URL: https://www.tsb.co.nz/
Submission Tags: @phish_report
Submission: On September 02 via api from FI — Scanned from NZ

Summary

This website contacted 21 IPs in 4 countries across 16 domains to perform 78 HTTP transactions. The main IP is 2600:1415:2000::17ca:e648, located in Sydney, Australia and belongs to AKAMAI-ASN1, NL. The main domain is www.tsb.co.nz.
TLS certificate: Issued by R11 on July 24th 2024. Valid for: 3 months.
This is the only time www.tsb.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2600:1415:200... 20940 (AKAMAI-ASN1)
36 23.32.5.119 20940 (AKAMAI-ASN1)
1 18.67.110.87 16509 (AMAZON-02)
1 18.67.110.70 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2404:6800:400... 15169 (GOOGLE)
3 23.77.150.189 16625 (AKAMAI-AS)
2 2620:1ec:bdf::31 8075 (MICROSOFT...)
5 184.24.248.178 16625 (AKAMAI-AS)
2 157.240.8.23 32934 (FACEBOOK)
2 151.101.129.175 54113 (FASTLY)
1 103.237.104.82 53580 (MARKETO)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 2 142.250.76.102 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 142.250.67.3 15169 (GOOGLE)
8 103.237.104.73 53580 (MARKETO)
1 2 52.231.230.148 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 35.241.45.82 15169 (GOOGLE)
78 21
Apex Domain
Subdomains
Transfer
38 tsb.co.nz
www.tsb.co.nz
351 KB
13 marketo.com
snrtp-cdn.marketo.com
rtp-static.marketo.com — Cisco Umbrella Rank: 56055
snrtp1.marketo.com
213 KB
4 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 1114
f.clarity.ms Failed
c.clarity.ms — Cisco Umbrella Rank: 1838
29 KB
3 doubleclick.net
4214544.fls.doubleclick.net
ad.doubleclick.net Failed
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
979 B
3 kampyle.com
nebula-cdn.kampyle.com — Cisco Umbrella Rank: 7396
udc-neb.kampyle.com — Cisco Umbrella Rank: 3965
83 KB
3 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 8471
7 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
296 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
3 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
72 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 341
771 B
1 google.co.nz
www.google.co.nz — Cisco Umbrella Rank: 20621
63 B
1 google.com
analytics.google.com — Cisco Umbrella Rank: 238
1 mktoresp.com
454-ize-737.mktoresp.com
487 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1314
10 KB
1 staticcdn.co.nz
staticcdn.co.nz — Cisco Umbrella Rank: 430861
1 KB
1 shielded.co.nz
shielded.co.nz — Cisco Umbrella Rank: 728267
6 KB
78 16
Domain Requested by
38 www.tsb.co.nz www.tsb.co.nz
www.googletagmanager.com
www.clarity.ms
8 snrtp1.marketo.com snrtp-cdn.marketo.com
rtp-static.marketo.com
4 rtp-static.marketo.com snrtp-cdn.marketo.com
3 munchkin.marketo.net www.tsb.co.nz
munchkin.marketo.net
3 www.googletagmanager.com www.tsb.co.nz
www.googletagmanager.com
2 c.clarity.ms 1 redirects
2 4214544.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 www.facebook.com www.tsb.co.nz
2 nebula-cdn.kampyle.com www.googletagmanager.com
nebula-cdn.kampyle.com
2 connect.facebook.net www.tsb.co.nz
connect.facebook.net
2 www.clarity.ms www.tsb.co.nz
www.clarity.ms
1 udc-neb.kampyle.com
1 c.bing.com 1 redirects
1 www.google.co.nz www.tsb.co.nz
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 454-ize-737.mktoresp.com munchkin.marketo.net
1 snrtp-cdn.marketo.com www.tsb.co.nz
1 unpkg.com www.tsb.co.nz
1 staticcdn.co.nz www.tsb.co.nz
1 shielded.co.nz www.tsb.co.nz
0 f.clarity.ms Failed www.clarity.ms
0 ad.doubleclick.net Failed www.tsb.co.nz
78 23
Subject Issuer Validity Valid
www.tsb.co.nz
R11
2024-07-24 -
2024-10-22
3 months crt.sh
shielded.co.nz
Amazon RSA 2048 M02
2024-08-23 -
2025-09-20
a year crt.sh
staticcdn.co.nz
Amazon RSA 2048 M02
2024-08-30 -
2025-09-27
a year crt.sh
unpkg.com
WE1
2024-07-28 -
2024-10-26
3 months crt.sh
*.google-analytics.com
WR2
2024-08-05 -
2024-10-28
3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2023-12-07 -
2024-12-07
a year crt.sh
*.marketo.com
DigiCert TLS RSA SHA256 2020 CA1
2023-12-08 -
2024-12-11
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-06-11 -
2024-09-09
3 months crt.sh
*.kampyle.com
SSL.com RSA SSL subCA
2023-11-07 -
2024-12-07
a year crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-15 -
2025-09-15
a year crt.sh
*.doubleclick.net
WR2
2024-08-05 -
2024-10-28
3 months crt.sh
*.google.com
WR2
2024-08-05 -
2024-10-28
3 months crt.sh
*.g.doubleclick.net
WR2
2024-08-05 -
2024-10-28
3 months crt.sh
*.google.co.nz
WR2
2024-08-05 -
2024-10-28
3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.tsb.co.nz/
Frame ID: 682A95D4B40EA83CBFD14FDB9713CB11
Requests: 78 HTTP requests in this frame

