www.ncsc.gov.uk Open in urlscan Pro
99.86.243.111 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
Submission: On September 26 via api (September 26th 2020, 7:08:24 am UTC) from GB

Summary HTTP 36 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 36 HTTP transactions. The main IP is 99.86.243.111, located in Seattle, United States and belongs to AMAZON-02, US. The main domain is www.ncsc.gov.uk.
TLS certificate: Issued by Amazon on June 5th 2020. Valid for: a year.

This is the only time www.ncsc.gov.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	99.86.243.111 99.86.243.111	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
36	4

33 99.86.243.111 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-243-111.vie50.r.cloudfront.net

www.ncsc.gov.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	ncsc.gov.uk www.ncsc.gov.uk	974 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	googletagmanager.com www.googletagmanager.com	36 KB
36	3

	Domain	Requested by
33	www.ncsc.gov.uk	www.ncsc.gov.uk
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	www.googletagmanager.com	www.ncsc.gov.uk
36	3

This site contains links to these domains. Also see Links.

Domain
report.ncsc.gov.uk
www.gov.uk
en.wikipedia.org
github.com
www.apple.com
www.turing.ac.uk
hackerone.com
faq.covid19.nhs.uk
youtu.be
www.scss.tcd.ie
twitter.com
uk.linkedin.com
www.instagram.com
www.gchq.gov.uk
www.mi5.gov.uk
www.sis.gov.uk
www.cpni.gov.uk

Subject Issuer	Validity	Valid
www.ncsc.gov.uk Amazon	`2020-06-05` - `2021-07-05`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-09-03` - `2020-11-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
Frame ID: 242555F4ED68854F88F8FAAABF893725
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

36
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

1028 kB
Transfer

2326 kB
Size

3
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://report.ncsc.gov.uk/
Title: REPORT AN INCIDENT

Search URL Search Domain Scan URL

URL: https://www.gov.uk/government/news/senior-civil-servant-and-former-lecturer-in-medical-statistics-appointed-to-joint-biosecurity-centre
Title: Joint Biosecurity Centre

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/STRIDE_(security)
Title: STRIDE

Search URL Search Domain Scan URL

URL: https://github.com/nhsx/covid19-app-system-public/blob/master/doc/architecture/ag-architecture-guidebook.md
Title: architecture guidebook on GitHub

Search URL Search Domain Scan URL

URL: https://www.apple.com/covid19/contacttracing/
Title: security properties and limitations of ENAPI are well understood

Search URL Search Domain Scan URL

URL: https://www.turing.ac.uk/news/responding-covid-19-pandemic
Title: Alan Turing Institute

Search URL Search Domain Scan URL

URL: https://www.turing.ac.uk/blog/technical-roadmap-uks-contract-tracing-app-functionality
Title: explains the technical approach in his blog

Search URL Search Domain Scan URL

URL: https://www.gov.uk/government/publications/nhs-test-and-trace-app-privacy-information/the-nhs-test-and-trace-app-early-adopter-trial-august-2020-data-protection-impact-assessment#analytics-data
Title: analytics data section of the Data Protection Impact Assessment (DPIA)

Search URL Search Domain Scan URL

URL: https://github.com/nhsx/covid-19-app-ios-ag-public
Title: iOS

Search URL Search Domain Scan URL

URL: https://github.com/nhsx/covid-19-app-android-ag-public
Title: Android

Search URL Search Domain Scan URL

URL: https://hackerone.com/nhscovid19app
Title: HackerOne Vulnerability Disclosure Programme

Search URL Search Domain Scan URL

URL: https://hackerone.com/03351cb3-53e3-4bb8-8fcc-a226e3b528fc/embedded_submissions/new
Title: submit a report anonymously

Search URL Search Domain Scan URL

URL: https://faq.covid19.nhs.uk/create-case/
Title: on the app website

Search URL Search Domain Scan URL

URL: https://www.gov.uk/government/publications/nhs-test-and-trace-app-privacy-information
Title: Data Protection Impact Assessment

Search URL Search Domain Scan URL

URL: https://youtu.be/En-mSI17LRE
Title: get back to the things we love

Search URL Search Domain Scan URL

URL: https://www.scss.tcd.ie/Doug.Leith/pubs/bluetooth_rssi_study.pdf
Title: Coronavirus Contact Tracing: Evaluating The Potential Of Using Bluetooth Received Signal Strength For Proximity Detection (Douglas J. Leith, Stephen Farrell)

Search URL Search Domain Scan URL

URL: https://www.scss.tcd.ie/Doug.Leith/pubs/gaen_verification.pdf
Title: GAEN Due Diligence: Verifying The Google/Apple Covid Exposure Notification API (Douglas J. Leith, Stephen Farrell)

