.bc68e2166bbfea36b37a1a58a871133b.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
465571bdcef86c7b5e1c39e705fb361e3c5ebe0acca2df87497ef4eba1561329
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
R_880hAkY51EOI.jvFTB5xfb2BtGGp5f
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:49:22 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
145
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:22 GMT
server
AmazonS3
etag
W/"771f94936cbab9c4c6fe250abf93c0ab"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
YTbcvsT5OAWTU_FCP19-BJqQ3MLtd3V3d-UfZM3_X-PMpSHArm562g==
192cb88e
d21y75miwcfqoq.cloudfront.net/ 		68 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d21y75miwcfqoq.cloudfront.net/192cb88e
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:3400:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 17 Apr 2024 18:51:48 GMT
x-amz-version-id
QaUUB2oxR4jgj0UhxGJ3HS5RGku1PPAn
via
1.1 bd3e3884ce6fe1fd36336541cce9ec7e.cloudfront.net (CloudFront)
last-modified
Mon, 12 Feb 2024 20:01:34 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
etag
"91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
68
x-amz-cf-id
JlgPvqZUni7Elz-P5REnYPbLJ3GSuEz24tcU9JAQMNQ2gF_-aLYTSA==
login_profile_v2.65b110d142f88dcb04eb8b3e4504e34f.svg
my.castandcrew.com/static/media/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/login_profile_v2.65b110d142f88dcb04eb8b3e4504e34f.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d67624f3a5cc221c171713251bdf1586afa75f0f57063befe983c359debc922b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
DPxPV7E8ShrkRPYUri7O_CmLjY5v.a1J
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:47:10 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
276
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"71c3ce838a3b612bed4f539e5259cad4"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
krRXo8DAqqQksmzPAxSd2qICRAThbEDSCy4wiOis1ZNOTy_3NKgwsQ==
login_bank_v2.ae60fbbfbc270b50600b6ae2425844b0.svg
my.castandcrew.com/static/media/ 		5 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/login_bank_v2.ae60fbbfbc270b50600b6ae2425844b0.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b1364a337500fc9921733a9e404b0cc2f98be0e0153d8abd1d4fc5352e03211e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
3ogEnVV8ZemjJsIFOgf4sVjdyqv7dCea
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:47:10 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
276
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:22 GMT
server
AmazonS3
etag
W/"5f518a0e3e930b4aa7b26b4f855099f6"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
6jcVSBory2exKtY-eceguKFk7I4fLmaeTBtv-c5qhouMsMv0IUCthg==
login_computer_v2.aeb88d8fff132dac4ed3cf256a8b2aaa.svg
my.castandcrew.com/static/media/ 		15 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/login_computer_v2.aeb88d8fff132dac4ed3cf256a8b2aaa.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
38718cfc53f429aee8110802e334d17dfa6dc7dc0dc6b45533afc70308f8fb97
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
LdF4aFEWKGArR0swRS76Yd1k7eis3Vnh
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:47:10 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
276
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:23 GMT
server
AmazonS3
etag
W/"e66e56517afda695039f94fad81cd9df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
W4acd00mjuUpF32Z0FpYizZI7MmGc33oJoIyXRVyqAiaWP3QCMy5bQ==
login_project_setup.4e2f21b7343b4d3ab5128d73260f89c5.svg
my.castandcrew.com/static/media/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/login_project_setup.4e2f21b7343b4d3ab5128d73260f89c5.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2baff8d440944fc6b13fe4d56ecdadc14cbc079e8f132e46150aa43a7f05ed3b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