Frame: https://4214544.fls.doubleclick.net/activityi;dc_pre=CLiAhfO-pIgDFTKpZgId9JcBMw;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F
Frame ID: E2EFB16C17FFE013DACEF2FC0092D3C2
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: BFB3EDC131A727A21C25FD8DB04A66C1
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 9F49A0749AA14820B8C1B791FED744B6
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

The perfect amount of bank | TSB

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

78
Requests

95 %
HTTPS

38 %
IPv6

16
Domains

23
Subdomains

21
IPs

4
Countries

1070 kB
Transfer

3357 kB
Size

23
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49
  • https://4214544.fls.doubleclick.net/activityi;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F HTTP 302
  • https://4214544.fls.doubleclick.net/activityi;dc_pre=CLiAhfO-pIgDFTKpZgId9JcBMw;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F
Request Chain 77
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=050BC1E8A2424DAE9558524A2C8CFE88&RedC=c.clarity.ms&MXFR=330DDC8E0A3A602C34CDC8600E3A6E79 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=050BC1E8A2424DAE9558524A2C8CFE88&MUID=320C8E9DED326C1F1A229A73ECA26DE2

78 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.tsb.co.nz/
119 KB
19 KB
Document
General
Full URL
https://www.tsb.co.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1415:2000::17ca:e648 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
ffd1091010e051a8a2614601a6a15480c6c82db983abb95354c1bae68377c8f9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Alt-Svc
h3=":443"; ma=93600
Cache-Control
max-age=600, public
Connection
keep-alive
Content-Encoding
br
Content-Language
en
Content-Length
17363
Content-Security-Policy
default-src 'self' 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 Sep 2024 14:41:04 GMT
ETag
"1725288063-br"
Expires
Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified
Mon, 02 Sep 2024 14:41:03 GMT
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Cookie,Accept-Encoding
X-Amz-Cf-Id
7hnMiU9ITHk2FeXK7Lpdg6sK1cT45vDUs3PlPFVYWPx1CJ3zPu7Dmg==
X-Amz-Cf-Pop
SYD62-P3
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
0
css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrs...
www.tsb.co.nz/sites/default/files/css/
250 KB
40 KB
Stylesheet
General
Full URL
https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1415:2000::17ca:e648 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6992a15f0f21ebb0cdf8ceed9163d84f150bee78148e954cbb96fd4e2dfdebe3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Mon, 02 Sep 2024 14:41:05 GMT
X-Original-Content-Length
256022
X-Amz-Cf-Pop
SYD62-P3
Connection
keep-alive
Alt-Svc
h3=":443"; ma=93600
Content-Length
39855
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 29 Aug 2024 19:07:07 GMT
ETag
W/"0"
Vary
Cookie,Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=31466501
X-Amz-Cf-Id
QL7KZ6Uwh1-SiWBY57D4xFWzfuCQCF4y2lHyOwTPkVOLAXHIv1ofCw==
Expires
Mon, 01 Sep 2025 19:22:46 GMT
js_zXHb2_fi6Lu3Ud9-zDEneUSRmOFdnxjr7fY4Fs2Jwb8.js,qscope=header,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhq...
www.tsb.co.nz/sites/default/files/js/
92 KB
32 KB
Script
General
Full URL
https://www.tsb.co.nz/sites/default/files/js/js_zXHb2_fi6Lu3Ud9-zDEneUSRmOFdnxjr7fY4Fs2Jwb8.js,qscope=header,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.Hy26AaXkjQ.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
54c3efbdfca5f0a68b2fe25942ec652c41ae5ce6e07baca2b9f1a895409adfbe
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:04 GMT
x-original-content-length
94588
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
32606
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 11:53:53 GMT
etag
W/"0-gzip"
vary
Cookie,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31465942
x-amz-cf-id
3zmQcG6BwElF5OfcjVjlc25__BOOhvS2jrW6u0Z-HqQc7lx_T78Rlw==
expires
Mon, 01 Sep 2025 19:13:26 GMT
logo.svg
www.tsb.co.nz/themes/TSB/
2 KB
900 B
Image
General
Full URL
https://www.tsb.co.nz/themes/TSB/logo.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b8710e59c134288dfa22585733639c1e70b133850bf414ee097f9e73eb4d8eee