Search URL Search Domain Scan URL

URL: https://www.scss.tcd.ie/Doug.Leith/pubs/bus.pdf
Title: Measurement-Based Evaluation Of Google/Apple Exposure Notification API For Proximity Detection In A Commuter Bus (Douglas J. Leith, Stephen Farrell)

Search URL Search Domain Scan URL

URL: https://twitter.com/ncsc

Search URL Search Domain Scan URL

URL: https://uk.linkedin.com/company/national-cyber-security-centre

Search URL Search Domain Scan URL

URL: https://www.instagram.com/cyberhq/

Search URL Search Domain Scan URL

URL: https://www.gchq.gov.uk/
Title: GCHQ

Search URL Search Domain Scan URL

URL: https://www.mi5.gov.uk/
Title: MI5

Search URL Search Domain Scan URL

URL: https://www.sis.gov.uk/
Title: SIS

Search URL Search Domain Scan URL

URL: https://www.cpni.gov.uk/
Title: CPNI

Search URL Search Domain Scan URL

URL: https://www.gov.uk/
Title: GOV.UK

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request nhs-test-and-trace-app-security-redux Show response
www.ncsc.gov.uk/blog-post/ 4 KB
3 KB 2654ms
595ms Document
text/html 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

CloudFront /

Resource Hash

8e0ca073b98ec238f097d1fe0534c49cb92784245d3c0af3a3eaad0c211df31e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://storage.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.polyfill.io/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://s3.eu-west-1.amazonaws.com https://www.google-analytics.com www.google-analytics.com https://www.gchq.gov.uk/* https://.ncscdev.co.uk https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; worker-src https://.ncsc.gov.uk/static-assets/dist/ncsc/service-worker.js https://.ncscdev.co.uk/static-assets/dist/ncsc/service-worker.js https://.gchq.gov.uk/static-assets/dist/ncsc/service-worker.js; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.ncsc.gov.uk
:scheme: https
:path: /blog-post/nhs-test-and-trace-app-security-redux
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-type: text/html
server: CloudFront
date: Fri, 25 Sep 2020 22:55:44 GMT
last-modified: Fri, 25 Sep 2020 09:43:20 GMT
etag: W/"e6d9e027d83f89a8a306e076d148a89f"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: sameorigin
x-xss-protection: 1; mode=block
referrer-policy: same-origin
x-content-type-options: nosniff
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://storage.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.polyfill.io/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://s3.eu-west-1.amazonaws.com https://www.google-analytics.com www.google-analytics.com https://www.gchq.gov.uk/* https://*.ncscdev.co.uk https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; worker-src https://*.ncsc.gov.uk/static-assets/dist/ncsc/service-worker.js https://*.ncscdev.co.uk/static-assets/dist/ncsc/service-worker.js https://*.gchq.gov.uk/static-assets/dist/ncsc/service-worker.js; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'none'
service-worker-allowed: /
content-encoding: gzip
vary: Accept-Encoding
x-cache: Error from cloudfront
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: 8y2SKZeFOHF-vk3LuvcvOEeVkrSc9TDSoBVaDqqHEpLi92pfkSvhNQ==

GET
H2 200 poppins-medium-latin.61e2d96d.woff2
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 8 KB
9 KB 43ms
39ms Font
binary/octet-stream 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/poppins-medium-latin.61e2d96d.woff2

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5e07f937be00bbef113152fa46b2b2d5df97f405b152881c96e1c5069d8f405d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ncsc.gov.uk
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:16 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29513
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 7960
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:19 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "61e2d96d01a7eba5ea3ec1bad7e736a8"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: R7P5TmtpeVlpFRpRIu5FhEOw2JfPmqa5
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: 7mq0Jmz5wG0uvcQCaAyCqCrruBbUYz-kIVWvbjze6QwGBXpBt4HYMw==

GET
H2 200 poppins-bold-latin.e535f785.woff2
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 8 KB
9 KB 53ms
50ms Font
binary/octet-stream 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/poppins-bold-latin.e535f785.woff2

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ncsc.gov.uk
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:16 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29513
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 7924
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:19 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "e535f7856b24153e0f3146e8f90a45c5"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: Tc85W.EEpayn1pfv1AXZQwzKe_mMx_6S
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: gsFC_5ObXVl296aVmU3pb-DBl48Os8efiYdV2PrxRzxnWIpx2jn9ZQ==

GET
H2 200 poppins-regular-latin.1a280523.woff2
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 8 KB
9 KB 56ms
53ms Font
binary/octet-stream 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/poppins-regular-latin.1a280523.woff2

