urlscan.io logo urlscan.io
SecurityTrails logo

www.diy.com Open in urlscan Pro
2600:9000:2117:d600:1f:e5ef:1e80:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ff8czqdm.r.eu-west-1.awstrack.me/L0/https:%2F%2Fwww.diy.com%2Ffind-a-store%2F/1/0102018dd0a60d2a-54b2fd19-0a82-4f36-a2ff-2c017470...
Effective URL: https://www.diy.com/find-a-store
Submission: On February 23 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 4 countries across 12 domains to perform 73 HTTP transactions. The main IP is 2600:9000:2117:d600:1f:e5ef:1e80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.diy.com. The Cisco Umbrella rank of the primary domain is 116556.
TLS certificate: Issued by GlobalSign GCC R3 DV TLS CA 2020 on July 19th 2023. Valid for: a year.
This is the only time www.diy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 63.32.236.30 16509 (AMAZON-02)
1 42 2600:9000:211... 16509 (AMAZON-02)
1 23.38.98.119 20940 (AKAMAI-ASN1)
4 3.161.82.53 16509 (AMAZON-02)
1 13.249.9.20 16509 (AMAZON-02)
4 2600:9000:26d... 16509 (AMAZON-02)
5 99.84.88.94 16509 (AMAZON-02)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 104.22.50.214 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 104.22.51.214 13335 (CLOUDFLAR...)
1 34.224.134.33 14618 (AMAZON-AES)
2 23.45.238.128 16625 (AKAMAI-AS)
1 23.215.21.78 16625 (AKAMAI-AS)
1 52.213.34.91 16509 (AMAZON-02)
1 108.129.58.254 16509 (AMAZON-02)
3 34.111.140.246 396982 (GOOGLE-CL...)
73 17
1    63.32.236.30 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-236-30.eu-west-1.compute.amazonaws.com
ff8czqdm.r.eu-west-1.awstrack.me
42    2600:9000:2117:d600:1f:e5ef:1e80:93a1 (United States)

ASN16509 (AMAZON-02, US)
www.diy.com
1    23.38.98.119 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-119.deploy.static.akamaitechnologies.com
edge1.certona.net
4    3.161.82.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-82-53.fra56.r.cloudfront.net
ccl-prod.cache.ap.digikfplc.com
1    13.249.9.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-9-20.cdg53.r.cloudfront.net
consent.truste.com
4    2600:9000:26db:9600:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tags.tiqcdn.com
5    99.84.88.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-94.muc50.r.cloudfront.net
consent.trustarc.com
2    2a02:26f0:3500:88e::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.optimizely.com
2    104.22.50.214 (None, )

ASN13335 (CLOUDFLARENET, US)
api.woosmap.com
2    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
1    104.22.51.214 (None, )

ASN13335 (CLOUDFLARENET, US)
sdk.woosmap.com
1    34.224.134.33 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-134-33.compute-1.amazonaws.com
cdns.brsrvr.com
2    23.45.238.128 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-238-128.deploy.static.akamaitechnologies.com
se.monetate.net
1    23.215.21.78 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-215-21-78.deploy.static.akamaitechnologies.com
a20678180166.cdn.optimizely.com
1    52.213.34.91 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-34-91.eu-west-1.compute.amazonaws.com
f.monetate.net
1    108.129.58.254 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-129-58-254.eu-west-1.compute.amazonaws.com
p-eu.brsrvr.com
3    34.111.140.246 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 246.140.111.34.bc.googleusercontent.com
logx.optimizely.com
Apex Domain
Subdomains		 Transfer
42 diy.com
www.diy.com — Cisco Umbrella Rank: 116556
2 MB
6 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 905
a20678180166.cdn.optimizely.com — Cisco Umbrella Rank: 180933
logx.optimizely.com — Cisco Umbrella Rank: 1577
89 KB
5 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 3160
166 KB
4 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1207
31 KB
4 digikfplc.com
ccl-prod.cache.ap.digikfplc.com — Cisco Umbrella Rank: 142731
11 KB
3 monetate.net
se.monetate.net — Cisco Umbrella Rank: 6543
f.monetate.net — Cisco Umbrella Rank: 9837
68 KB
3 woosmap.com
api.woosmap.com — Cisco Umbrella Rank: 66443
sdk.woosmap.com — Cisco Umbrella Rank: 55062
25 KB
2 brsrvr.com
cdns.brsrvr.com — Cisco Umbrella Rank: 12010
p-eu.brsrvr.com — Cisco Umbrella Rank: 34447
21 KB
2 googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 371
63 KB
1 truste.com
consent.truste.com — Cisco Umbrella Rank: 9214
12 KB
1 certona.net
edge1.certona.net — Cisco Umbrella Rank: 15684
4 KB
1 awstrack.me
ff8czqdm.r.eu-west-1.awstrack.me
147 B
73 12
Domain Requested by
42 www.diy.com 1 redirects www.diy.com
5 consent.trustarc.com consent.truste.com
www.diy.com
4 tags.tiqcdn.com www.diy.com
tags.tiqcdn.com
4 ccl-prod.cache.ap.digikfplc.com www.diy.com
3 logx.optimizely.com www.diy.com
2 se.monetate.net tags.tiqcdn.com
se.monetate.net
2 maps.googleapis.com www.diy.com
2 api.woosmap.com www.diy.com
2 cdn.optimizely.com www.diy.com
1 p-eu.brsrvr.com www.diy.com
1 f.monetate.net se.monetate.net
1 a20678180166.cdn.optimizely.com cdn.optimizely.com
1 cdns.brsrvr.com tags.tiqcdn.com
1 sdk.woosmap.com www.diy.com
1 consent.truste.com www.diy.com
1 edge1.certona.net www.diy.com
1 ff8czqdm.r.eu-west-1.awstrack.me 1 redirects
73 17
Subject Issuer Validity Valid
www.diy.com
GlobalSign GCC R3 DV TLS CA 2020		 2023-07-19 -
2024-08-19		 a year crt.sh
www.certona.net
R3		 2023-12-18 -
2024-03-17		 3 months crt.sh
*.cache.ap.digikfplc.com
Amazon RSA 2048 M02		 2023-05-14 -
2024-06-11		 a year crt.sh
*.truste.com
Amazon RSA 2048 M02		 2023-11-18 -
2024-12-15		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M01		 2023-04-18 -
2024-05-17		 a year crt.sh
*.trustarc.com
Amazon RSA 2048 M02		 2023-04-17 -
2024-05-14		 a year crt.sh
cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-09-04		 a year crt.sh
woosmap.com
Cloudflare Inc ECC CA-3		 2023-08-08 -
2024-08-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
*.brsrvr.com
Go Daddy Secure Certificate Authority - G2		 2023-08-01 -
2024-09-01		 a year crt.sh
www.monetate.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-06-30 -
2024-06-29		 a year crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018		 2024-01-25 -
2025-01-27		 a year crt.sh
*.monetate.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-28 -
2024-09-27		 a year crt.sh
logx.optimizely.com
GTS CA 1D4		 2024-02-08 -
2024-05-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.diy.com/find-a-store
Frame ID: 7924C2083DE56853A6E35165334AEF56
Requests: 72 HTTP requests in this frame

Frame: https://a20678180166.cdn.optimizely.com/client_storage/a20678180166.html
Frame ID: 55DF13CE8532C293607BDD2D3F9E7D3D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Find a store | DIY at B&QStore markerMenuSearchIdeas & AdviceStoresBasketLocationPrevious arrowCloseCloseCloseCloseClose

Page URL History Show full URLs

  1. https://ff8czqdm.r.eu-west-1.awstrack.me/L0/https:%2F%2Fwww.diy.com%2Ffind-a-store%2F/1/0102018dd0a60d2a-54b2fd19-0a8... HTTP 302
    https://www.diy.com/find-a-store/ HTTP 301
    https://www.diy.com/find-a-store Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js
Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

73
Requests

99 %
HTTPS

24 %
IPv6

12
Domains

17
Subdomains

17
IPs

4
Countries

2390 kB
Transfer

7146 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ff8czqdm.r.eu-west-1.awstrack.me/L0/https:%2F%2Fwww.diy.com%2Ffind-a-store%2F/1/0102018dd0a60d2a-54b2fd19-0a82-4f36-a2ff-2c017470e6da-000000/BBhPsnrFP6b-2M8VZGOr-xv9w1U=362 HTTP 302
    https://www.diy.com/find-a-store/ HTTP 301
    https://www.diy.com/find-a-store Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