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRPV2NiZGRvVDAwNFcwVm50dUV2d0FBQUEw'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRPV2NiZGRvVDAwNFcwVm50dUV2d0FBQUEw'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRPV2NiZGRvVDAwNFcwVm50dUV2d0FBQUEw'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'nonce-WnRPV2NiZGRvVDAwNFcwVm50dUV2d0FBQUEw'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRPV2NiZGRvVDAwNFcwVm50dUV2d0FBQUEw'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRPV2NiZGRvVDAwNFcwVm50dUV2d0FBQUEw'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date
Mon, 02 Sep 2024 14:41:04 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
871
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 10:31:17 GMT
etag
W/"763-620bbdbb1bb28"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
x-amz-cf-id
dKamKybw3G20cS6EFi8GbXbI9Pg_jRK2KRNPtrmu8Ik-b7hLH03XAw==
expires
Tue, 02 Sep 2025 05:51:49 GMT
44x44xphone-cropped_360.png.pagespeed.ic.FLEQNCv2oY.png
www.tsb.co.nz/sites/default/files/menu_icons/
2 KB
2 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xphone-cropped_360.png.pagespeed.ic.FLEQNCv2oY.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5b38685c3ce8b9d7e1bdf8779cd7ac5983028f904dfeccdd350d83c416ba1c3d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
2349
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
2167
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 31 Aug 2024 11:22:15 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31517912
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/phone-cropped_360.png>; rel="canonical"
x-amz-cf-id
6Q8VQYINrtqwU8pN20VdcnilwcXVuw2kC0kd0PhRzdcPFjNHTK3ZvA==
expires
Tue, 02 Sep 2025 09:39:37 GMT
44x44xmarker-pin-01.png.pagespeed.ic.zrahnGoRhi.png
www.tsb.co.nz/sites/default/files/menu_icons/
1 KB
2 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xmarker-pin-01.png.pagespeed.ic.zrahnGoRhi.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
229153c7c6646487031d2e5f8be0ec43a58bb341dcb5417fb0ae480efd4ac162
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
3416
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1532
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 31 Aug 2024 11:22:15 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31495278
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/marker-pin-01.png>; rel="canonical"
x-amz-cf-id
4C_qERSqVEnU5ZTSGgV7taFIfQZtq-KLjBwxUPyeN8dT_wEcIRYL6A==
expires
Tue, 02 Sep 2025 03:22:23 GMT
send-cropped_360.png.pagespeed.ce.5QoYwDWBj9.png
www.tsb.co.nz/sites/default/files/menu_icons/
2 KB
2 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/send-cropped_360.png.pagespeed.ce.5QoYwDWBj9.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6d85c6b6712f50bf6b61aeb1d96103d99903abb4d3fdba53ccf96552d9f86fcf
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
1652
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1652
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Jun 2023 21:45:34 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31487506
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/send-cropped_360.png>; rel="canonical"
x-amz-cf-id
_qGHCXLJOly4EeYZh1F03x1xw7nlM-s8KqKitUjQnH6XNto8DXi_cQ==
expires
Tue, 02 Sep 2025 01:12:51 GMT
Homepage-transparent.webp
www.tsb.co.nz/sites/default/files/styles/home_hero_large_1x/public/2023-06/
18 KB
18 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/styles/home_hero_large_1x/public/2023-06/Homepage-transparent.webp?itok=lOPxUY1-
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e9b29db4f9339b5c9320c9dc1a64c95d0b099c3529514803addc148ec8774b2c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Mon, 02 Sep 2024 14:41:04 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:04 GMT
x-content-type-options
nosniff
x-original-content-length
19136
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
18854
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
etag
W/"PSA-aj-UPvd9KIQUj"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=0, no-cache, no-store
x-amz-cf-id
A8g1O0z1tcQkD5AhM5_DvZ75V__ZAqgET-tytoAKBDj-JCYk5KUJRA==
quic-version
0x00000001
ApplyPay-now-at-TSB.webp
www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2024-08/
7 KB
7 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2024-08/ApplyPay-now-at-TSB.webp?h=94a077d4&itok=wiOdVOc4
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a2df8a1ea57ff1a48259665a5aae51c21df18d91406f0a3e3623afb26c60c31d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires