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ncsc.gov.uk
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:16 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29512
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 7968
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:19 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "1a280523d375e9358d5229df34fc8e94"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: 1psfs99BHVBX5Q2npZKAN1jhyu1RTJ_F
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: QlV10LOlqPDaACHju8lAFGlC-SIqi3K99mL8JUUopftpFXuJVA5gfA==

GET
H2 200 poppins-semibold-latin.aa4405ed.woff2
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 8 KB
9 KB 59ms
56ms Font
binary/octet-stream 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/poppins-semibold-latin.aa4405ed.woff2

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.ncsc.gov.uk
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:16 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29513
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 7836
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:19 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "aa4405ed937295296cf8510f437628e0"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: fo19UhvPqKRVyYe_Bt0qOYtLjYB.DAMb
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: dz581CHSYb4IaiEUYzSQKlldQM-X7n0Yk1L3RDcqsI_6U_y8UIbLjQ==

GET
H2 200 main.ce864ac9.js Show response
www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/ 2 MB
423 KB 63ms
61ms Script
application/javascript 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1a64ebcee19ed7ed6c4967df7fc47fbe5d632ee51bc4f81a31132b51ab0a699b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29512
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:17 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"bb14b4cef07d4114338ecc6cc649b8c5"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: JC1s_9ZpyxYd05gkH4fCf3k0ii6zvYDf
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: application/javascript
x-amz-cf-id: SBLktkuTeQUT3UdZ7ZfQ3EybrhaamV4kBH7zZ1aMCvtJxeVs0BZu5A==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
36 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-134461033-1

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

69860c9c1aa8532fe55ec78b9c171b645e6c1110559d100845d7cedc017258f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:08 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36405
x-xss-protection: 0
last-modified: Sat, 26 Sep 2020 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 26 Sep 2020 07:08:08 GMT

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c3c5a1a3447c65e2778d00a015aea84bd94f59cb6a9424f07f3e4f52df4d3146

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Chevron_blue_up.11b0dbd0.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 943 B
2 KB 40ms
38ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Chevron_blue_up.11b0dbd0.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

1a5c8841aa846857ffd7a787ee0deddf110ccc9ad556d22e8b771bb1510ea5b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 943
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "11b0dbd0cd5084a143a7910a4ee8c129"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: 2c77z8IMaUS24u_ZCRf11ZSmKL3Tp90Q
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: MGq2EqSCCXEzEv8SNsvwtSq1cTamG6bWEsLrIxlhfBMp2ozys-26uw==

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Facebook.73a52d91.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 39ms
38ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Facebook.73a52d91.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5d81856906011ebc089e3bd367e8a63b9bffb5671609b2e1499682617b597af2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"73a52d911d56094b197a9a5c9492fc81"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: nc4zjetuTf5LRYv6HJ9PzgSfq0YrGVEN
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: 05iiAMN5e24wRQk8JaYWjM9946UfXbIF4g4Fi12IDma9b0oOg8osKA==

GET
H2 200 Linkedin.113d7f73.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 40ms
39ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin.113d7f73.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

72783e1700b2e39122e14986137750d9dd0a5db801b25dd5f741d4c53657829a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"113d7f73ca0b052132c4a6ba2355b523"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: GlYCdd3LyDdRQMljq04Dep0WcKj.QxPQ
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: Hbb-QWJnKFBuJgvT9vB8RcbmPwi2suWTY0T79KObqld1r_fg_RtmuQ==

GET
H2 200 Twitter.77e5d0ad.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 39ms
38ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Twitter.77e5d0ad.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

559fdabbd6559dc991c8b40e4453f96179828dc7adf7884be5ee1b0e77f19cae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"77e5d0adb00f0d7e5219a34f9291cee6"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: _EEGW8wV83wQGvvPpzXhlBnU_ku9PEAR
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: xl2GB3iN5bG8LbZRUVJHqUfoOV6kuIpskWVCpk4uTclmOEWPc9cGug==

GET
H2 200 CopyLink.a9b3b1f2.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 3 KB
3 KB 40ms
39ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/CopyLink.a9b3b1f2.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2c1b9c80bf509ecb0d8d9480f38e6de1796e450f6f71b77f9497406fb3ac2b3f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"a9b3b1f227d0d6a6db40c2b6db8d3922"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: tufMLbCExycwzzHi1FcU.cEYZBPd3Ee5
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: szN2bOC6KO5e6ZuH49Qjt69scFjtsN4RKBG8BCz5tRQI5ggFvZFwZA==

