exp.collingwoodfc.uat1.testafl.com Open in urlscan Pro
65.9.189.101  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response exp.collingwoodfc.uat1.testafl.com/	6 KB 3 KB	1538ms 1385ms	Document text/html	65.9.189.101 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://exp.collingwoodfc.uat1.testafl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.101 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-101.zag50.r.cloudfront.net Software AmazonS3 / Resource Hash ad80d14c01722304964b044adc85752718b6c1301dee512294af3473acc78f5f Security Headers Name Value Content-Security-Policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:; Strict-Transport-Security max-age=31536000; includeSubDomains; always X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers access-control-allow-origin * allow GET; HEAD cache-control public content-encoding br content-security-policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:; content-type text/html date Wed, 26 Jun 2024 05:31:44 GMT etag W/"dfd876ad8311261db35ebccfdff4a056" last-modified Fri, 21 Jun 2024 13:19:50 GMT referrer-policy no-referrer server AmazonS3 strict-transport-security max-age=31536000; includeSubDomains; always vary Accept-Encoding via 1.1 3180232852f42d0e8ed2a6999ef03c92.cloudfront.net (CloudFront) x-amz-cf-id Y3aviufB-mi8IJNl6dTWidVIfRI1sm8oZTvdqqFBN2lvPdLEJSw0fw== x-amz-cf-pop ZAG50-C1 x-amz-server-side-encryption AES256 x-amz-version-id rchN97Qe6oJYth0tb4zkuLktG.wD8IpB x-cache Miss from cloudfront x-content-type-options nosniff x-frame-options SAMEORIGIN
GET H2	200	runtime.min.js Show response cdn.jsdelivr.net/npm/regenerator-runtime@0.13.5/	6 KB 3 KB	156ms 50ms	Script application/javascript	2a04:4e42:600::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/regenerator-runtime@0.13.5/runtime.min.js Requested by Host: exp.collingwoodfc.uat1.testafl.com URL: https://exp.collingwoodfc.uat1.testafl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6a1aac84bc3e28e0cd56096cd1bf0342c6aa200312cd04dfea0368a703c6e920 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:44 GMT x-content-type-options nosniff content-encoding br age 3005478 x-jsd-version 0.13.5 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 2657 x-served-by cache-fra-etou8220147-FRA, cache-mxp6979-MXP x-jsd-version-type version etag W/"19d1-iM0iJvp+1XXo5wHWGfR20wcwS2c" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	import-map-overrides.js Show response cdn.jsdelivr.net/npm/import-map-overrides@2.4.2/dist/	45 KB 14 KB	49ms 49ms	Script application/javascript	2a04:4e42:600::485 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/import-map-overrides@2.4.2/dist/import-map-overrides.js Requested by Host: exp.collingwoodfc.uat1.testafl.com URL: https://exp.collingwoodfc.uat1.testafl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 6647882d9d7e97d521ef6f9eb84c129b247df9d30ab5750b2caacd0c33f9a537 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:44 GMT x-content-type-options nosniff content-encoding br age 1817328 x-jsd-version 2.4.2 x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 13932 x-served-by cache-fra-etou8220065-FRA, cache-mxp6979-MXP x-jsd-version-type version etag W/"b302-gAAPhzfD6z2MZlNbmhw2uyUKHeQ" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H3	200	system.min.js Show response cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/	12 KB 5 KB	40ms 39ms	Script application/javascript	151.101.129.