Mon, 02 Sep 2024 14:41:04 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:04 GMT
x-content-type-options
nosniff
x-original-content-length
7416
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
7322
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
etag
W/"PSA-aj-34gZ9OeJlY"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=0, no-cache, no-store
x-amz-cf-id
OwyIDYCcqg748oazg_sTfzKJ2ggD2h_frZBEgr3dSYj5pGCE5IQK8A==
quic-version
0x00000001
Splayed_credit_cards_DF2305161%20WEB%20-%20Website%20refresh%20project%20images%201224x918px%20R02-Audi%20%282%29_1.webp
www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2023-07/
9 KB
9 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2023-07/Splayed_credit_cards_DF2305161%20WEB%20-%20Website%20refresh%20project%20images%201224x918px%20R02-Audi%20%282%29_1.webp?h=94a077d4&itok=WKQCQTiZ
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6acd54f2994ad7633ebed65bf2bf2349922118b715731763482a6cb2f802bf18
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRVV2JXa3Rld3FUT2RyZkw4amFfd0FBQUE4'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVV2JXa3Rld3FUT2RyZkw4amFfd0FBQUE4'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVV2JXa3Rld3FUT2RyZkw4amFfd0FBQUE4'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRVV2JXa3Rld3FUT2RyZkw4amFfd0FBQUE4'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVV2JXa3Rld3FUT2RyZkw4amFfd0FBQUE4'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVV2JXa3Rld3FUT2RyZkw4amFfd0FBQUE4'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
9686
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 18 Aug 2024 06:08:44 GMT
etag
"25d6-61fef065641e8"
x-frame-options
SAMEORIGIN
vary
Cookie
cache-control
max-age=31488877
accept-ranges
bytes
x-amz-cf-id
vX6HB7jKbHPLc2FE3bPfScwO1dpZVAHWAF85XsAyOy89H41dM3YDdQ==
expires
Tue, 02 Sep 2025 01:35:42 GMT
xTSB-card-control.png.webp,qitok=itPKiWa2.pagespeed.ic.lc-QTU6_g1.webp
www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/
5 KB
5 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/xTSB-card-control.png.webp,qitok=itPKiWa2.pagespeed.ic.lc-QTU6_g1.webp
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0c91d9180a4fbd8d7a81f954632dfcc5570720d01ff2be2f3cd3f899e1d65677
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
5320
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
5222
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 01 Sep 2024 18:45:05 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=31487883
link
<https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/TSB-card-control.png.webp?itok=itPKiWa2>; rel="canonical"
x-amz-cf-id
1bQ0Zr_yB9wwsCVnhQlZTfYhabjdpCLZP91g_2TrZJdeBie75g0q-Q==
expires
Tue, 02 Sep 2025 01:19:08 GMT
xChubb-Insurance.png.webp,qitok=DPhNUIiZ.pagespeed.ic.r_d9XGaysi.webp
www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/
55 KB
55 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/xChubb-Insurance.png.webp,qitok=DPhNUIiZ.pagespeed.ic.r_d9XGaysi.webp
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e79b999464b8a504fef7e85f011be9ccdbd7442d324d6d6af8dbba5bb590a0c6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:06 GMT
x-content-type-options
nosniff
x-original-content-length
56580
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
55848
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 30 Aug 2024 04:10:19 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=31488163
link
<https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/Chubb-Insurance.png.webp?itok=DPhNUIiZ>; rel="canonical"
x-amz-cf-id
SFwekGMXypN3t88zO9ARnWmx-CF9H-igDRnppbsiaolEt9bRve1QtA==
expires
Tue, 02 Sep 2025 01:23:49 GMT
xTSB-stay-safe-from-cyber-crime.png.webp,qitok=8hofcVoQ.pagespeed.ic.enr7ONJ7IC.webp
www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/
14 KB
14 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/xTSB-stay-safe-from-cyber-crime.png.webp,qitok=8hofcVoQ.pagespeed.ic.enr7ONJ7IC.webp
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0c82a95daa5ef40bf810ade32aad3a375ed14df6966ea1bd65520d6a85029975
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
14844
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
14204
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 30 Aug 2024 04:10:20 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
max-age=31503135
link