qrULps1iiUJ08ypuPAAnSVdHhsT06QSV
content-encoding
gzip
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:47:10 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
276
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:22 GMT
server
AmazonS3
etag
W/"847232f88e81f4a4e18f0ea475740110"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
cqg2DxeqMkf1AXGsQ1Kl2SZkIqFfHgTQzCw8FXP6J47dqSBrolS_aA==
login_calendar.f7edb28188b284164880d189d60d1d56.svg
my.castandcrew.com/static/media/ 		12 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.castandcrew.com/static/media/login_calendar.f7edb28188b284164880d189d60d1d56.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5b164a620c531ee4e0f14e6afa918f3180dde3cfd07603f382437d2432a9aa19
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
wbpE1pJaNcNSisfZ91ga_aSYRTugpMYa
content-encoding
br
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
date
Wed, 17 Apr 2024 18:47:10 GMT
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-amz-cf-pop
JFK52-P5
age
276
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:21 GMT
server
AmazonS3
etag
W/"21cfd6d5417cee4da92660c4a84a712e"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
x-amz-cf-id
BOeDs3eRukiq_8U9vAgZy0bokvjeE93Uegj7HwG8nmZeJf_FUhegGQ==
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
montserrat-okta-regular-webfont.5623bc4fe19097d3a367.woff
my.castandcrew.com/static/media/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.castandcrew.com/static/media/montserrat-okta-regular-webfont.5623bc4fe19097d3a367.woff
Requested by
Host: my.castandcrew.com
URL: https://my.castandcrew.com/static/css/483.f0ea3cf9.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266a:600:4:b29d:8b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'; object-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://my.castandcrew.com/static/css/483.f0ea3cf9.chunk.css
Origin
https://my.castandcrew.com
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
p0PpiFcxZ0mBo.g01mkDTEP_E49YJix1
date
Wed, 17 Apr 2024 18:50:14 GMT
via
1.1 a35a15e72ad59a60ddc8752bdb709706.cloudfront.net (CloudFront)
content-security-policy
frame-ancestors 'self'; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
JFK52-P5
age
105
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
21980
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Mon, 01 Apr 2024 22:40:22 GMT
server
AmazonS3
etag
"8f2822b73b5f9c106c6f2e0db820bcbb"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
x-frame-options
DENY
accept-ranges
bytes
x-amz-cf-id
TLe1nZw2u8PsUTDqPzObGDAkLpjTd0GZReqU4VYRfCLGRHqJ_0crIg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cncflags.castandcrew.com
URL
https://cncflags.castandcrew.com/graphql
Domain
sso-prd.prod.aws.castandcrew.com
URL
https://sso-prd.prod.aws.castandcrew.com/logout?fromURI=https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/events/1/6a4f005d6a?a=225096557&sa=1&v=1177.96a4d39&t=Unnamed%20Transaction&rst=3910&ck=1&ref=https://startplus.castandcrew.com/
Domain
bam.nr-data.net
URL
https://bam.nr-data.net/jserrors/1/6a4f005d6a?a=225096557&sa=1&v=1177.96a4d39&t=Unnamed%20Transaction&rst=3911&ck=1&ref=https://startplus.castandcrew.com/&xhr=%5B%7B%22params%22:%7B%22method%22:%22GET%22,%22host%22:%22login.castandcrew.com:443%22,%22pathname%22:%22/api/v1/sessions/me%22,%22status%22:404%7D,%22metrics%22:%7B%22count%22:5,%22rxSize%22:%7B%22t%22:815,%22min%22:163,%22max%22:163,%22sos%22:132845,%22c%22:5%7D,%22duration%22:%7B%22t%22:1644,%22min%22:180,%22max%22:773,%22sos%22:803108,%22c%22:5%7D,%22cbTime%22:%7B%22t%22:3,%22min%22:0,%22max%22:1,%22sos%22:3,%22c%22:5%7D,%22time%22:%7B%22t%22:10319,%22min%22:1404,%22max%22:2361,%22sos%22:21918011,%22c%22:5%7D%7D%7D%5D