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Requested by Host: exp.collingwoodfc.uat1.testafl.com URL: https://exp.collingwoodfc.uat1.testafl.com/ Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash e0c2b97ce4fb80ad9fcfebd4e6ca9e480d35580ef91e7b5838d11bfb4ee4be95 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:44 GMT x-content-type-options nosniff content-encoding br age 2497267 x-jsd-version 6.14.0 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 4930 x-served-by cache-fra-etou8220117-FRA x-jsd-version-type version etag W/"2fbc-jyr/Jv1CsqxLWM1OwO0WuZFNF+Y" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	import-map.json Show response exp-resources.afl.uat1.testafl.com/core/	1 KB 683 B	1358ms 1228ms	Fetch application/json	65.9.189.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://exp-resources.afl.uat1.testafl.com/core/import-map.json Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.26 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-26.zag50.r.cloudfront.net Software AmazonS3 / Resource Hash ff4e7dd5dea987e6c5cc6d2fc54a4d37358d6fe2ef70b966ff7956e2af1e4b00 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 05:31:46 GMT x-amz-version-id Bq4G3G2toVHhMutLBJ0N5by8v2mNcnPq content-encoding br last-modified Mon, 24 Jun 2024 07:59:55 GMT server AmazonS3 via 1.1 7ec84fa8ea386135e27faa4bc393caba.cloudfront.net (CloudFront) x-amz-cf-pop ZAG50-C1 etag W/"986fa9ef845a348c232c1b31d971b9dd" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type application/json access-control-allow-origin * access-control-expose-headers * x-amz-cf-id a_YSa1qPpPjFmfwvb8vZAbzWINP6Jf4WmYpra2tVka7XS063v2XeSw==
GET H2	200	import-map.json Show response exp-resources.afl.uat1.testafl.com/exp/	1 KB 701 B	1344ms 1215ms	Fetch application/json	65.9.189.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://exp-resources.afl.uat1.testafl.com/exp/import-map.json Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.26 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-26.zag50.r.cloudfront.net Software AmazonS3 / Resource Hash c0c3b75198e380ff46e3346ee306a140ef19a92c16421b3d6626b910e5df8241 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 05:31:46 GMT x-amz-version-id i5yWwbchX7ux7oGCGB9UXG_RSwtf1WDq content-encoding br last-modified Mon, 24 Jun 2024 07:57:09 GMT server AmazonS3 via 1.1 7ec84fa8ea386135e27faa4bc393caba.cloudfront.net (CloudFront) x-amz-cf-pop ZAG50-C1 etag W/"64b9972387ad322a1e257881b0643a06" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type application/json access-control-allow-origin * access-control-expose-headers * x-amz-cf-id dXZycUxAYoG-0irDdgLPRnVM-Fep4BdRzcQolfHcZed2W33Ei7xJDA==
GET H3	200	named-exports.min.js Show response cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/extras/	678 B 785 B	41ms 40ms	Script application/javascript	151.101.129.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/extras/named-exports.min.js Requested by Host: exp.collingwoodfc.uat1.testafl.com URL: https://exp.collingwoodfc.uat1.testafl.com/ Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash caa7c831b9a5458937aa6534e2c74b56ca6fb02ab13ed9f3426dd7b58c91fa16 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:44 GMT x-content-type-options nosniff content-encoding br age 1291167 x-jsd-version 6.14.0 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 414 x-served-by cache-fra-etou8220117-FRA x-jsd-version-type version etag W/"2a6-uz0SbUR6pO8RdaivGKbhPPGB1po" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	keycloak.js Show response sso.uat1.testmediaservices.com.au/auth/js/	92 KB 93 KB	1647ms 1521ms	Script text/javascript	65.9.189.128 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://sso.uat1.testmediaservices.com.au/auth/js/keycloak.js Requested by Host: exp.collingwoodfc.uat1.testafl.com URL: https://exp.collingwoodfc.uat1.testafl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.128 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-128.zag50.r.cloudfront.net Software nginx / Resource Hash 