<https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/TSB-stay-safe-from-cyber-crime.png.webp?itok=8hofcVoQ>; rel="canonical"
x-amz-cf-id
0fDj9dCdm4mQJ3aUcDetJI46YWuScbnqlZZ4SWCJpC3IRse2EFLZzA==
expires
Tue, 02 Sep 2025 05:33:20 GMT
44x44xlogo-fb.png.pagespeed.ic.Ionhj6-_zy.png
www.tsb.co.nz/sites/default/files/menu_icons/
838 B
876 B
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-fb.png.pagespeed.ic.Ionhj6-_zy.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9e056e574bfbca2ce3ec6cb73b68750db9bd29d91c3471add8b8db217f78a275
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
1967
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
838
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 31 Aug 2024 11:22:15 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31532499
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/logo-fb.png>; rel="canonical"
x-amz-cf-id
kC1zfJCBI8bSaZIey5SMCD6Twi5Jm2mgBrrwPkZVlSWSOzk18whh1Q==
expires
Tue, 02 Sep 2025 13:42:44 GMT
44x44xlogo-ig.png.pagespeed.ic.keeuOmrj0q.png
www.tsb.co.nz/sites/default/files/menu_icons/
1 KB
1 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-ig.png.pagespeed.ic.keeuOmrj0q.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
79caa592cde5bfd0a417bf66926410d967a5334c9f0d1990671456e5bd4f5ce8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:06 GMT
x-content-type-options
nosniff
x-original-content-length
3284
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1172
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 18:48:26 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31524079
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/logo-ig.png>; rel="canonical"
x-amz-cf-id
Skp9UcFFZguRCdw_H0Ib0kV9ULQw3Lja2DV60X244kQC_6pDx0zOBg==
expires
Tue, 02 Sep 2025 11:22:25 GMT
44x44xlogo-ln.png.pagespeed.ic.pn2yfO5xMn.png
www.tsb.co.nz/sites/default/files/menu_icons/
911 B
941 B
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-ln.png.pagespeed.ic.pn2yfO5xMn.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
00e23df10377c1a86b7e881fd0e8e209b08c89a0fd3a9437d3e56d6087398f60
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
2135
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
911
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 30 Aug 2024 03:46:47 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31525081
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/logo-ln.png>; rel="canonical"
x-amz-cf-id
TKLrgBSiwXwLQCSNHb_zpcCEjODcHpmvU80TZRXuEDIQDRPnGBIoPg==
expires
Tue, 02 Sep 2025 11:39:06 GMT
44x44xlogo-yt.png.pagespeed.ic.jqV-2ZATyE.png
www.tsb.co.nz/sites/default/files/menu_icons/
1017 B
1 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-yt.png.pagespeed.ic.jqV-2ZATyE.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5a33562cad9eb06c691cb48e26df44406a7eab40b986d508d0927d70d77dd0d2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:05 GMT
x-content-type-options
nosniff
x-original-content-length
2300
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1017
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Aug 2024 21:33:11 GMT
etag
W/"0"
vary
Cookie
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=31487262
link
<https://www.tsb.co.nz/sites/default/files/menu_icons/logo-yt.png>; rel="canonical"
x-amz-cf-id
Iw19aUBkt6ZAu09Bqqs11EvsyCdFvNS5b9H6i5ghYQ3Tq9VpkYU3Ug==
expires
Tue, 02 Sep 2025 01:08:47 GMT
custom-logo.png
shielded.co.nz/img/
5 KB
6 KB
Image
General
Full URL
https://shielded.co.nz/img/custom-logo.png
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.110.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-110-87.syd62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 08:28:00 GMT
via
1.1 8008f773a176223da2278b5cb39f91fa.cloudfront.net (CloudFront)
last-modified
Sun, 18 Aug 2024 23:43:34 GMT
server
AmazonS3
x-amz-cf-pop
SYD62-P2
age
540786
etag
"2f18dfdc1b2bd0a11ee9f61d44043a91"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
5432
x-amz-cf-id
GpiqqGGX1aRRxyMPSQRQcW87fyxZDOqrDeSmq5iqhNUw0gy9vG5EdA==
embed.js
staticcdn.co.nz/embed/
2 KB
1 KB
Script
General
Full URL
https://staticcdn.co.nz/embed/embed.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.110.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-110-70.syd62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6a8996a4866b94877454218ae2202c8d1ac982a1a7d4870b07820d1b88fd576a