73 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request find-a-store
www.diy.com/
Redirect Chain
  • https://ff8czqdm.r.eu-west-1.awstrack.me/L0/https:%2F%2Fwww.diy.com%2Ffind-a-store%2F/1/0102018dd0a60d2a-54b2fd19-0a82-4f36-a2ff-2c017470e6da-000000/BBhPsnrFP6b-2M8VZGOr-xv9w1U=362
  • https://www.diy.com/find-a-store/
  • https://www.diy.com/find-a-store
552 KB
101 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
bbabb59d22659ea644d0e3f827ffed06b71dc81795da426b781e8555edb5d1b3
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
content-type
text/html; charset=utf-8
date
Fri, 23 Feb 2024 16:03:16 GMT
referrer-policy
strict-origin-when-cross-origin
server
CloudFront
server-timing
dtSInfo;desc="0", dtRpid;desc="620888236"
strict-transport-security
max-age=31536000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-id
ZiAxNaaKJrfAxKc7NqLlceWCT8yCJ0Gr59NMg0b805E_19y3Iv5IDg==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-oneagent-js-injection
true
x-ruxit-js-agent
true
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-xss-protection
1; mode=block

Redirect headers

content-length
0
date
Fri, 23 Feb 2024 16:03:16 GMT
location
/find-a-store
server
CloudFront
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-id
oDqVaJfXKvPedS21D_OA98-wbzESsO6HEVXXZoPaW403qi-ogAsKrA==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
ruxitagentjs_A27NVfghjqrtux_10267230522124059.js
www.diy.com/ 		199 KB
200 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/ruxitagentjs_A27NVfghjqrtux_10267230522124059.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
2345ee038c30c2ff6bc5c288ca99f522808d8ebfc33940e2ea619e7aad99b28a
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

expires
Sat, 22 Feb 2025 04:56:39 GMT
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
date
Fri, 23 Feb 2024 16:02:40 GMT
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
37
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
server
CloudFront
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
Ux_zjT5lw2-m0YErJ8HksE7xL4pkxp4f-Qms_6_dI6ljmdrrDkR33Q==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
GoodHome-Regular.woff2
www.diy.com/spa/fonts/ 		38 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/fonts/GoodHome-Regular.woff2
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
0bc6649d2943e76bc5dc4c8ccf9d97dab669705bc7a9051f2a4e9b9a7f31023f
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.diy.com/find-a-store
Origin
https://www.diy.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 12:27:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
99357
x-dns-prefetch-control
off
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:06 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
https://www.diy.com
cache-control
public, max-age=259200
accept-ranges
bytes
timing-allow-origin
*
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
tB7-_Bo2qhC4R5YwXJ2MN0L0jt4Mte2fZp-0WU3JJkFPaXjSGq8Srw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
GoodHome-Bold.woff2
www.diy.com/spa/fonts/ 		35 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/fonts/GoodHome-Bold.woff2
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
219082c2e60f64f1b33eb165c534796cfbcd4b0e269f827e3bd208bf6853bc67
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.diy.com/find-a-store
Origin
https://www.diy.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Wed, 21 Feb 2024 23:44:57 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
145099
x-dns-prefetch-control
off
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:06 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
https://www.diy.com
cache-control
public, max-age=259200
accept-ranges
bytes
timing-allow-origin
*
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
dJQp8sh0lShanknsiTKvsSnstLSRXGam0dsR1OAS1o_ZxgvTmxHuIQ==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
hash-2fe2b195c7a91a5fc359.css
www.diy.com/spa/ 		187 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/hash-2fe2b195c7a91a5fc359.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ed734600889e84edcdf63d67266b8949474fc89542091d09803412183dd8524c
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="264123442"
content-length
43839
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
u-30t116_9eLJ1UelAeOgYgieZYLGUYovNJDrUuqvOfAA5SJwAGkBA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
1.hash-2fd7b2d57cce9c355048.css
www.diy.com/spa/ 		4 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/1.hash-2fd7b2d57cce9c355048.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
662b16c7b576eddeb77bb0a322d100d2e13b674484edc49df285af6edc6c7d6d
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-568143015"
content-length
1442
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
M83QtTyf6pFpFEjrsU3BF9AY9OEJQ2ST9QzklZU_dOKp2KuH7xmgZw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
21.hash-b6c13483591a3a88cb63.css
www.diy.com/spa/ 		836 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/21.hash-b6c13483591a3a88cb63.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
eed54fd7593a60f6530ff91672334210b11e5a29a228e9dc7d22ca354a8a7129
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-2055344896"
content-length
415
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
nFIVsaqxeLWtCz5au9kWCsWPN18B4bZxYFI2JCxqbU21qH8YFeLeFA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
210.hash-fc4cdbb3ccfa71f53a8d.css
www.diy.com/spa/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/210.hash-fc4cdbb3ccfa71f53a8d.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
dda8832d4b240ed32011510eb39c926f77919bfa5fea0a5780c89dee7425818d
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1365073271"
content-length
918
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
sJiGt5SkoY58bl8w8My1mEX6_9tioAyCXc4OeQLscMrol2M2Psqw-w==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
8.hash-fe67980503e630bc7b16.css
www.diy.com/spa/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/8.hash-fe67980503e630bc7b16.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
65712b15a57059cc28bdbf4caa056f19d4719740a4aea219ad3db2c065864eb2
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1165840104"
content-length
1297
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
_t0QpB25HBIdenp9q_fJpU7Ra1l1VrJbRYIFAcLtxb90QskZB0fzNQ==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
11.hash-af2eda42db813bfebae8.css
www.diy.com/spa/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/11.hash-af2eda42db813bfebae8.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e5afe90ec74b143c30c05e45be2328b800e6ac787be276fab654726413eb7994
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-2017982646"
content-length
680
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
3vC84wIbXZbVxd6xXU7CWSpbr9SG53kr9r7S1w4dtpypTMEgqtphiw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
121.hash-935efe1acb73458b026d.css
www.diy.com/spa/ 		14 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/121.hash-935efe1acb73458b026d.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
d01b51120a0f4ff875a7b5aeb8bd78ae55f5e2fd48b6a2618e2b6ebe37575f80
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="2038802456"
content-length
3863
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
6YCYJklpE6c1d77-NRG4vdt1ZOv7gMY8xr-bUl-cFZKGYaf5d81DUQ==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
213.hash-3b835c37df569da6db41.css
www.diy.com/spa/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/213.hash-3b835c37df569da6db41.css
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
47cc9a4759abc29ebc3de104db1977c46e95bcec41d1ad57cad8b8ba353ea5a9
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="1152568597"
content-length
559
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
GP6Tjo3mNGhYvjqAPe41hOPF1wNOrW8EHmvQPDYVRL6DtO5MlO8Ivg==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
resonance.js
edge1.certona.net/cd/b910725a/www.diy.com/scripts/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge1.certona.net/cd/b910725a/www.diy.com/scripts/resonance.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.38.98.119 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-38-98-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d8a36778153292138dffecf9983dfb48745f028bdfa1c49bc591caacce778764

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2019 18:02:32 GMT
server
etag
"ead9d06bd9e0d41:0"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
3590
expires
Sat, 24 Feb 2024 16:03:16 GMT
jquery.initial.min.js
www.diy.com/skins/common/js/ 		967 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/skins/common/js/jquery.initial.min.js?async
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
835cfd875792323572e799e6b7ead73a71ee696b8001bfcaf84ee23e7e41db04
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
server
CloudFront
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
x-king-hop
prodw
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
Cs3eSYj37xVAeaBqbQbUdLbq6suSVVDH1aCC4iDRUHrnryXJpGtfkg==
expires
0
c08f9.svg
www.diy.com/spa/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/c08f9.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
2810cf878e9b2dbbac6f1bd9191d11652c143e76eaaf6f58c4a572aa460c2ea0
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1379252259"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
DmFy9rfFjieakLo63DjwqmlLmLlL1qILblW2R2DDF1cqh4HIqIRVkA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
BQ_icons-services-clickandcollect-ff6600-nobg.svg
ccl-prod.cache.ap.digikfplc.com/icons/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ccl-prod.cache.ap.digikfplc.com/icons/BQ_icons-services-clickandcollect-ff6600-nobg.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7813e27b6f622494f08afea9e31b4434f477d01d04928604970acc7d69f889fd