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| NREUM object| newrelic function| __nr_require object| pendo object| Plaid object| webpackJsonpPlaid object| embedded_svc function| initESW undefined| s function| closeChatbot object| webpackChunkmy_cnc_web object| __APOLLO_CLIENT__ number| 2f1acc6c3a606b082e5eef5e54414ffb string| appVersion object| _pendo_EXBhwV93 function| jQueryCourage object| u2f

7 Cookies

Domain/Path Name / Value
login.castandcrew.com/ Name: t
Value: default
login.castandcrew.com/ Name: DT
Value: DI1yOrOZOAwTIiwl7qopTo70A
.nr-data.net/ Name: JSESSIONID
Value: 72fbebd92236ce40
service.force.com/ Name: CookieConsentPolicy
Value: 0:0
service.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.force.com/ Name: BrowserId_sec
Value: iRA6O_zrEe6_SJFgXONPEw
login.castandcrew.com/ Name: JSESSIONID
Value: 35C4EA5D5833EC1F1EC55B76940678E5

35 Console Messages

Source Level URL
Text
network error URL: https://login.castandcrew.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://login.castandcrew.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://login.castandcrew.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://login.castandcrew.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://login.castandcrew.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://login.castandcrew.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://my.castandcrew.com/login?fromURI=https://startplus.castandcrew.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://bam.nr-data.net https://*.aws.castandcrew.com https://*.castandcrew.com https://api.feedback.us.pendo.io; font-src 'self' https://c1.sfdcstatic.com https://fonts.gstatic.com https://payrollplus-assets.castandcrew.com; script-src 'self' https://bam.nr-data.net https://content.pendo.castandcrew.com https://data.pendo.io https://js-agent.newrelic.com https://pendo-io-static.storage.googleapis.com https://pendo-static-5686438767755264.storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; frame-src 'self' https://*.aws.castandcrew.com https://*.castandcrew.com; img-src 'self' https://data.pendo.io https://pendo-static-5686438767755264.storage.googleapis.com https://*.amazonaws.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
bam.nr-data.net
cdn.plaid.com
cncflags.castandcrew.com
content.pendo.castandcrew.com
d.la1-core1.sfdc-yfeipo.salesforceliveagent.com
d.la3-c1-ia5.salesforceliveagent.com
d21y75miwcfqoq.cloudfront.net
data.pendo.castandcrew.com
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
login.castandcrew.com
my.castandcrew.com
service.force.com
sso-prd.prod.aws.castandcrew.com
startplus.castandcrew.com
bam.nr-data.net
cncflags.castandcrew.com
sso-prd.prod.aws.castandcrew.com
108.138.106.9
108.138.128.117
13.110.44.170
13.35.93.108
136.146.43.245
136.147.252.241
15.197.151.86
162.247.243.29
162.247.243.30
18.164.116.55
2600:9000:23ca:3400:1b:ef38:3680:21
2600:9000:2512:1800:1e:cb94:adc0:93a1
2600:9000:266a:600:4:b29d:8b80:93a1
2602:816:5001::39
2607:f8b0:4006:80e::200a
2607:f8b0:4006:816::2003
34.107.204.85
34.232.140.78
01fb80d3bee2195be35e502a842de2989fe4d003d05f12e4d9c9f2e50d125e92
0476cea5b43fdb790c7e0245f41701d430fdd5bf2257edc7fb26e50dcf5a1510
04f47fb811cb052879687410d1d8c0ba38af0c4aad69523610b536cf6df38d11
0cd376a8b8e76b454df66c3a04299159246a185df5d5c2a87da00b108a319e12
10717c7ee6cddbbbea76580b1e0d9992679ee7b59d0f04ec1511361a29ef8ea9
10a396cf83a1f0fa5ae02c199215e1b8e32fdb313f3d5e24c3e61a56f01e3eb5
1149b9068493b1a71b122d2bb7f5ba791ee52f3575dc387163cfbd277e2ee49a