GET
H2 200 header.json Show response
www.ncsc.gov.uk/api/1/services/v2/page/ 9 KB
10 KB 65ms
65ms XHR
application/json 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/api/1/services/v2/page/header.json

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

CloudFront /

Resource Hash

2d73899e511842563fd5c34a8aea24947c92b71c5d48e2b6092874868e99a17f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:17 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
server: CloudFront
x-frame-options: sameorigin
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-language: en-US
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: application/json;charset=UTF-8
x-amz-cf-id: MyguWtd2aVBc2s0Q8cB_3ljjqdcTUSKOazCixY24diJ6hro6Ip1L3Q==

GET
H2 200 article-content.json Show response
www.ncsc.gov.uk/api/1/services/v3/ 30 KB
31 KB 108ms
108ms XHR
application/json 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/api/1/services/v3/article-content.json?url=/blog-post/nhs-test-and-trace-app-security-redux

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

CloudFront /

Resource Hash

97ac81ece2fc12f71988106bcfc77ec44e6fbba9d11de69eb317a9028bcb5419

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 23:16:51 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 28277
x-powered-by
x-cache: Hit from cloudfront
status: 200
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
server: CloudFront
x-frame-options: sameorigin
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-language: en-US
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: application/json;charset=UTF-8
x-amz-cf-id: tVJtzlDulV62FGqqcFAdXydrT7r4c-IDJ6lhyc2pldfzyK4rBIeEhQ==

GET
H2 200 footer.json Show response
www.ncsc.gov.uk/api/1/services/v2/page/ 6 KB
7 KB 68ms
68ms XHR
application/json 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ncsc.gov.uk/api/1/services/v2/page/footer.json

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

CloudFront /

Resource Hash

1b99669b55ee70090c50c977106e086a13db1be87b5f6e1b2b1c4a8b03a4c9c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:17 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
server: CloudFront
x-frame-options: sameorigin
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-language: en-US
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: application/json;charset=UTF-8
x-amz-cf-id: WrKR6cZEXapns39B2fNlaERinYsD_o2EoM_5z8agaj-TA7v7RZ6DYA==

GET
H2 200 ncsclogo%20(1).svg
www.ncsc.gov.uk/images/ 40 KB
12 KB 38ms
37ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/images/ncsclogo%20(1).svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

efb823dd38da03bb816797a56e1f26a52aafd111cf8ba8ed13755194ee2d96bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 00:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23221
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
x-amz-server-side-encryption: AES256
referrer-policy: same-origin
last-modified: Mon, 08 Jun 2020 15:23:47 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"4b80a6bb82fa0235fe8e72351181d899"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: 4Pw.jZUvkhRwJ1tWrpCBz9kK2uCoqrl2
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: IKRQtFmAw9kfZl-VLsb5RhSdaeDnvBXQzWKZh3WFEK8A_G9oF76_lA==

GET
H2 200 Twitter%20(white).449d8d45.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 704 B
2 KB 37ms
36ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Twitter%20(white).449d8d45.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e47aa0f2c6235c9e85116096a42fc667e9755a4a19fb330131c612eaba98a69e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 704
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "449d8d454c619da3f08cced3dbae072a"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: YqkC5Z_x992FWhnf.Q2IWYxpA8xZr4lh
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: qhKK5jYmRuCAJpur8DB2Q9zztLCp0a-iLZdaVfpu9pxRYCEAW1SYug==

GET
H2 200 Linkedin%20(white).ac644e92.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 37ms
36ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin%20(white).ac644e92.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

84249b03f41d98f891f88cada33de52d0dc827da0fc45de7309dd70257cce16f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"ac644e92f55f72046313bf114ca523c2"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: uD5V98WA.DOD8xY9OK0_FHIkWomDuPIL
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: 056CGfXu__tmL3Iof_mlOqjDAT4ONeyuD02Q1XJDdLBM_OVBhM2xyw==

GET
H2 200 Instagram%20(white).63682ba1.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 38ms
37ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Instagram%20(white).63682ba1.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2bd85184883353e02405342ba74708f2bbace0382999b89b7e532ae809314100

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"63682ba16d8622fd3ed1b526676e80b0"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: GmhwQ8ZL9PMkaRKBKcFQiawGiOyPgR.j
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: h_Cy6FD-hPeyDUJpTjiGFczzJEOE2K273KlnQJ1soX_RORpHVwh9fg==