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
81sNVDS.3eWv0jKSi7RThQjdp._eZGrJ
date
Fri, 23 Feb 2024 16:03:12 GMT
via
1.1 fd6dc3eaf39d0b931b4b1369a7e91ac0.cloudfront.net (CloudFront)
last-modified
Wed, 07 Feb 2024 16:07:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
9
x-amz-server-side-encryption
AES256
etag
"15e4d2ce82290828693b78af4232007a"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
'max-age=604800'
accept-ranges
bytes
content-length
2550
x-amz-cf-id
XeoxAP18kuhIYF3qkOItqdFMluLdLhJgavsJ4gUwnx7IKF0Xk0rPbw==
notice
consent.truste.com/ 		39 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.truste.com/notice?domain=diy.com&c=teconsent&text=true&gtm=1&language=en&js=nj&noticeType=bb
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.9.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-9-20.cdg53.r.cloudfront.net
Software
/
Resource Hash
f1797cd3ee2ddb6d6c690cad3574302ee1d1c4256933e040e7869866d26cec5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.diy.com/
Origin
https://www.diy.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 15:47:38 GMT
content-encoding
gzip
via
1.1 35edfe00d0c28f55b85d2366a87b40f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
CDG53-C1
age
938
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
*
x-amz-cf-id
n6mpikklLwZrqhRqce8QE4EjB02eHnzxQHMnpxbDZVTsOAk3WHowLw==
92.hash-0cd2421ee3aa4d17a60b.js
www.diy.com/spa/ 		3 MB
660 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/92.hash-0cd2421ee3aa4d17a60b.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3b0e62a89d588061fa2db1585d01edbb90582e18ce08a477197e6d2554531fdc
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="1"
content-length
673400
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
2QCxsasYf6IvIZbOxPSVusPw1--M8opY13j9s2ZR4wrbyVtf8SGusw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
93.hash-86acfd245525db37012b.js
www.diy.com/spa/ 		1 MB
415 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/93.hash-86acfd245525db37012b.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
92a5b421af88d97dbabdded78fe0708c06da65547d4cc91a873dea71c77e85d9
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="973506965"
content-length
423242
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
USzHHQ1Avy3zIWTHgXhrYBKtKV9TxUmakDbhkAxtmCBYfaWEKqWHrw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
hash-7442c8524bfff79544dc.js
www.diy.com/spa/ 		162 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/hash-7442c8524bfff79544dc.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9c5ae2c3bc3b94d4ac82f5e9586eca64eb986b94804a2c7cad3557d4f7fd9428
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="231132567"
content-length
51473
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
Qj2-pCRPHzv1AqCt-VPDF0tvSDNBmKTlBHhWoywUg4fdkeNEdJOGTw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
1.hash-24e15d2c36e2119890b1.js
www.diy.com/spa/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/1.hash-24e15d2c36e2119890b1.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3b154a9000f87573bb3d8b75a2ef46b2a492b9cb1e04f82944b1350e08da3197
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="700672990"
content-length
4410
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
36Av9mFViAREFn8aprC3atqaeMXt2CSrWqMl2yfwSgjC92h9q1WykA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
21.hash-abd7c94a624fd26e9fe3.js
www.diy.com/spa/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/21.hash-abd7c94a624fd26e9fe3.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
10da106759ae6c9aa2712c69c3ce1655b85e476eff00ca87875c0a834cd02b46
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-920994483"
content-length
3394
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
DTr4GNnNZzHhFbqGP6aWt8jrE3RQFES_D5FN930Bog9wYZM6DB5lQg==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
210.hash-6d7d2b9823c843607354.js
www.diy.com/spa/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/210.hash-6d7d2b9823c843607354.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
407789bcab0dfc2795b0ed1838cb25af0f18a7efbfb74651910cd1af4bcd00be
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1999084418"
content-length
2765
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
2vCHno0ca5clmDC2yHOMKuI1VDtFlfQ7yWcPslJngePQMxjSABbefw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
0.hash-de963341f1cf572251fb.js
www.diy.com/spa/ 		71 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/0.hash-de963341f1cf572251fb.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ad241dc799286a50a5cd70fe3e88bd0571306eea56f86df7f56c1e000ef88c3e
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="1488510585"
content-length
23324
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
DHx6_AOYTZ0iR9Pv509h2F_wZmwGW2TgttGHW8LrdUNUqQD-G7Zx8w==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
7.hash-35f1b8796f81ac3b1ae2.js
www.diy.com/spa/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/7.hash-35f1b8796f81ac3b1ae2.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
91f3f1b3b1278d61138cdd9d1eaf1a386b7bcd3a5cc92674b4ef7db03c5340e8
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="682018986"
content-length
9118
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
z3BzBnzH4UXjGP5-k-47wmq-wuEs2NdJUmeJqbQeMOVITq14d3FuYw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
8.hash-cdbd78b1846191a2403f.js
www.diy.com/spa/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/8.hash-cdbd78b1846191a2403f.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c8bb476d5085390e8a7a6fe07b7041a0aa5bf9769e019f8ec9a66198b6a4b5b0
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-989416968"
content-length
6453
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
L5GJBD4Ol1ShA7DyNxuQaWy-MRQ_vfzRL32UT6Z6RDbJIOTdUXwd9g==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
11.hash-920ef717dfd51ba96daa.js
www.diy.com/spa/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/11.hash-920ef717dfd51ba96daa.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ac000a9ca9ca474a3632efdc9f1e9db1f61c9e257da81d7274be1622c843a757
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1034226614"
content-length
2904
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
-eqwPLvPfXX6LBB5cbmAHzXZcnkV0FQ4uImCA8Tl8TFKWsyv8dUbYQ==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
121.hash-e2baff3e06ac46a45348.js
www.diy.com/spa/ 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/121.hash-e2baff3e06ac46a45348.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
75975d31122d2e8d108d1d7013a637ffb48974d2f0513bd72f03fafe2e6eb11f
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="2095560579"
content-length
12181
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
F7u58AuhiunDW70nv3BwJzk07W-clX61PN1ntD3yK4ehVhcD2C3z2g==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
151.hash-644ecfb53ab4518f985a.js
www.diy.com/spa/ 		392 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/151.hash-644ecfb53ab4518f985a.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a3a3877b36ce26661576a2b52eb0baccd0f4cf211621dbabab0b63b9b0bd18ce
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1159779265"
content-length
292
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
TRqWuf0MA4ijJWM8dJCYSaJwzbbnHA2wB0PIK_peABlXRRMtd3XhAA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
2.hash-adaea8e743168503cdd3.js
www.diy.com/spa/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/2.hash-adaea8e743168503cdd3.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9af2a9d01e4171f8d4a6021c4119fcd4bf1429be648765ecab011f98ae8a201a
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="1235774645"
content-length
4547
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
KQeB6KzPnAxIcCFD2A-a57SMvcVTTiyClG_Zcoaxsg-qhbwSvcud9w==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
95.hash-42cc99be8db6abd3d149.js
www.diy.com/spa/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/95.hash-42cc99be8db6abd3d149.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
773ce40b36abc6eb6176a8c751dd33755a9fd16bd4b2a4095fb5b27aac674662
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="560119043"
content-length
2764
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
7hq3SERvgx2p3lqtmD3cdafTB6GKgDEJn8Uv9AkKbAI_dVNs5LO_cg==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
137.hash-a236995ed9cd59bfa690.js
www.diy.com/spa/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/137.hash-a236995ed9cd59bfa690.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
980411ff8e878d7fe44930c9019f533d7528ebf201cd19dcbf5858b205ff0ec0
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="1574136561"
content-length
1022
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
s8taWr7nSqIFhrDNP2Q4aJ-5fTWAoketiewPeBqi-dZdJ-aWFfU6EA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
213.hash-0e135fb544f78df466a1.js
www.diy.com/spa/ 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/213.hash-0e135fb544f78df466a1.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ced250a69d2df795b025167d2906aed5eae452c0a83b5105cf6ca839c6c28877
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="779704819"
content-length
2588
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
5Pppe7ZAKQt8aZGUGuj9KpMjokacF2_feIzgFa567nrXtbFAlPPGFQ==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
utag.js
tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/ 		93 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:9600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
07d08f41545e81f76c74cd6c9f655ce80419c72db2f4460c4a59808ec53fb9d2