11b97392fe91256a463d66e0a68f1ed068dd3ba2200289fa89e0afb2b0558b12
1245126bc3dd976cb257bc4f144770f0fa1154b7a586a541d147b2d24773eea8
12834f596f899e7e17cc2a4a76a1ee77ea0f1ebbfb61e8a33dafe426327c71a3
15c6f85fdc21b7de702e115e4b7ab6d8f0094518bc3548834d8ea507315d4795
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
1df96aff7c1a0b4a1f03d51ec741df8d542fcf32eddee1a0295068e4a7f0017b
1e0eeba743c0b38179a59c89c90e0fddadad918e049b38fa7184376184337261
22f507a6867e9415db436473af9f456aad31397e04260d9564627f349314075e
2baff8d440944fc6b13fe4d56ecdadc14cbc079e8f132e46150aa43a7f05ed3b
38718cfc53f429aee8110802e334d17dfa6dc7dc0dc6b45533afc70308f8fb97
3e8176a5aa803d964438269e98ca3d3801aa60ddbc106f37dc9292b1f048a848
40810b0318131f9ba52c83a17e633a0ac476ade66ea8a914d6c4980571397665
465571bdcef86c7b5e1c39e705fb361e3c5ebe0acca2df87497ef4eba1561329
4d13396ff09332ec0422bca9b7f8590fed60a42df5bbdb839ac5c0da5a4ea8ab
4e83e52d58c3b3412a7d7cb4b422343301b93fef32f7c5d30d8501beaee5ed6e
4f80bf5a7d9289d4c1fa5f3e0ebc2d8519ef840f03544cc0429370d454b54e7b
4fbacf4e2ba9e05942c5922ec621cf0afe096e57e51395660f33634215e9b485
5133b92f40c509cf3ccfe020a5653d6b3d0022fecd0cf89f59e2fbe171fa579c
54cb1f867060c01677649ce2d5e65485b33ce06ea271cb4244cbdd22c31fe69a
554ee7d20ae7454a002182dd0fba3aa5571a9230b8a2e8d132bccffd93c9af48
597823b1c15039bf2dd6dc9a72c884190a68cbcfd5f4643a1d041772c13e1902
5b164a620c531ee4e0f14e6afa918f3180dde3cfd07603f382437d2432a9aa19
5fd15d0715afe50b21d64e132da6569598c77356d6d1722deff6f227c8ac3b3f
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
7099a4d50a3124a144c51c7b1105a216ee8a82a7668b8ed2829ecd207b07f91c
70d867df2bfb9321d7bc0a2e33423820b093519d2f436868497503ae8130a7d6
721f2d2fe18f13edc2ae51c1918c1b0a2d7b668318c559310ab35fa22363fdad
79d08edb5b23fcc8da45fcc77210c8e18771fcf3876dda7d2596cb3ed0512333
7c273510050e27ad1e0a533b0a766c6c597575710d578a104e60d4810e173648
844fa94bfb5069254e2da41cd6bb55f134651785fa999edd966c238f48f36f49
87560f8eed72fedfea93d6c6c3189d11f5dbd5ff1c7e1335acae47938ebeacce
880e9ef8e0ddb2cfe3a924aa7be03af4f5fc4972fadfe04e92d565c63efce969
887a9d12890ed0564b981f9e11ef5a53afd839783f679ca189677d8ddde5f556
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
92fed32dfa7ba4e92b0aff7c84f653cd86be819c98065d5b8853b6caa8b057c0
9827594b4ef23d2fdc370659277e9e946901fd6618fac504960abaef7b32d40b
a489e4639738a67eebb2d682041d19809026914f7b28e6c1521df82611a66c9d
a574a4b430fa0d646a2476a46444bf1f72c7121a9c86a78b0609085896d63e02
aaade738ea6b4b694730c4c7aaed64961bb0a5b028edca25921f2134a2d2d6d7
ae2fc8f8e0697701399521441a03445a3c11d79719accd0099f41687c1536c49
b1364a337500fc9921733a9e404b0cc2f98be0e0153d8abd1d4fc5352e03211e
b3543ac0467e8bc26e5caa6fde665c9975cbb13f55d89e43150f164d39cdda82
b91f1b29d2712319bd737fc75fcbddbf5a0122032b1809c98543fcd868923fae
c54143c6a2e64d7a440f02160cd211d78bf2ef342118ecf5fce2c68c5fd5ae2a
c805b974599d6a74bae11fc13f246f9f1e724ae35b755fba19734addf90be847
cf084b6c26c0494bd85c596cb70c8cf0adfe6c66a88e04b3b11ea00ec71822d5
cfb13613607e51018672f171240dfbc4f6b5b6df1d7991e6226724b68138263c
d67624f3a5cc221c171713251bdf1586afa75f0f57063befe983c359debc922b
dec36f15ba246cbcc1a584c1753b35ca3ff397859d849a6a7831d091959be3d7
e33db1a17ceada226037558a0b99155c53f0ee692edf3dd6ec0af6a21b48a126
e3dd6ec563bf0c7670cdc8e20a1ff5d6346221ce2ff15159643fb1766d06076e
eb00df12da2210720924c52b4abe030cc362232f17b5b2fc9898ce2b3815183b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4dcc4dab4d780f44939c455d4720cab662b2f5fabc36ebc33a21f4cdbecd4e
f2205c30ab0d0a86cd0d715cf483bafd550c0ea9d4ddb24e2c182f1d7f024144
f315b5fa790b2eb2c2fbc79316af6c82d7de79e7aad143097169b04de11327b3
f580e00b3392cd67d4a25d2d42adf9cdbd15978598f830184d02a677ea63f838