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 27 Aug 2024 08:28:00 GMT
content-encoding
br
via
1.1 f3405208f368b682f8c8a96590ab1596.cloudfront.net (CloudFront)
x-amz-version-id
NaB52IBAvuJ49tFzlqzcmR789FA.blOC
last-modified
Sun, 18 Aug 2024 23:16:04 GMT
server
AmazonS3
x-amz-cf-pop
SYD62-P2
age
540786
x-amz-server-side-encryption
AES256
etag
W/"a1c190aa2496322a03d0e1a782b5f5f5"
vary
accept-encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=604800, public
x-amz-cf-id
JX7C10da75tgQwLDJ10yGstIWpe5lvqg4OAIQewqw0nN5M00EKDGrw==
js_O5H1FEGhTszFqn8qgxi6dJLbg5wYmeAvKE2AS9eqZ64.js,qscope=footer,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhq...
www.tsb.co.nz/sites/default/files/js/
158 KB
42 KB
Script
General
Full URL
https://www.tsb.co.nz/sites/default/files/js/js_O5H1FEGhTszFqn8qgxi6dJLbg5wYmeAvKE2AS9eqZ64.js,qscope=footer,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.yUwXvse6_K.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1af1da6717bf645b3f5b8af41f16f7a149f0bf11e817492a2b3f711f50a6bef7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-original-content-length
161838
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
43166
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Aug 2024 01:50:52 GMT
etag
W/"0-gzip"
vary
Cookie,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31473042
x-amz-cf-id
l453kvn66-bhRNZW3WyoXvEJz1NTXHnbuS9K48wawaROvDzs-TEERw==
expires
Mon, 01 Sep 2025 21:11:47 GMT
popper.min.js
unpkg.com/@popperjs/core@2.11.8/dist/umd/
20 KB
10 KB
Script
General
Full URL
https://unpkg.com/@popperjs/core@2.11.8/dist/umd/popper.min.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f9cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c212f4b505a86352aed62b24a8f16f999f821ecbe6456c7f3c8a04bc87968782
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 14:41:05 GMT
content-encoding
br
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
10354955
last-modified
Fri, 26 May 2023 17:27:16 GMT
fly-request-id
01HX4ZN5KAD01M4H9QPFJAKR7Z-syd
server
cloudflare
etag
"4e9a-hx1u8QcL02PqOQ4MjDhOR9zn84k"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
8bce42486fff1c4d-AKL
js_A7PiLUJY9f__2yDcQR6N8Z1OxRbelk2M465IoQkqJM8.js,qscope=footer,adelta=2,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhq...
www.tsb.co.nz/sites/default/files/js/
8 KB
2 KB
Script
General
Full URL
https://www.tsb.co.nz/sites/default/files/js/js_A7PiLUJY9f__2yDcQR6N8Z1OxRbelk2M465IoQkqJM8.js,qscope=footer,adelta=2,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.jeb9tqdAtJ.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4c0e86b58a95d6cc42324dc9f51d082538b49b3762b4b210accb9b190a58443b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:06 GMT
x-original-content-length
8294
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
2457
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 12:14:54 GMT
etag
W/"0-gzip"
vary
Cookie,Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=31465883
x-amz-cf-id
vCHz5ORYxwIkIvuAW4cPAY9HZQWtKSC7cTrLaFWJzdenwvHK8qTyew==
expires
Mon, 01 Sep 2025 19:12:29 GMT
gtm.js
www.googletagmanager.com/
364 KB
111 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bc12b29df8637c88266cf0908c237d82b8afe69ea7965810e9dd5431fdf3492f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 14:41:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
113658
x-xss-protection
0
last-modified
Mon, 02 Sep 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 02 Sep 2024 14:41:05 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js?aid=tsbco
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.77.150.189 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-77-150-189.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:05 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
2e11868c8988e285301c.woff2
www.tsb.co.nz/themes/TSB/dist/
18 KB
18 KB
Font
General
Full URL
https://www.tsb.co.nz/themes/TSB/dist/2e11868c8988e285301c.woff2
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRQbUlPUWdCTlZpNDVYVzBldVdKZ0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRQbUlPUWdCTlZpNDVYVzBldVdKZ0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRQbUlPUWdCTlZpNDVYVzBldVdKZ0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Origin
https://www.tsb.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRQbUlPUWdCTlZpNDVYVzBldVdKZ0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRQbUlPUWdCTlZpNDVYVzBldVdKZ0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRQbUlPUWdCTlZpNDVYVzBldVdKZ0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
18664
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 10:35:05 GMT
etag
"48e8-620bbe952e0b3"
x-frame-options
SAMEORIGIN
vary
Cookie,accept-encoding
content-type
application/font-woff2
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
Y7w_BUV2g0MEI8jyo1rqGYuD1CH_cUg1PpgDqkO2mXHJvUrBb12Pxw==
expires
Tue, 02 Sep 2025 06:44:23 GMT
truncated
/
504 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba2e65e6de11b597587bdb304a49174e41a23ccd9bf20e7dec7fca7d07ffb439