GET
H2 200 RSS%20feed%20(white).0e207ec5.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 37ms
36ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/RSS%20feed%20(white).0e207ec5.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

da3e343fb621451b58852f462c795bf71cbdbccf46e010109891ccd17ab40770

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"0e207ec502317d2fb08b43eacc8a8163"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: RVzn261Y2JS0JeA4xFDYeTCFWVEQIGDz
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: akeWSg9_hyfBebEI99AorXmBDbN_3QkLsmO_PADH1SuFdyjBKjvw6g==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-134461033-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Sep 2020 01:50:37 GMT
server: Golfe2
age: 6748
date: Sat, 26 Sep 2020 05:15:40 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18650
expires: Sat, 26 Sep 2020 07:15:40 GMT

GET
H2 200 Facebook.73a52d91.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 36ms
35ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Facebook.73a52d91.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5d81856906011ebc089e3bd367e8a63b9bffb5671609b2e1499682617b597af2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"73a52d911d56094b197a9a5c9492fc81"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: nc4zjetuTf5LRYv6HJ9PzgSfq0YrGVEN
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: Awx2PmBCrpGKfGfvpVXHmJz72LyRwxQnLuTON71cSXttB03sD17Vcg==

GET
H2 200 Linkedin.113d7f73.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 36ms
36ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Linkedin.113d7f73.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

72783e1700b2e39122e14986137750d9dd0a5db801b25dd5f741d4c53657829a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"113d7f73ca0b052132c4a6ba2355b523"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: GlYCdd3LyDdRQMljq04Dep0WcKj.QxPQ
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: BVZCMqWDJC7vsISGNHekUmnxdVB_WPqYzXdWQgi15AXtWyRxWlW5VQ==

GET
H2 200 Twitter.77e5d0ad.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 37ms
37ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Twitter.77e5d0ad.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

559fdabbd6559dc991c8b40e4453f96179828dc7adf7884be5ee1b0e77f19cae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"77e5d0adb00f0d7e5219a34f9291cee6"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: _EEGW8wV83wQGvvPpzXhlBnU_ku9PEAR
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: Ro_GQghSAK15V2tuN6vXtwntPGhlowTJLjZeN3fvWfIODe33ubLKsQ==

GET
H2 200 CopyLink.a9b3b1f2.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 3 KB
3 KB 36ms
36ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/CopyLink.a9b3b1f2.svg

Requested by

Host: www.ncsc.gov.uk
URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2c1b9c80bf509ecb0d8d9480f38e6de1796e450f6f71b77f9497406fb3ac2b3f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29511
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"a9b3b1f227d0d6a6db40c2b6db8d3922"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: tufMLbCExycwzzHi1FcU.cEYZBPd3Ee5
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: IYbxjAsL_Rl9nKOwvFQTEsehWXjfnP17Ov1qhk0kOPI81ahy6Xt0dQ==

GET
H2 200 Blogger.83674eea.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 1 KB
2 KB 51ms
48ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Blogger.83674eea.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

41cb926e7ee3690b9ba7ec2706804527b2286a8d1b3aab659ad3e0299b595997

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29488
x-powered-by
x-cache: Hit from cloudfront
status: 200
vary: Accept-Encoding
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: W/"83674eeaef108183358d47a9c1629933"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: nWuhpzCcrFNUgE8Kl1beyu2RPZlcTv8f
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
content-type: image/svg+xml
x-amz-cf-id: QAPgkneRu42AgFn-Qz3-xOowwjyVhG581JLlcciuMbyOjcMGDVgywg==

GET
H2 200 Info.62c59870.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 962 B
2 KB 45ms
43ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Info.62c59870.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

47472ae4514dc42c7182414db8dfab8f0a284b10f5922574e4b1835a12831bef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:43 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29486
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 962
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "62c59870b97b7f671dd734cdd6685ecf"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: JoJD3I1CCeIPRw2w4KEC1Dzzh9BUE.1M
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: dxsoqHq2KE-VaQlXJ8vwSaPWiEmqFNLgsdOrOkfn6iGrO4ZXJS93dg==

GET
H2 200 nhs-test-trace-app-image.JPG
www.ncsc.gov.uk/images/ 19 KB
21 KB 245ms
242ms Image
image/jpeg 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/images/nhs-test-trace-app-image.JPG?mpwidth=545&mlwidth=737&twidth=961&dwidth=618&dpr=1&width=1600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

06879f352f336c64e2f74b537c9309ea5d686539cbd8549e9a38ac9662b73df9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:09 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
x-frame-options: sameorigin
content-length: 19844
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
x-amz-meta-resized: true
last-modified: Thu, 13 Aug 2020 12:25:27 GMT
server: AmazonS3
x-powered-by
etag: "4789adbc18dc5d77a4a692be4fb6563f"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: LaOYt4ThgB0vQ69iweKg4tkoMegvNWYS
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
accept-ranges: bytes
content-type: image/jpeg
x-amz-cf-id: DEUSVHdPhou33f3QT4AR_PePQtBL7gnR95eB-nmP9n_XDdBQQmp9Og==