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
faGwX9_2xRyPq1IOTVskJZXi9VJ4x8fN
content-encoding
br
via
1.1 2d22bd8fe92380401bbc1d8cc010e5a0.cloudfront.net (CloudFront)
date
Fri, 23 Feb 2024 16:03:16 GMT
last-modified
Tue, 20 Feb 2024 11:22:09 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
age
124
x-amz-server-side-encryption
AES256
etag
W/"db52e9a3904ce9f98c13919b6f4041ff"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
gDY4HIZKaXe201wH5gnSI-jotZdfs373sTlBOxVhj0ai1ly9InsE6w==
92352.svg
www.diy.com/spa/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/92352.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
384b6fc69c90f63c976359322e3f8911bf0168e3b7f8c55bc72b7b47eb4941f4
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="2115429287"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
GbpP7FVacUTgMBQi2Ny_fgFwSNYQQYkydf_m6IKyKjqSv_Ez_pqr6A==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
ac483.svg
www.diy.com/spa/images/ 		352 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/ac483.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9aaf37e1ce1c8678124c75bb51804c9164636e6184d24ea954c62565d872de5b
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="878947227"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
2SbLPyU1NoX15jsPMhA3Mnp-Kybh3ubuDESHhxLscTow883hM0Xisw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
b915f.svg
www.diy.com/spa/images/ 		683 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/b915f.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a36c1ae061e81b9a978296f35b0a6c1560fccca46c5319f61da9f737e997a698
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-149798968"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
fva_Kbgl7Is3Iqj7MMJWc70joXRLNASBkzAr22Rq1gcQ8rDg5W-f6g==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
5be44.svg
www.diy.com/spa/images/ 		263 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/5be44.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
64b825648a8abd527021f7d13b366324cb7426ab73c7216dc7472a059d2d4b60
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="2030650265"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
rCiNjNLE9XXDYi-I4U6xNMFZWSLkXDbDgxLu-S7-p_Yf4PggErMYMA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
1c81d.svg
www.diy.com/spa/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/1c81d.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
6a9bcac2dffe179e80dc2411e6bcf571a705af0ca0d2ef0fd9a36902b9512479
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-1892938798"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
LGma9u59cKZFkcBwjHCzKy0Wi11hWm7ZWakhNA9Ukegacs0f35eZjw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
e961d.svg
www.diy.com/spa/images/ 		619 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.diy.com/spa/images/e961d.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9a92bbe8f02408c8aefccb584065314a96a166a3daeac4ca4329927962341c52
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="-13163260"
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
Y5g0itmh58WGcj4lkkBV7-zYN_KLGBPm-9GU2LKxQG23DwKDJwSqqA==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
v1.7-4958
consent.trustarc.com/asset/notice.js/v/ 		92 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-4958
Requested by
Host: consent.truste.com
URL: https://consent.truste.com/notice?domain=diy.com&c=teconsent&text=true&gtm=1&language=en&js=nj&noticeType=bb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
34cf6eaf75a41d0074b51d3628bd44fee78f2dab3cbfd20abb1617f85a02e725
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.diy.com/
Origin
https://www.diy.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma
public
date
Fri, 23 Feb 2024 15:59:40 GMT
via
1.1 48c20cb247b267a59a8191c4d3bd787c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Thu, 15 Feb 2024 17:13:10 GMT
x-amz-cf-pop
MUC50-C1
age
220
x-cache
Hit from cloudfront
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
content-length
93887
x-amz-cf-id
nL85b9F-3bCMCueFyNp9NnKhh4qdBAdakSUokhUShyI1-PvRr8jcUg==
log
consent.trustarc.com/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/log?domain=diy.com&country=gb&state=&behavior=implied&session=03ecb6a8-ac2c-48df-b16b-ceded39a7ac1&userType=NEW&c=3ad6
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Content-Security-Policy object-src 'none'; frame-ancestors https://*.trustarc.com https://*.prod.internal.trustarc.com https://*.trustarc.eu https://*.prod.internal.trustarc.eu https://*.staging.internal.trustarc.com https://*.trustarc-svc.net https://*.truste-svc.net https://*.qa.truste-svc.net https://*.dev.truste-svc.net http://localhost:* https://*.nymity.com https://*.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-security-policy
object-src 'none'; frame-ancestors https://*.trustarc.com https://*.prod.internal.trustarc.com https://*.trustarc.eu https://*.prod.internal.trustarc.eu https://*.staging.internal.trustarc.com https://*.trustarc-svc.net https://*.truste-svc.net https://*.qa.truste-svc.net https://*.dev.truste-svc.net http://localhost:* https://*.nymity.com https://*.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
x-amz-cf-pop
MUC50-C1
cross-origin-embedder-policy
unsafe-none
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
cross-origin-opener-policy
cross-origin
expect-ct
enforce, max-age=60
x-frame-options
SAMEORIGIN
vary
Origin
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy
geolocation=(), camera=(), speaker=(), microphone=(), vibrate=()
x-amz-cf-id
s5xmY08f0mqoBABAJLuXjzuNQvr_tcbpW0dZNGouIRUMybSU9F3ykg==
expires
Mon, 26 Jul 1997 05:00:00 GMT
jquery.bundle.min.js
www.diy.com/skins/common/js/ 		293 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/skins/common/js/jquery.bundle.min.js?seed=AADosdaNAQAARLrUJF7ojueZ96SIEvDpj2jURD0cN2GUryxkUHrnvMBG6uGR&jDRBGbR12T--z=q
Requested by
Host: www.diy.com
URL: https://www.diy.com/skins/common/js/jquery.initial.min.js?async
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b954d32d2bf40fd8e659d475470ada574e10a535800948c99a2def184233d11d
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubdomains; preload
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
server
CloudFront
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=3600, immutable
x-king-hop
prodw
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
KDQQqEq2XhHtjIWfaudB2svVUrf4td7b7b8YUT_VGMbhxaiJ8u5O7g==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
Gz4QoFaBHv1Dwx5N6Y1AK.json
cdn.optimizely.com/datafiles/ 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/datafiles/Gz4QoFaBHv1Dwx5N6Y1AK.json
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:88e::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7242e409e5ab92c91fa72b998c9c75267e6c1990e3f94f4a7ffe695f8302ffd9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
1WUOF6T1YUy5JskCVNW0Qr5orKQqT9WV
content-encoding
gzip
date
Fri, 23 Feb 2024 16:03:17 GMT
strict-transport-security
max-age=15768000
x-amz-request-id
N0EERHA41WVAV165
x-amz-server-side-encryption
AES256
x-amz-meta-revision
1107
x-amz-replication-status
COMPLETED
server-timing
cdn-cache; desc=HIT, edge; dur=21, origin; dur=0, cdn;desc="AkamaiION";dur=0,rtt;desc="35";dur=0,cdnip;desc="2a02:26f0:3500:88e::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="1708704196987_388276615_2578073624_2132_1375_35_38_219";dur=1
content-length
3563
x-amz-id-2
wXJEs3v4uerx+7X/Dpy4+gJDBAjQA5ygGYxLyCAgX/Ki+duL7IcEizhN/3tFC9Vc6Yt7BfVTds0=
last-modified
Fri, 23 Feb 2024 08:55:19 GMT
server
AmazonS3
etag
"88e3fd557862ce96d3adfcf57d6f5668"
vary
Accept-Encoding
access-control-max-age
604800
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD, OPTIONS
cache-control
max-age=118
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
214.hash-31e5f6904b2821a6a830.js
www.diy.com/spa/ 		203 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/spa/214.hash-31e5f6904b2821a6a830.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/spa/hash-7442c8524bfff79544dc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
4640afcca2709e8c2f2406f9da022e770a0ffbfcae7df17427bf1bc50bf5bc89
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/find-a-store
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-pop
CDG50-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
server-timing
dtSInfo;desc="0", dtRpid;desc="831502624"
content-length
57234
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 19 Feb 2024 15:23:07 GMT
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=259200
accept-ranges
bytes
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
EujCg5PRfHh6EpRsOnq8gSTs0GMUXXVr0fTPdjdxneP8M5O-sjFFZQ==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
/
api.woosmap.com/geolocation/position/ 		315 B
518 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.woosmap.com/geolocation/position/?key=woos-923415c6-622a-3602-879e-1b1f419f53bd
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.50.214 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7663886c298130e6d7d3902808466cf4e8f94cbde20f361c7739300e139ca0f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.diy.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
br
referrer-policy
same-origin
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
cross-origin-opener-policy
same-origin
x-frame-options
DENY
x-ratelimit-remaining
49
content-type
application/json
access-control-allow-origin
https://www.diy.com
x-ratelimit-reset
1708704198
x-ratelimit-limit
50
cf-ray
85a0b2afed543864-LHR
alt-svc
h3=":443"; ma=86400
js
maps.googleapis.com/maps/api/ 		183 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyCz3Z8srEZPiwbV3WQOPZvf7uE6Vj9X0Co&language=en
Requested by
Host: www.diy.com
URL: https://www.diy.com/spa/92.hash-0cd2421ee3aa4d17a60b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
2e75883bfce103e0b7c12d7aab775535529609a554473638286eb6264e5ca046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64186
x-xss-protection
0
localities.2.0.js
sdk.woosmap.com/localities/ 		67 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.woosmap.com/localities/localities.2.0.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/spa/92.hash-0cd2421ee3aa4d17a60b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.51.214 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f6190369c27ce2c898e47f3e8c9973411fc69d3f15f8960f77fec1dc6a3a56b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
via
1.1 342bd3a234d20ba4b06602553c91244c.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
x-amz-cf-pop
LHR50-P6
age
420
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 26 Jul 2023 12:20:08 GMT
server
cloudflare
etag
W/"034c05ae5cd47ea1a291a5aa2419bd1c"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=1800
cf-ray
85a0b2b0999c71c9-LHR
x-amz-cf-id
MGDICNMfpx1ptsppZzJlJd8jgvU4WbyPqDFLZZugklNDtvnB6WtELA==
/
api.woosmap.com/geolocation/position/ 		315 B
266 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.woosmap.com/geolocation/position/?key=woos-923415c6-622a-3602-879e-1b1f419f53bd
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.50.214 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7663886c298130e6d7d3902808466cf4e8f94cbde20f361c7739300e139ca0f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.diy.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
br
referrer-policy
same-origin
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
cross-origin-opener-policy
same-origin
x-frame-options
DENY
x-ratelimit-remaining
48
content-type
application/json
access-control-allow-origin
https://www.diy.com
x-ratelimit-reset
1708704198
x-ratelimit-limit
50
cf-ray
85a0b2b09ea43864-LHR
alt-svc
h3=":443"; ma=86400
BQ_icons-services-homedelivery-ff6600-nobg.svg
ccl-prod.cache.ap.digikfplc.com/icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ccl-prod.cache.ap.digikfplc.com/icons/BQ_icons-services-homedelivery-ff6600-nobg.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be8c30430cf0ae7887aa1ebf0fdf545de4434c394ff49ff14455824defb3e236