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
33c6485cbb8a07c48900.woff2
www.tsb.co.nz/themes/TSB/dist/
18 KB
18 KB
Font
General
Full URL
https://www.tsb.co.nz/themes/TSB/dist/33c6485cbb8a07c48900.woff2
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
af5a9628858b383c6257068c476c25b5a8a6421b686a349a828c47f526e7f877
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRPdVVlWHg0ZG5senJJTUVoeVAzUUFBQUFR'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRPdVVlWHg0ZG5senJJTUVoeVAzUUFBQUFR'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRPdVVlWHg0ZG5senJJTUVoeVAzUUFBQUFR'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Origin
https://www.tsb.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRPdVVlWHg0ZG5senJJTUVoeVAzUUFBQUFR'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRPdVVlWHg0ZG5senJJTUVoeVAzUUFBQUFR'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRPdVVlWHg0ZG5senJJTUVoeVAzUUFBQUFR'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
18628
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 10:35:05 GMT
etag
"48c4-620bbe952e0b3"
x-frame-options
SAMEORIGIN
vary
Cookie,accept-encoding
content-type
application/font-woff2
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
_5j55LlKtEu6Iw-85jQnW64-KWfqegih7znAWzEUcvBSiT13NMH7eA==
expires
Tue, 02 Sep 2025 04:53:33 GMT
50c16efb37ef13080c94.woff2
www.tsb.co.nz/themes/TSB/dist/
18 KB
18 KB
Font
General
Full URL
https://www.tsb.co.nz/themes/TSB/dist/50c16efb37ef13080c94.woff2
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRUS2VwS3RtX3RpN3R4eHRsdEZ5QUFBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRUS2VwS3RtX3RpN3R4eHRsdEZ5QUFBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRUS2VwS3RtX3RpN3R4eHRsdEZ5QUFBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Origin
https://www.tsb.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRUS2VwS3RtX3RpN3R4eHRsdEZ5QUFBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRUS2VwS3RtX3RpN3R4eHRsdEZ5QUFBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRUS2VwS3RtX3RpN3R4eHRsdEZ5QUFBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
18232
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 10:35:05 GMT
etag
"4738-620bbe952e0b3"
x-frame-options
SAMEORIGIN
vary
Cookie,accept-encoding
content-type
application/font-woff2
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
qOgq1n-trnQL0oGaBcFTtAd-d5ZNsKqg0XfXcjAdj1IjiO_payU5wQ==
expires
Mon, 01 Sep 2025 20:11:38 GMT
18b322a60320289ab2b8.woff2
www.tsb.co.nz/themes/TSB/dist/
18 KB
18 KB
Font
General
Full URL
https://www.tsb.co.nz/themes/TSB/dist/18b322a60320289ab2b8.woff2
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
752ac7b6a1d83373e07af1ee17b3a0e4a304e9b9304b55e49d93c7ab6a1c394e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRUcXV6R0g4dzlmUkh3a2xqRWFYd0FBQUJJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRUcXV6R0g4dzlmUkh3a2xqRWFYd0FBQUJJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRUcXV6R0g4dzlmUkh3a2xqRWFYd0FBQUJJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/sites/default/files/css/css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,qdelta==0,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,qdelta==1,alanguage==en,atheme==TSB,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM.pagespeed.cc.qgO1HN889X.css
Origin
https://www.tsb.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRUcXV6R0g4dzlmUkh3a2xqRWFYd0FBQUJJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRUcXV6R0g4dzlmUkh3a2xqRWFYd0FBQUJJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRUcXV6R0g4dzlmUkh3a2xqRWFYd0FBQUJJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
18628
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 10:35:05 GMT
etag
"48c4-620bbe952e0b3"
x-frame-options
SAMEORIGIN
vary
Cookie,accept-encoding
content-type
application/font-woff2
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
XQA3iCZIlFMHlhZMHR8MbaInlEmr1k6xDkUf9OsmVqetq7coN_IIZA==
expires
Tue, 02 Sep 2025 04:49:38 GMT
icon-whats_new_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
869 B
908 B
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/icon-whats_new_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
86e6459d734e4861ef736467ab64fc8b433923d940fd39271fd923ae2c34f9b0
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRVVHpUXzN3ZVRNa0l5eUZBUzdBQUFBQUE4'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVVHpUXzN3ZVRNa0l5eUZBUzdBQUFBQUE4'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVVHpUXzN3ZVRNa0l5eUZBUzdBQUFBQUE4'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRVVHpUXzN3ZVRNa0l5eUZBUzdBQUFBQUE4'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVVHpUXzN3ZVRNa0l5eUZBUzdBQUFBQUE4'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVVHpUXzN3ZVRNa0l5eUZBUzdBQUFBQUE4'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
869
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:25 GMT
etag
"365-6090055dea6e8"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
drrpA9okNsyXxP6dzGEazulH5badUmuzUh-77QHQx-krOV8kPcQrzA==
expires
Tue, 02 Sep 2025 01:24:29 GMT
icon-products_services_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