GET
H2 200 cv19-app-system-architecture.png
www.ncsc.gov.uk/static-assets/images/blog-post/ 316 KB
318 KB 186ms
183ms Image
image/png 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/images/blog-post/cv19-app-system-architecture.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

CloudFront /

Resource Hash

7cbd1d10870a62928831fe1985d7bf7683faa6657807d25ecf2ccedb37a07cc2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:08 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-powered-by
x-cache: Miss from cloudfront
status: 200
content-length: 323746
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
server: CloudFront
x-frame-options: sameorigin
etag: "09dc9d5d719a33e8dd2e62a8bef954dac"
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-type: image/png
cache-control: no-cache
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
accept-ranges: bytes
x-amz-cf-id: 6DpqEMzY9ci6C0HwuGUUC4vGAyQ3tzTRI_-UJWEe_myy6UvER8WNGw==

GET
H2 200 cv19-app-system-architecture-thumbnail.png
www.ncsc.gov.uk/images/ 11 KB
13 KB 245ms
242ms Image
image/png 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/images/cv19-app-system-architecture-thumbnail.png?mpwidth=160&mlwidth=190&twidth=190&dwidth=160&dpr=1&width=1600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f77830889503777ddb6da3e423e1cb90a7c22cec34b7e0b8e331a1b76fadf859

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:09 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
x-frame-options: sameorigin
content-length: 11774
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
x-amz-meta-resized: true
last-modified: Thu, 13 Aug 2020 10:41:56 GMT
server: AmazonS3
x-powered-by
etag: "050bb48301117b3c521af1831be19245"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: kGhdk5VMDrIvAEMPBQddDC02I6QLGrKL
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: St-1r4HgT1TFDkmqcHauqAEoRapgehTDa9yHQ2U27-825MNH8GTj8A==

GET
H2 200 Download.71abab4e.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 914 B
2 KB 49ms
47ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/Download.71abab4e.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3a1d8c8544551010261c422b6f565be6c324ea4a02e1363673cd4298a0f1b806

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:42 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29487
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 914
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:18 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "71abab4e4dd53b4eaea55ce27baf9f94"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: pI6oCBqlXvACt3U5rQYvMOGmZ4Xr1Xlt
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: VjnNYuAnBnW55DJOtBJifaj55IlORPvZCyCFWum8CKyt967XayvSpg==

GET
DATA 200
OK truncated
/ 880 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 876961660eab41da7fb1630bbb15037aa96a6fcec124ff7d32b9de38073bfcaa

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 print.e3b27c59.svg
www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/ 334 B
2 KB 50ms
48ms Image
image/svg+xml 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/media/print.e3b27c59.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5989260aa1ebfff9aae9a25bd4aa34754c6f674cadaa0a110217b3fdab9edee9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 25 Sep 2020 22:56:42 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
age: 29487
x-powered-by
x-cache: Hit from cloudfront
status: 200
content-length: 334
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
last-modified: Fri, 25 Sep 2020 09:43:19 GMT
server: AmazonS3
x-frame-options: sameorigin
etag: "e3b27c59347249846d78ff9f50f573b5"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: GGnJTfivp4mjbMxlszMvOQuo_qnweu96
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
x-amz-cf-pop: VIE50-C1
accept-ranges: bytes
content-type: image/svg+xml
x-amz-cf-id: Rrmmiju2WLXicRVtulA8JUpqOcD3t7Rbl_d5IZovyDFLa4YVm-lkAw==

GET
H2 200 covid-19-app-launch.JPG
www.ncsc.gov.uk/images/ 5 KB
7 KB 261ms
259ms Image
image/jpeg 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/images/covid-19-app-launch.JPG?mpwidth=160&mlwidth=190&twidth=190&dwidth=160&dpr=1&width=1600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

bbeedd054ae536ae0987ee122743c5d5a5ea08716f1330874e0be70c507f9b17

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:09 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
x-frame-options: sameorigin
content-length: 5336
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
x-amz-meta-resized: true
last-modified: Thu, 24 Sep 2020 12:59:47 GMT
server: AmazonS3
x-powered-by
etag: "f76ff3b13c4d942f19a136b456010c10"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: LEV4lcGOPVxRlPwYHQPBb8CRoPmjNK55
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
accept-ranges: bytes
content-type: image/jpeg
x-amz-cf-id: QGyBxO0iq6ciJ48beBq92M7fwKahl74qF8E0NLZtkZfN2nD1XOpQvg==