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
4_Vlis7nVEV9LLzOHTKPOy7OpKs4v1OA
date
Fri, 23 Feb 2024 16:02:31 GMT
via
1.1 fd6dc3eaf39d0b931b4b1369a7e91ac0.cloudfront.net (CloudFront)
last-modified
Wed, 07 Feb 2024 16:07:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
48
x-amz-server-side-encryption
AES256
etag
"2ea702be2f70a4db3fdb510f9268e34b"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
'max-age=604800'
accept-ranges
bytes
content-length
1966
x-amz-cf-id
5AujgFYK87Rfg132bQhq-MKkKJWfIQv6_IyPUiKp7FmuuFD8s0VEFQ==
BQ_icons-services-returns-ff6600-nobg.svg
ccl-prod.cache.ap.digikfplc.com/icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ccl-prod.cache.ap.digikfplc.com/icons/BQ_icons-services-returns-ff6600-nobg.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
eb2eefba91eb05ee6f1c1ce64eeed82fa4250614df768bc123b944cddbdd02e6

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
92gzXVOSWNyd5TzHRs_Cg3xDzlvwofJg
date
Fri, 23 Feb 2024 16:02:54 GMT
via
1.1 fd6dc3eaf39d0b931b4b1369a7e91ac0.cloudfront.net (CloudFront)
last-modified
Wed, 07 Feb 2024 16:07:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
38
x-amz-server-side-encryption
AES256
etag
"6fb46a9fe4e07950a3c3db1f9065e130"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
'max-age=604800'
accept-ranges
bytes
content-length
2054
x-amz-cf-id
NSbedCpDJ-NTdPNvZnn4BbxzLcEC4-lz99SY-4vLCfLwzTU9ngiJOg==
BQ_icons-services-club-ff6600-nobg.svg
ccl-prod.cache.ap.digikfplc.com/icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ccl-prod.cache.ap.digikfplc.com/icons/BQ_icons-services-club-ff6600-nobg.svg
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.82.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-82-53.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
babf764d1521a31e413d072542b0cd3d059b0028160a7a7077e5a2433d5110b6

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
nH6yMFmoLIF9w0knewvV9ay_aU2R8xFf
date
Fri, 23 Feb 2024 16:02:56 GMT
via
1.1 fd6dc3eaf39d0b931b4b1369a7e91ac0.cloudfront.net (CloudFront)
last-modified
Wed, 07 Feb 2024 16:07:55 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P10
age
26
x-amz-server-side-encryption
AES256
etag
"3961d1ba6fe69a32386e601fb760d667"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
'max-age=604800'
accept-ranges
bytes
content-length
2859
x-amz-cf-id
AuPLgiXtAOHMAmziRgsyGd_gK7sK6qSQRgHewTYxAfCFR7U8jhl6fQ==
roundels.json
www.diy.com/static/settings/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/static/settings/roundels.json
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f9972a93974d889581e3b1193156b573dabba2211e08a110b745cbb37d539342
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.diy.com/find-a-store
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
x-dtpc
-3$504196586_853h5vARJQAKAKHARGARHUEHLLAICKAIFSHGNW-0e0

Response headers

x-amz-version-id
gvE5Ydz.zklwbvdM8H2n.oGvH.P5vHUH
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
br
date
Fri, 23 Feb 2024 16:02:42 GMT
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-amz-server-side-encryption
AES256
age
49
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Fri, 23 Feb 2024 09:14:30 GMT
server
CloudFront
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json
cache-control
''
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-amz-cf-id
Ahs2U7y1nRi5K9nGXXbrC2QMWCjs6BOj23CUT-87q96kZhx_a2z8Vw==
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
22527850193.js
cdn.optimizely.com/js/ 		266 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/22527850193.js
Requested by
Host: www.diy.com
URL: https://www.diy.com/spa/92.hash-0cd2421ee3aa4d17a60b.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:88e::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b84406635f3e9cd908aa31f3df9de5e0eca546418b9ac969f806b8e678fc2cc4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
lkYMon.fbc4TfHXzxjdbdqdh47rN3KOq
content-encoding
gzip
date
Fri, 23 Feb 2024 16:03:17 GMT
strict-transport-security
max-age=15768000
x-amz-request-id
SEVM0G8JYRZQBBJG
x-amz-server-side-encryption
AES256
x-amz-meta-revision
288
x-amz-replication-status
PENDING
server-timing
cdn-cache; desc=REVALIDATE, edge; dur=5, origin; dur=99, cdn;desc="AkamaiION";dur=0,rtt;desc="58";dur=0,cdnip;desc="2a02:26f0:3500:88e::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="1708704197390_388276615_2578075408_10371_1675_56_39_146";dur=1
content-length
84238
x-amz-id-2
tpLjA/gxb2yqOYHMMpXatGVw1h+SytUGMQT+9LhO9cytNY6MN4I+aKFX1H1mpDlRBP12H1z9edQ=
last-modified
Thu, 22 Feb 2024 11:48:14 GMT
server
AmazonS3
etag
"e5a216975af352a96d18de7fe2b4e24d"
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
utag.77.js
tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.77.js?utv=ut4.51.202401291131
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:9600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2072c955b2396515dec3a38421ed9bf6f13001781b8bd1eaba1e75f2eda24beb