209767e9d8c5033ac41bdcd03d2a374983df051c08e9b65187d34bfcf8deab76 Security Headers Name Value Content-Security-Policy frame-ancestors 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; img-src 'self' data: Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 05:31:45 GMT strict-transport-security max-age=31536000 x-content-type-options nosniff content-security-policy frame-ancestors 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; img-src 'self' data: via 1.1 7fbfed9453edeb4b5dca9173a3f5f8dc.cloudfront.net (CloudFront) x-amz-cf-pop ZAG50-C1 x-cache Miss from cloudfront x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin server nginx x-frame-options SAMEORIGIN vary Origin content-type text/javascript cache-control no-cache, must-revalidate, no-transform, no-store permissions-policy accelerometer=(), autoplay=(), camera=(), ch-dpr=(), ch-save-data=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), window-placement=(), xr-spatial-tracking=() x-amz-cf-id xG5SV3M6CgZtUHU-k_2N8bNtAgB6pWVLT6cZWenruAPu2WGa4AMsMg==
GET H2	200	pendo.js Show response cdn.pendo.io/agent/static/83782545-d7cd-41b6-7085-5c863e634eb4/	467 KB 153 KB	148ms 42ms	Script application/javascript	34.36.213.229 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://cdn.pendo.io/agent/static/83782545-d7cd-41b6-7085-5c863e634eb4/pendo.js Requested by Host: exp.collingwoodfc.uat1.testafl.com URL: https://exp.collingwoodfc.uat1.testafl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.36.213.229 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 229.213.36.34.bc.googleusercontent.com Software UploadServer / Resource Hash 46aa761bde98999111407d494cca8f716fce7e1f5f5d28af761b909fe015a6b2 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 25 Jun 2024 17:35:24 GMT content-encoding gzip strict-transport-security max-age=63072000; includeSubDomains age 42982 x-guploader-uploadid ACJd0NpG4YdjkHqAwvryXMvAXlrp5fiuIfosKkN1D9hMwIp8css6hmam_fGwOABfIuf-jHJkoiKHawCttg x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding gzip alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 155679 last-modified Thu, 20 Jun 2024 18:18:54 GMT server UploadServer etag "565e1175fb958e75eaf527e3ddd52ead" vary Accept-Encoding x-goog-generation 1718907534544838 x-goog-hash crc32c=wy8isw==, md5=Vl4RdfuVjnXq9Sfj3dUurQ== access-control-allow-origin * access-control-expose-headers * cache-control public,max-age=450 x-goog-stored-content-length 155679 accept-ranges bytes content-type application/javascript; charset=utf-8
GET H3	200	react.production.min.js Show response cdn.jsdelivr.net/npm/react@17.0.2/umd/	11 KB 5 KB	41ms 40ms	Script application/javascript	151.101.129.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/react@17.0.2/umd/react.production.min.js Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 229bbf4d0e7488209564152c6723497f1ac3934136ca1684233d2fa88fa4146f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:46 GMT x-content-type-options nosniff content-encoding br age 1732438 x-jsd-version 17.0.2 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 4810 x-served-by cache-fra-etou8220117-FRA x-jsd-version-type version etag W/"2cb0-bAUYnMLQi7KnYJwALwZ1ycZw02I" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	pulselive-experience-platform-web.js Show response exp.collingwoodfc.uat1.testafl.com/	166 KB 48 KB	1217ms 1217ms	Script application/javascript	65.9.189.101 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://exp.collingwoodfc.uat1.testafl.com/pulselive-experience-platform-web.js?ver=1700210879920 Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.101 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-101.zag50.r.cloudfront.net Software AmazonS3 / Resource Hash 7235a03516592d5c51ae56a6e5a046535bffded3782d28e89aacf1fd1098748f