GET
H2 200 weekly_threat_rep_image_v2%20(1).png
www.ncsc.gov.uk/images/ 47 KB
49 KB 259ms
258ms Image
image/png 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/images/weekly_threat_rep_image_v2%20(1).png?mpwidth=160&mlwidth=190&twidth=190&dwidth=160&dpr=1&width=1600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c63bc21299afe4978b202b6ec1d79babe03485c8be39c74fa6da37408688001a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:09 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
x-frame-options: sameorigin
content-length: 48499
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
x-amz-meta-resized: true
last-modified: Mon, 08 Jun 2020 15:24:03 GMT
server: AmazonS3
x-powered-by
etag: "7cb185fdfe5adeb7e4b24344acd0a87b"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: ZUWRS1atdhoyWJ3CepbDlwpCfHfSJukj
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: Y6oInyUuWrfN9vZdaGiPE2rMCc-b2wtrvyqt94raOzK_D7SOAtH_MQ==

GET
H2 200 chess-checkmate.jpg
www.ncsc.gov.uk/images/ 7 KB
8 KB 245ms
244ms Image
image/jpeg 99.86.243.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ncsc.gov.uk/images/chess-checkmate.jpg?mpwidth=160&mlwidth=190&twidth=190&dwidth=160&dpr=1&width=1600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.243.111 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-243-111.vie50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

b6466ad25c88ab7bd2cefc10ed275b86973023d6ea872bd7670230de6b175919

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 26 Sep 2020 07:08:09 GMT
via: 1.1 9a736972b021a4b2382c29923f73ce8b.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: VIE50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
status: 200
x-frame-options: sameorigin
content-length: 6733
x-xss-protection: 1; mode=block
service-worker-allowed: /
referrer-policy: same-origin
x-amz-meta-resized: true
last-modified: Tue, 15 Sep 2020 20:39:14 GMT
server: AmazonS3
x-powered-by
etag: "7e4d8df0531c4c8fafc1864a1e1b0b13"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: Wqq5pwpMBu8q19iEVaTcmbdvERupepQJ
content-security-policy: default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://storage.googleapis.com/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/; worker-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'self'
accept-ranges: bytes
content-type: image/jpeg
x-amz-cf-id: s_teswax-ctoZfj_BH0WFiocJwtSV3pV1H7yh0VrUxOzXFAc-IHlZA==

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 1 B
396 B 50ms
13ms XHR
text/plain 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j86&aip=1&a=953632020&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ncsc.gov.uk%2Fblog-post%2Fnhs-test-and-trace-app-security-redux&dp=%2Fblog-post%2Fnhs-test-and-trace-app-security-redux&ul=en-us&de=UTF-8&dt=NHS%20Test%20and%20Trace%20app%20security%20redux&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=714389047&gjid=874735436&cid=894601201.1601104089&tid=UA-134461033-1&_gid=130719045.1601104089&_r=1&gtm=2ou9g1&z=684333414

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 26 Sep 2020 07:08:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://www.ncsc.gov.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ncsc.gov.uk/	1970-01-19 12:45:04	Name: _gat_gtag_UA_134461033_1 Value: 1
.ncsc.gov.uk/	1970-01-19 12:46:30	Name: _gid Value: GA1.3.130719045.1601104089
.ncsc.gov.uk/	1970-01-20 06:16:16	Name: _ga Value: GA1.3.894601201.1601104089