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
ih6yw.EjeYbtCwIuBepJsglBNJ.7bdAe
content-encoding
br
via
1.1 2d22bd8fe92380401bbc1d8cc010e5a0.cloudfront.net (CloudFront)
date
Fri, 23 Feb 2024 16:03:17 GMT
last-modified
Tue, 20 Feb 2024 11:22:07 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
age
257
x-amz-server-side-encryption
AES256
etag
W/"692712f2c6f381a63f4d2e8f5d78060d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
JzMpmnrpZzvYka0Dl_rMtltO3WC4mxhXm6Jl7CUiRfYgM6RLzhVmUg==
utag.185.js
tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.185.js?utv=ut4.51.202307031007
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:9600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ce53855e5a1f9b5355e66f0accd3fbff710ae4718e06003623af5b9ce111ff2f

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
ylp8vP2SStclITWupyleEN67zfruewxC
content-encoding
br
via
1.1 2d22bd8fe92380401bbc1d8cc010e5a0.cloudfront.net (CloudFront)
date
Fri, 23 Feb 2024 16:03:17 GMT
last-modified
Tue, 20 Feb 2024 11:22:09 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P3
age
84
x-amz-server-side-encryption
AES256
etag
W/"50d49763028eb1d6d707404bb83f8807"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
lgMpC01QebpEulYrzlRfMWs5dj1DQ70Y5e96osocWWXRnzfMbFS3Dw==
bannermsg
consent.trustarc.com/ 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/bannermsg?action=views&domain=diy.com&behavior=implied&country=gb&language=en&rand=0.29077618886929724&session=03ecb6a8-ac2c-48df-b16b-ceded39a7ac1&userType=NEW
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Content-Security-Policy object-src 'none'; frame-ancestors https://*.trustarc.com https://*.prod.internal.trustarc.com https://*.trustarc.eu https://*.prod.internal.trustarc.eu https://*.staging.internal.trustarc.com https://*.trustarc-svc.net https://*.truste-svc.net https://*.qa.truste-svc.net https://*.dev.truste-svc.net http://localhost:* https://*.nymity.com https://*.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-security-policy
object-src 'none'; frame-ancestors https://*.trustarc.com https://*.prod.internal.trustarc.com https://*.trustarc.eu https://*.prod.internal.trustarc.eu https://*.staging.internal.trustarc.com https://*.trustarc-svc.net https://*.truste-svc.net https://*.qa.truste-svc.net https://*.dev.truste-svc.net http://localhost:* https://*.nymity.com https://*.qanym;; upgrade-insecure-requests; block-all-mixed-content; report-uri https://csp-reporter.tools.trustarc-svc.net/report
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
x-amz-cf-pop
MUC50-C1
cross-origin-embedder-policy
unsafe-none
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
cross-origin-opener-policy
cross-origin
expect-ct
enforce, max-age=60
x-frame-options
SAMEORIGIN
vary
Origin
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy
geolocation=(), camera=(), speaker=(), microphone=(), vibrate=()
x-amz-cf-id
s5TSl6SPTsTtimj4LTQ7T5HzLUjewXBNgORVF1QDtFB2VYhUwwggkQ==
expires
Mon, 26 Jul 1997 05:00:00 GMT
get
consent.trustarc.com/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=GoodHome-Bold.woff2
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
219082c2e60f64f1b33eb165c534796cfbcd4b0e269f827e3bd208bf6853bc67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.diy.com/
Origin
https://www.diy.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma
public
date
Fri, 23 Feb 2024 15:58:19 GMT
via
1.1 48c20cb247b267a59a8191c4d3bd787c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-C1
age
298
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
content-length
35960
x-amz-cf-id
wTBmqXZGyW_FBbhTZ4n0tRmFPdJ8U7wC_8gnIYXqqA7fdmkV0Op3sg==
get
consent.trustarc.com/ 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/get?name=GoodHome-Light.woff2
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
04a1b90a0fc1cc1ae74810a5e3f6a38d71a7bf977a7eb2917d3efea566fb68e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.diy.com/
Origin
https://www.diy.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

pragma
public
date
Fri, 23 Feb 2024 16:01:06 GMT
via
1.1 48c20cb247b267a59a8191c4d3bd787c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-C1
age
131
x-cache
Hit from cloudfront
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
content-length
36748
x-amz-cf-id
s9tU3i2KIU55_ZreiR4urXSGH8PdauLjiu6ZJwegXPDYLg5d5zCrPg==
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		3 B
45 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.diy.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23
x-xss-protection
0
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
432 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=kingfisher/b-and-q-wapp/202402201120&cb=1708704197533
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:9600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Fri, 23 Feb 2024 15:55:09 GMT
via
1.1 2d22bd8fe92380401bbc1d8cc010e5a0.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
489
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
bj6DqJ5BXuDr197rPLLU7XVXq7pV4yuEtPT0Z1dIoxu1AiUKB_khvw==
br-trk-5374.js
cdns.brsrvr.com/v1/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.brsrvr.com/v1/br-trk-5374.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.134.33 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-134-33.compute-1.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
1b57ace9332ab869585b3f72ad04a6123bf267b8abc3fb6bdecc888b1d78597d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
last-modified
Mon, 02 Aug 2021 09:14:27 GMT
server
nginx/1.14.0 (Ubuntu)
accept-ranges
bytes
etag
"6107b773-53c9"
content-length
21449
content-type
application/javascript
entry.js
se.monetate.net/js/2/a-5611da78/p/diy.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://se.monetate.net/js/2/a-5611da78/p/diy.com/entry.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/kingfisher/b-and-q-wapp/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.45.238.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-238-128.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
bea6e9edc128ca7dc2ef1cf8b40eb0221468b5e7bc44954c616792750e166adc

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
gzip
last-modified
Thu, 22 Feb 2024 04:35:31 GMT
server
AkamaiNetStorage
etag
"af1240e3bdb240e4972c03c67239f505:1708576531.812988"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
2938
be3bf506-f42d-42c9-ab10-354d35f12cc8
https://www.diy.com/ 		2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.diy.com/be3bf506-f42d-42c9-ab10-354d35f12cc8
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Length
2479
Content-Type
text/javascript
a20678180166.html
a20678180166.cdn.optimizely.com/client_storage/ Frame 55DF 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a20678180166.cdn.optimizely.com/client_storage/a20678180166.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/22527850193.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.21.78 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-215-21-78.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
11899def9370a9bf4c72943b09e89b06637854e2ee9b8559f837c07257f54f78
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://www.diy.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=120
content-encoding
gzip
content-length
837
content-type
text/html; charset=utf-8
date
Fri, 23 Feb 2024 16:03:17 GMT
etag
"2068ea30dfea86cdf0ce899364e82198"
last-modified
Thu, 22 Feb 2024 11:48:07 GMT
server
AmazonS3
server-timing
cdn-cache; desc=HIT edge; dur=16 origin; dur=0 cdn;desc="AkamaiION";dur=0,rtt;desc="39";dur=0,cdnip;desc="23.215.21.78";dur=0,cdnmap;desc="a4343.a.akamaiedge.net";dur=0,proto;desc="h2";dur=0 ak_p; desc="1708704197787_34664586_95257437_1645_1377_39_44_255";dur=1
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,2
x-amz-id-2
EdZGui6065LU4w2rmC9FLiIuTlaPqJZNGZTS8OpfG2HrG+0olbGbrhin1IZtdRdvcywaPnZBxsc=
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
XBC6C58YNWF2W7GV
x-amz-server-side-encryption
AES256
x-amz-version-id
rGlj5Df7WNz2czOnRAxLYNObw2XerQnT
custom.js
se.monetate.net/js/3/a-5611da78/p/diy.com/t1683541443/0dc2cf22a579ff13/ 		198 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://se.monetate.net/js/3/a-5611da78/p/diy.com/t1683541443/0dc2cf22a579ff13/custom.js
Requested by
Host: se.monetate.net
URL: https://se.monetate.net/js/2/a-5611da78/p/diy.com/entry.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.45.238.128 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-238-128.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0d25aa9d3f296f792ada1874a3aa08555c3b43493441c8d860d76a144ac74c94