Security Headers Name Value Content-Security-Policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:; Strict-Transport-Security max-age=31536000; includeSubDomains; always X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 05:31:48 GMT x-amz-version-id cskcNTf.9sHThHjLaIboOB9QQkvCk5yz x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; always content-encoding br content-security-policy default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:; via 1.1 3180232852f42d0e8ed2a6999ef03c92.cloudfront.net (CloudFront) x-amz-cf-pop ZAG50-C1 x-amz-server-side-encryption AES256 x-cache Miss from cloudfront referrer-policy no-referrer last-modified Fri, 21 Jun 2024 13:19:50 GMT server AmazonS3 etag W/"e33931cb5c43f66af8d0bf3565068886" x-frame-options SAMEORIGIN allow GET; HEAD content-type application/javascript access-control-allow-origin * cache-control public vary Accept-Encoding x-amz-cf-id RmaWnRSwmWrOO3klal2FZsNUbbhA0S1rGJb0x_3VxAdoQynE17fhHQ==
GET H3	200	single-spa.min.js Show response cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/	20 KB 7 KB	46ms 45ms	Script application/javascript	151.101.129.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/single-spa.min.js Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash fda24b7112d59c7417df5bd735ebc7c4bf22c68fc6403497f35dd5245ef04371 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:48 GMT x-content-type-options nosniff content-encoding br age 1859805 x-jsd-version 5.9.4 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 6770 x-served-by cache-fra-etou8220117-FRA x-jsd-version-type version etag W/"5059-2wiyzGMvQ5lqQS+Z7/KQHjyi1Ac" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *
GET H2	200	pulselive-keycloak-sdk-wrapper.js Show response exp-resources.afl.uat1.testafl.com/core/resources/keycloak-sdk-wrapper/0.22.0/	88 KB 27 KB	1228ms 1227ms	Script application/javascript	65.9.189.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://exp-resources.afl.uat1.testafl.com/core/resources/keycloak-sdk-wrapper/0.22.0/pulselive-keycloak-sdk-wrapper.js Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.26 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-26.zag50.r.cloudfront.net Software AmazonS3 / Resource Hash 4b8c9ed4664a6b4b5580d53dab161e6a81718a3e104236586bd1b1b324397ff5 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 05:31:50 GMT x-amz-version-id Pk481z11Z_XxbqkcEYcmiYIEasOFcxZ5 content-encoding br last-modified Mon, 24 Jun 2024 08:00:10 GMT server AmazonS3 via 1.1 7ec84fa8ea386135e27faa4bc393caba.cloudfront.net (CloudFront) x-amz-cf-pop ZAG50-C1 etag W/"bc3c647a1d856094ae9fff00676b372e" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript access-control-allow-origin * access-control-expose-headers * x-amz-cf-id GerlEXi1HTQWnTr1xoJ2wyXbNyJ_gdJzNwQwRx_Y4Hbno5uwqb8aBw==
GET H2	200	pulselive-core-product-components.js exp-resources.afl.uat1.testafl.com/core/resources/core-product-components/v0.346.0/	203 KB 0	1249ms 1248ms	Script application/javascript	65.9.189.26 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://exp-resources.afl.uat1.testafl.com/core/resources/core-product-components/v0.346.0/pulselive-core-product-components.js Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 65.9.189.26 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-189-26.zag50.r.cloudfront.net Software AmazonS3 / Resource Hash Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 05:31:50 GMT x-amz-version-id kMFv8vtSX5Y5WOmo6YV0JGPxilTGAHi4 content-encoding br last-modified Mon, 24 Jun 2024 08:00:10 GMT server AmazonS3 via 1.1 7ec84fa8ea386135e27faa4bc393caba.cloudfront.net (CloudFront) x-amz-cf-pop ZAG50-C1 etag W/"c51941e1646a0cd7fa4c6c5aeaddffb2" x-amz-server-side-encryption AES256 vary Accept-Encoding x-cache Miss from cloudfront content-type application/javascript access-control-allow-origin * access-control-expose-headers * x-amz-cf-id baGT21oN0RRRXHqFp6fGsVNBslByTIrrgEK_KbPaFUHZfRt_vkxpVQ==