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js(Line 1) Message: Deprecation warning: value provided is not in a recognized RFC2822 or ISO format. moment construction falls back to js Date(), which is not reliable across all browsers and versions. Non RFC2822/ISO date formats are discouraged and will be removed in an upcoming major release. Please refer to http://momentjs.com/guides/#/warnings/js-date/ for more info. Arguments: [0] _isAMomentObject: true, _isUTC: false, _useUTC: false, _l: undefined, _i: 13 August 2020, _f: undefined, _strict: undefined, _locale: [object Object] Error at Function.createFromInputFallback (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:533884) at mt (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:551387) at St (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:554722) at _t (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:554588) at Et (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:554306) at Ct (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:555078) at Tt (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:555112) at n (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:530965) at t.value (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:337684) at ir (https://www.ncsc.gov.uk/static-assets/dist/ncsc/static/js/main.ce864ac9.js:1:872533)
console-api	log	URL: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux(Line 22) Message: Service worker registration succeeded: [object ServiceWorkerRegistration]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self' data: https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/ 'unsafe-inline' https://ssl.gstatic.com/ https://www.google-analytics.com www.google-analytics.com; media-src 'self' https://s3.eu-west-1.amazonaws.com/ncsc-content/ https://s3-eu-west-1.amazonaws.com/ncsc-content/ https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://storage.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.polyfill.io/; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://fonts.googleapis.com https://s3.eu-west-1.amazonaws.com https://www.google-analytics.com www.google-analytics.com https://www.gchq.gov.uk/* https://.ncscdev.co.uk https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-1.amazonaws.com/gchq-content/ https://s3-eu-west-1.amazonaws.com/gchq-content/; worker-src https://.ncsc.gov.uk/static-assets/dist/ncsc/service-worker.js https://.ncscdev.co.uk/static-assets/dist/ncsc/service-worker.js https://.gchq.gov.uk/static-assets/dist/ncsc/service-worker.js; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com; object-src 'none'
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.google-analytics.com
www.googletagmanager.com
www.ncsc.gov.uk
2a00:1450:4001:809::2008
2a00:1450:4001:821::200e
99.86.243.111
06879f352f336c64e2f74b537c9309ea5d686539cbd8549e9a38ac9662b73df9
07d2b7c2df967b7820b8ce99be3f7db1a1db5a82797826cd9a06e6489e89f71a
1a5c8841aa846857ffd7a787ee0deddf110ccc9ad556d22e8b771bb1510ea5b2
1a64ebcee19ed7ed6c4967df7fc47fbe5d632ee51bc4f81a31132b51ab0a699b
1b99669b55ee70090c50c977106e086a13db1be87b5f6e1b2b1c4a8b03a4c9c1
2bd85184883353e02405342ba74708f2bbace0382999b89b7e532ae809314100
2c1b9c80bf509ecb0d8d9480f38e6de1796e450f6f71b77f9497406fb3ac2b3f
2d73899e511842563fd5c34a8aea24947c92b71c5d48e2b6092874868e99a17f
3a1d8c8544551010261c422b6f565be6c324ea4a02e1363673cd4298a0f1b806
41cb926e7ee3690b9ba7ec2706804527b2286a8d1b3aab659ad3e0299b595997
47472ae4514dc42c7182414db8dfab8f0a284b10f5922574e4b1835a12831bef
559fdabbd6559dc991c8b40e4453f96179828dc7adf7884be5ee1b0e77f19cae
56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d
5989260aa1ebfff9aae9a25bd4aa34754c6f674cadaa0a110217b3fdab9edee9
5d81856906011ebc089e3bd367e8a63b9bffb5671609b2e1499682617b597af2
5e07f937be00bbef113152fa46b2b2d5df97f405b152881c96e1c5069d8f405d
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
69860c9c1aa8532fe55ec78b9c171b645e6c1110559d100845d7cedc017258f4
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
72783e1700b2e39122e14986137750d9dd0a5db801b25dd5f741d4c53657829a
7cbd1d10870a62928831fe1985d7bf7683faa6657807d25ecf2ccedb37a07cc2
84249b03f41d98f891f88cada33de52d0dc827da0fc45de7309dd70257cce16f
876961660eab41da7fb1630bbb15037aa96a6fcec124ff7d32b9de38073bfcaa
8e0ca073b98ec238f097d1fe0534c49cb92784245d3c0af3a3eaad0c211df31e
97ac81ece2fc12f71988106bcfc77ec44e6fbba9d11de69eb317a9028bcb5419
b6466ad25c88ab7bd2cefc10ed275b86973023d6ea872bd7670230de6b175919
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
bbeedd054ae536ae0987ee122743c5d5a5ea08716f1330874e0be70c507f9b17
c3c5a1a3447c65e2778d00a015aea84bd94f59cb6a9424f07f3e4f52df4d3146
c63bc21299afe4978b202b6ec1d79babe03485c8be39c74fa6da37408688001a
da3e343fb621451b58852f462c795bf71cbdbccf46e010109891ccd17ab40770
e47aa0f2c6235c9e85116096a42fc667e9755a4a19fb330131c612eaba98a69e
efb823dd38da03bb816797a56e1f26a52aafd111cf8ba8ed13755194ee2d96bd
f77830889503777ddb6da3e423e1cb90a7c22cec34b7e0b8e331a1b76fadf859
fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388

www.ncsc.gov.uk Open in urlscan Pro 99.86.243.111 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

36 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

1028 kBTransfer

2326 kBSize

3 Cookies

26 Outgoing links

Redirected requests

36 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.ncsc.gov.uk Open in urlscan Pro
99.86.243.111 Public Scan

Screenshot
Live screenshot

Full Image

36
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

1028 kB
Transfer

2326 kB
Size

3
Cookies

36 HTTP transactions
3 data transactions