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:17 GMT
content-encoding
gzip
last-modified
Thu, 22 Feb 2024 04:35:31 GMT
server
AkamaiNetStorage
etag
"47509144c2008dcc1a10eb82baef7b46:1708576531.130392"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=315360000
accept-ranges
bytes
timing-allow-origin
*
truncated
/ 		89 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type
image/png
1130253761-0
f.monetate.net/trk/4/s/a-5611da78/p/diy.com/ 		70 B
405 B 		Script
General
Check archive.org
Download Go to
Full URL
https://f.monetate.net/trk/4/s/a-5611da78/p/diy.com/1130253761-0?mr=t1683541443&mi=%272.1075468731.1708704197745%27&cs=!t&e=!(viewPage,gt)&pt=unknown&r=%27%27&sw=1600&sh=1200&sc=24&j=!f&u=%27https://www.diy.com/find-a-store%27&fl=!f&hvc=!t&eoq=!t
Requested by
Host: se.monetate.net
URL: https://se.monetate.net/js/3/a-5611da78/p/diy.com/t1683541443/0dc2cf22a579ff13/custom.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.213.34.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-34-91.eu-west-1.compute.amazonaws.com
Software
Monetate /
Resource Hash
3ecbdb375567718b473745dc1f790f23580f6fa98a9df4c97d28845b5eddf9c5

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date
Fri, 23 Feb 2024 16:03:18 GMT
Content-Encoding
gzip
Server
Monetate
Vary
Accept-Encoding
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
no-cache
Server-Timing
total;dur=5.9
Timing-Allow-Origin
*
Content-Length
90
Expires
Thu, 23 Feb 2023 16:03:18 GMT
pix.gif
p-eu.brsrvr.com/ 		43 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p-eu.brsrvr.com/pix.gif?acct_id=5374&cookie2=uid%3D8339462848905%3Av%3D13.0%3Ats%3D1708704198027%3Ahc%3D1&sid=undefined&ref=&tzo=0&rand=0.035191101377634926&title=Find%20a%20store%20%7C%20DIY%20at%20B%26Q&ptype=other&domain_key=diy_com&catalogs=&orig_ref_url=https%3A%2F%2Fwww.diy.com%2Ffind-a-store&ajax=1&type=pageview&lang=en-US&url=https%3A%2F%2Fwww.diy.com%2Ffind-a-store&version=13.0
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.129.58.254 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-129-58-254.eu-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.diy.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Fri, 23 Feb 2024 16:03:18 GMT
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx/1.14.0 (Ubuntu)
content-length
43
content-type
image/gif
events
logx.optimizely.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.140.246 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
246.140.111.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.diy.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://www.diy.com
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
access-control-max-age
1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 23 Feb 2024 16:03:18 GMT
server
istio-envoy
timing-allow-origin
*
via
1.1 google
x-envoy-decorator-operation
events-smart-router.edp-prod.svc.cluster.local:8080/*
x-envoy-upstream-service-time
0
events
logx.optimizely.com/v1/ 		0
96 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.140.246 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
246.140.111.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.diy.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 23 Feb 2024 16:03:18 GMT
x-envoy-decorator-operation
events-smart-router.edp-prod.svc.cluster.local:8080/*
via
1.1 google
server
istio-envoy
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.diy.com
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-request-id
29acfc58-c98b-48da-a3c5-8a2cb2437f8b
events
logx.optimizely.com/v1/ 		0
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: www.diy.com
URL: https://www.diy.com/find-a-store
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.140.246 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
246.140.111.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.diy.com/
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 23 Feb 2024 16:03:18 GMT
x-envoy-decorator-operation
events-smart-router.edp-prod.svc.cluster.local:8080/*
via
1.1 google
server
istio-envoy
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.diy.com
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-request-id
b6cc4a04-6f7d-4e15-8075-2fedb1b0b155
rb_bf70766xfx
www.diy.com/ 		121 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/rb_bf70766xfx?type=js3&sn=v_4_srv_-2D3_sn_T9H2FE6VHF31GI436FGK3GGLLEP7F3HG&svrid=-3&flavor=post&vi=ARJQAKAKHARGARHUEHLLAICKAIFSHGNW-0&modifiedSince=1708687904601&rf=https%3A%2F%2Fwww.diy.com%2Ffind-a-store&bp=3&app=7457707b1f8ae747&crc=769433385&en=30mmlqet&end=1
Requested by
Host: www.diy.com
URL: https://www.diy.com/ruxitagentjs_A27NVfghjqrtux_10267230522124059.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
98698b13f4768dfaec8a300d144d462bb6131e01252d941abb11ace9f5f34bcd
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.diy.com/find-a-store
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 23 Feb 2024 16:03:19 GMT
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
server
CloudFront
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.diy.com
x-amz-cf-id
vz7kO-vE1SH4WHfNXdxTE8c5C5ovIjEAgaCiaw0JIWt74y9hzwds1A==
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
rb_bf70766xfx
www.diy.com/ 		121 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.diy.com/rb_bf70766xfx?type=js3&sn=v_4_srv_-2D3_sn_T9H2FE6VHF31GI436FGK3GGLLEP7F3HG&svrid=-3&flavor=post&vi=ARJQAKAKHARGARHUEHLLAICKAIFSHGNW-0&modifiedSince=1708687904601&rf=https%3A%2F%2Fwww.diy.com%2Ffind-a-store&bp=3&app=7457707b1f8ae747&crc=2898474271&en=30mmlqet&end=1
Requested by
Host: www.diy.com
URL: https://www.diy.com/ruxitagentjs_A27NVfghjqrtux_10267230522124059.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2117:d600:1f:e5ef:1e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
98698b13f4768dfaec8a300d144d462bb6131e01252d941abb11ace9f5f34bcd
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.diy.com/find-a-store
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 23 Feb 2024 16:03:21 GMT
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 59778df72778f60e4701bb8768b14bcc.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
server
CloudFront
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.diy.com
x-amz-cf-id
EIci3eeG-B1YvJBp_Gm9-qMMvLdO52BiPudnXFaPJ-kZk275cRRh8A==
x-webkit-csp
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
x-content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| dT_ object| utag_cfg_ovrd object| truste function| shouldRepop function| shouldResolveConsent string| userType object| $temp_box_overlay_border object| $temp_closebtn_style string| $temp_externalcss string| ClickTalePIISelector object| dtrum object| dynatrace object| __LOADABLE_LOADED_CHUNKS__ object| __core-js_shared__ object| core function| setImmediate function| clearImmediate function| filterCSS function| filterXSS string| tagCheck function| Hammer object| _uxa boolean| utag_condload object| utag object| dataLayer object| kfAnalytics object| tealiumDataLayer object| certonaResx function| callCertona function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| woosmap object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| br_data number| monetateT object| monetateQ undefined| _ object| optimizely number| startTime number| duration object| monetate number| urlLength number| subUrlLength object| BrTrk

17 Cookies

Domain/Path Name / Value
.diy.com/ Name: dtCookie
Value: v_4_srv_-2D3_sn_T9H2FE6VHF31GI436FGK3GGLLEP7F3HG
.diy.com/ Name: rxVisitor
Value: 1708704196588C1FMJL7JN9U8PE5865H5GQLQU4MQPG2I
.diy.com/ Name: TAsessionID
Value: 03ecb6a8-ac2c-48df-b16b-ceded39a7ac1|NEW
.diy.com/ Name: notice_behavior
Value: implied,eu
.diy.com/ Name: dtSa
Value: -
www.diy.com/ Name: abv2-cid
Value: b13321d5-a357-4bf0-b985-1b0fc075425c
.diy.com/ Name: utag_main__sn
Value: 1
.diy.com/ Name: utag_main__se
Value: 1%3Bexp-session
.diy.com/ Name: utag_main__ss
Value: 1%3Bexp-session
.diy.com/ Name: utag_main__st
Value: 1708705997319%3Bexp-session
.diy.com/ Name: utag_main_ses_id
Value: 1708704197319%3Bexp-session
.diy.com/ Name: utag_main__pn
Value: 1%3Bexp-session
.diy.com/ Name: optimizelyEndUserId
Value: oeu1708704197697r0.6551504561797079
.diy.com/ Name: mt.v
Value: 2.1075468731.1708704197745
.diy.com/ Name: _br_uid_2
Value: uid%3D8339462848905%3Av%3D13.0%3Ats%3D1708704198027%3Ahc%3D1
.diy.com/ Name: rxvt
Value: 1708705998184|1708704196588
.diy.com/ Name: dtPC
Value: -3$504196586_853h-vARJQAKAKHARGARHUEHLLAICKAIFSHGNW-0e0