GET H3	200	react-dom.production.min.js Show response cdn.jsdelivr.net/npm/react-dom@17.0.2/umd/	118 KB 41 KB	42ms 42ms	Script application/javascript	151.101.129.229 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/react-dom@17.0.2/umd/react-dom.production.min.js Requested by Host: cdn.jsdelivr.net URL: https://cdn.jsdelivr.net/npm/systemjs@6.14.0/dist/system.min.js Protocol H3 Security QUIC, , AES_256_GCM Server 151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 9db33292007ab6c38527b39d5663e976a305564e19b2a5a8713ea2b2c00f505d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://exp.collingwoodfc.uat1.testafl.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload date Wed, 26 Jun 2024 05:31:48 GMT x-content-type-options nosniff content-encoding br age 678514 x-jsd-version 17.0.2 x-cache HIT cross-origin-resource-policy cross-origin alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 41160 x-served-by cache-fra-etou8220117-FRA x-jsd-version-type version etag W/"1d709-vwi4rRrXPBKnycshGSbOI6hh2wc" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable accept-ranges bytes timing-allow-origin *

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage object| runtime object| regeneratorRuntime object| importMapOverrides object| System function| Keycloak object| pendo object| React object| ReactDOM

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://exp.collingwoodfc.uat1.testafl.com/ Message: The source list for the Content Security Policy directive 'default-src' contains an invalid source: '*.'. It will be ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' *.marvelstadium.com.au *.afl.com.au afc.com.au *.lions.com.au *.carltonfc.com.au *.collingwoodfc.com.au *.essendonfc.com.au *.fremantlefc.com.au *.geelongcats.com.au *.goldcoastfc.com.au *.gwsgiants.com.au *.hawthornfc.com.au *.melbournefc.com.au *.nmfc.com.au *. portadelaidefc.com.au *.richmondfc.com.au *.saints.com.au *.sydneyswans.com.au *.westcoasteagles.com.au *.westernbulldogs.com.au blob:; script-src 'unsafe-inline' 'unsafe-eval' players.brightcove.net vjs.zencdn.net https: localhost:* blob:;connect-src https: *.pulselive.com localhost:* wss: * http: localhost:3000; style-src 'unsafe-inline' data: https:; object-src 'none'; frame-src *; img-src * data:; font-src * data:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; always
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdn.pendo.io
exp-resources.afl.uat1.testafl.com
exp.collingwoodfc.uat1.testafl.com
sso.uat1.testmediaservices.com.au
151.101.129.229
2a04:4e42:600::485
34.36.213.229
65.9.189.101
65.9.189.128
65.9.189.26
209767e9d8c5033ac41bdcd03d2a374983df051c08e9b65187d34bfcf8deab76
229bbf4d0e7488209564152c6723497f1ac3934136ca1684233d2fa88fa4146f
46aa761bde98999111407d494cca8f716fce7e1f5f5d28af761b909fe015a6b2
4b8c9ed4664a6b4b5580d53dab161e6a81718a3e104236586bd1b1b324397ff5
6647882d9d7e97d521ef6f9eb84c129b247df9d30ab5750b2caacd0c33f9a537
6a1aac84bc3e28e0cd56096cd1bf0342c6aa200312cd04dfea0368a703c6e920
7235a03516592d5c51ae56a6e5a046535bffded3782d28e89aacf1fd1098748f
9db33292007ab6c38527b39d5663e976a305564e19b2a5a8713ea2b2c00f505d
ad80d14c01722304964b044adc85752718b6c1301dee512294af3473acc78f5f
c0c3b75198e380ff46e3346ee306a140ef19a92c16421b3d6626b910e5df8241
caa7c831b9a5458937aa6534e2c74b56ca6fb02ab13ed9f3426dd7b58c91fa16
e0c2b97ce4fb80ad9fcfebd4e6ca9e480d35580ef91e7b5838d11bfb4ee4be95
fda24b7112d59c7417df5bd735ebc7c4bf22c68fc6403497f35dd5245ef04371
ff4e7dd5dea987e6c5cc6d2fc54a4d37358d6fe2ef70b966ff7956e2af1e4b00