3 Console Messages

Source Level URL
Text
rendering warning URL: https://www.diy.com/skins/common/js/jquery.bundle.min.js?seed=AADosdaNAQAARLrUJF7ojueZ96SIEvDpj2jURD0cN2GUryxkUHrnvMBG6uGR&jDRBGbR12T--z=q
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering warning URL: https://www.diy.com/skins/common/js/jquery.bundle.min.js?seed=AADosdaNAQAARLrUJF7ojueZ96SIEvDpj2jURD0cN2GUryxkUHrnvMBG6uGR&jDRBGbR12T--z=q
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering warning URL: https://www.diy.com/skins/common/js/jquery.bundle.min.js?seed=AADosdaNAQAARLrUJF7ojueZ96SIEvDpj2jURD0cN2GUryxkUHrnvMBG6uGR&jDRBGbR12T--z=q
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com;style-src * data: 'unsafe-inline'; font-src * data: ;
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a20678180166.cdn.optimizely.com
api.woosmap.com
ccl-prod.cache.ap.digikfplc.com
cdn.optimizely.com
cdns.brsrvr.com
consent.trustarc.com
consent.truste.com
edge1.certona.net
f.monetate.net
ff8czqdm.r.eu-west-1.awstrack.me
logx.optimizely.com
maps.googleapis.com
p-eu.brsrvr.com
sdk.woosmap.com
se.monetate.net
tags.tiqcdn.com
www.diy.com
104.22.50.214
104.22.51.214
108.129.58.254
13.249.9.20
23.215.21.78
23.38.98.119
23.45.238.128
2600:9000:2117:d600:1f:e5ef:1e80:93a1
2600:9000:26db:9600:7:2bfb:7c00:93a1
2a00:1450:4001:812::200a
2a02:26f0:3500:88e::13b8
3.161.82.53
34.111.140.246
34.224.134.33
52.213.34.91
63.32.236.30
99.84.88.94
04a1b90a0fc1cc1ae74810a5e3f6a38d71a7bf977a7eb2917d3efea566fb68e9
07d08f41545e81f76c74cd6c9f655ce80419c72db2f4460c4a59808ec53fb9d2
0bc6649d2943e76bc5dc4c8ccf9d97dab669705bc7a9051f2a4e9b9a7f31023f
0d25aa9d3f296f792ada1874a3aa08555c3b43493441c8d860d76a144ac74c94
10da106759ae6c9aa2712c69c3ce1655b85e476eff00ca87875c0a834cd02b46
11899def9370a9bf4c72943b09e89b06637854e2ee9b8559f837c07257f54f78
1b57ace9332ab869585b3f72ad04a6123bf267b8abc3fb6bdecc888b1d78597d
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
2072c955b2396515dec3a38421ed9bf6f13001781b8bd1eaba1e75f2eda24beb
219082c2e60f64f1b33eb165c534796cfbcd4b0e269f827e3bd208bf6853bc67
2345ee038c30c2ff6bc5c288ca99f522808d8ebfc33940e2ea619e7aad99b28a
2810cf878e9b2dbbac6f1bd9191d11652c143e76eaaf6f58c4a572aa460c2ea0
2e75883bfce103e0b7c12d7aab775535529609a554473638286eb6264e5ca046
34cf6eaf75a41d0074b51d3628bd44fee78f2dab3cbfd20abb1617f85a02e725
384b6fc69c90f63c976359322e3f8911bf0168e3b7f8c55bc72b7b47eb4941f4
3b0e62a89d588061fa2db1585d01edbb90582e18ce08a477197e6d2554531fdc
3b154a9000f87573bb3d8b75a2ef46b2a492b9cb1e04f82944b1350e08da3197
3ecbdb375567718b473745dc1f790f23580f6fa98a9df4c97d28845b5eddf9c5
407789bcab0dfc2795b0ed1838cb25af0f18a7efbfb74651910cd1af4bcd00be
4640afcca2709e8c2f2406f9da022e770a0ffbfcae7df17427bf1bc50bf5bc89
47cc9a4759abc29ebc3de104db1977c46e95bcec41d1ad57cad8b8ba353ea5a9
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
64b825648a8abd527021f7d13b366324cb7426ab73c7216dc7472a059d2d4b60
65712b15a57059cc28bdbf4caa056f19d4719740a4aea219ad3db2c065864eb2
662b16c7b576eddeb77bb0a322d100d2e13b674484edc49df285af6edc6c7d6d
6a9bcac2dffe179e80dc2411e6bcf571a705af0ca0d2ef0fd9a36902b9512479
7242e409e5ab92c91fa72b998c9c75267e6c1990e3f94f4a7ffe695f8302ffd9
75975d31122d2e8d108d1d7013a637ffb48974d2f0513bd72f03fafe2e6eb11f
7663886c298130e6d7d3902808466cf4e8f94cbde20f361c7739300e139ca0f3
773ce40b36abc6eb6176a8c751dd33755a9fd16bd4b2a4095fb5b27aac674662
7813e27b6f622494f08afea9e31b4434f477d01d04928604970acc7d69f889fd
7f6190369c27ce2c898e47f3e8c9973411fc69d3f15f8960f77fec1dc6a3a56b
835cfd875792323572e799e6b7ead73a71ee696b8001bfcaf84ee23e7e41db04
91f3f1b3b1278d61138cdd9d1eaf1a386b7bcd3a5cc92674b4ef7db03c5340e8
92a5b421af88d97dbabdded78fe0708c06da65547d4cc91a873dea71c77e85d9
980411ff8e878d7fe44930c9019f533d7528ebf201cd19dcbf5858b205ff0ec0
98698b13f4768dfaec8a300d144d462bb6131e01252d941abb11ace9f5f34bcd
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a92bbe8f02408c8aefccb584065314a96a166a3daeac4ca4329927962341c52
9aaf37e1ce1c8678124c75bb51804c9164636e6184d24ea954c62565d872de5b
9af2a9d01e4171f8d4a6021c4119fcd4bf1429be648765ecab011f98ae8a201a
9c5ae2c3bc3b94d4ac82f5e9586eca64eb986b94804a2c7cad3557d4f7fd9428
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a36c1ae061e81b9a978296f35b0a6c1560fccca46c5319f61da9f737e997a698
a3a3877b36ce26661576a2b52eb0baccd0f4cf211621dbabab0b63b9b0bd18ce
ac000a9ca9ca474a3632efdc9f1e9db1f61c9e257da81d7274be1622c843a757
ad241dc799286a50a5cd70fe3e88bd0571306eea56f86df7f56c1e000ef88c3e
b84406635f3e9cd908aa31f3df9de5e0eca546418b9ac969f806b8e678fc2cc4
b954d32d2bf40fd8e659d475470ada574e10a535800948c99a2def184233d11d
babf764d1521a31e413d072542b0cd3d059b0028160a7a7077e5a2433d5110b6
bbabb59d22659ea644d0e3f827ffed06b71dc81795da426b781e8555edb5d1b3
be8c30430cf0ae7887aa1ebf0fdf545de4434c394ff49ff14455824defb3e236
bea6e9edc128ca7dc2ef1cf8b40eb0221468b5e7bc44954c616792750e166adc
c8bb476d5085390e8a7a6fe07b7041a0aa5bf9769e019f8ec9a66198b6a4b5b0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ce53855e5a1f9b5355e66f0accd3fbff710ae4718e06003623af5b9ce111ff2f
ced250a69d2df795b025167d2906aed5eae452c0a83b5105cf6ca839c6c28877
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d01b51120a0f4ff875a7b5aeb8bd78ae55f5e2fd48b6a2618e2b6ebe37575f80
d8a36778153292138dffecf9983dfb48745f028bdfa1c49bc591caacce778764
dda8832d4b240ed32011510eb39c926f77919bfa5fea0a5780c89dee7425818d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5afe90ec74b143c30c05e45be2328b800e6ac787be276fab654726413eb7994
eb2eefba91eb05ee6f1c1ce64eeed82fa4250614df768bc123b944cddbdd02e6
ed734600889e84edcdf63d67266b8949474fc89542091d09803412183dd8524c
eed54fd7593a60f6530ff91672334210b11e5a29a228e9dc7d22ca354a8a7129
f1797cd3ee2ddb6d6c690cad3574302ee1d1c4256933e040e7869866d26cec5b
f9972a93974d889581e3b1193156b573dabba2211e08a110b745cbb37d539342