3 KB
1 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/icon-products_services_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
414277d359e2c453607104f2495ac2af09fa15c2ccaf2e485d3933e5727f348d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRVeHA1SExYbnB3MW93MFItM0tIZ0FBQUFB'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVeHA1SExYbnB3MW93MFItM0tIZ0FBQUFB'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVeHA1SExYbnB3MW93MFItM0tIZ0FBQUFB'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'nonce-WnRVeHA1SExYbnB3MW93MFItM0tIZ0FBQUFB'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVeHA1SExYbnB3MW93MFItM0tIZ0FBQUFB'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVeHA1SExYbnB3MW93MFItM0tIZ0FBQUFB'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1079
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:29 GMT
etag
W/"aa1-6090056170498"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
x-amz-cf-id
FUQYimB0xYKP-ygGeMFBHWDYtybNbo3N5KYyH8edKn9ZGSGFkNTlNA==
expires
Tue, 02 Sep 2025 03:31:51 GMT
icon-rates_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
3 KB
1 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/icon-rates_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e2fed2719e47f4428f31b5f6d8584ed8b6848f9b3586644e070749341806344e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRWTG5JdVRCM3U0Mmg3VU01Y0wyd0FBQUFN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRWTG5JdVRCM3U0Mmg3VU01Y0wyd0FBQUFN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRWTG5JdVRCM3U0Mmg3VU01Y0wyd0FBQUFN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'nonce-WnRWTG5JdVRCM3U0Mmg3VU01Y0wyd0FBQUFN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRWTG5JdVRCM3U0Mmg3VU01Y0wyd0FBQUFN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRWTG5JdVRCM3U0Mmg3VU01Y0wyd0FBQUFN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1348
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:30 GMT
etag
W/"d11-60900562fc488"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
x-amz-cf-id
0mBsTJfCMPnmFtu7nLMlZ_FhbvJctGYY-hZjvBSydSvcBxXJPX3EiQ==
expires
Tue, 02 Sep 2025 05:22:36 GMT
icon-apply_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
3 KB
1 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/icon-apply_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e5c2dd00df7892f31ac96aa60a9b2b2b28f90400fb38ffea648f1c9ba73769bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRWTUQxTE5iUXlnellxNDhLaUxNd0FBQUE4'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRWTUQxTE5iUXlnellxNDhLaUxNd0FBQUE4'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRWTUQxTE5iUXlnellxNDhLaUxNd0FBQUE4'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'nonce-WnRWTUQxTE5iUXlnellxNDhLaUxNd0FBQUE4'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRWTUQxTE5iUXlnellxNDhLaUxNd0FBQUE4'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRWTUQxTE5iUXlnellxNDhLaUxNd0FBQUE4'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1207
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:32 GMT
etag
W/"aa0-609005643b218"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
x-amz-cf-id
1fq37LL07yFN_8ErvFr2frVH0CRH6mtWZvVpWLju7soUntgHQWQBhw==
expires
Tue, 02 Sep 2025 05:24:31 GMT
icon-calculators_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
4 KB
1 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/icon-calculators_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bedfc97fc67ea23fe97336f8c0032203f1b08f889e0ee6bb3d8a2ff3da4f8baa
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRVU1dIQmlLMC1kNzNIczduT0VYd0FBQUFR'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVU1dIQmlLMC1kNzNIczduT0VYd0FBQUFR'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVU1dIQmlLMC1kNzNIczduT0VYd0FBQUFR'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'nonce-WnRVU1dIQmlLMC1kNzNIczduT0VYd0FBQUFR'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVU1dIQmlLMC1kNzNIczduT0VYd0FBQUFR'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVU1dIQmlLMC1kNzNIczduT0VYd0FBQUFR'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
1156
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:33 GMT
etag
W/"ef3-609005650a680"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
x-amz-cf-id
-02pHW_OIfDNmf3_Uw-_wesO2wxhQ4g4pbDU0LI-wWClI5l1-PhAmg==
expires
Tue, 02 Sep 2025 01:18:16 GMT
icon-help_support_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
4 KB
2 KB
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/icon-help_support_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b8666c40390e333bbbef6b67ce910ed6fc73c7b7c4476f48b3be06fbe2198a2d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRVU1B1b3pINmdEWFhyRXA0NE9Ud0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVU1B1b3pINmdEWFhyRXA0NE9Ud0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVU1B1b3pINmdEWFhyRXA0NE9Ud0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'nonce-WnRVU1B1b3pINmdEWFhyRXA0NE9Ud0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVU1B1b3pINmdEWFhyRXA0NE9Ud0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVU1B1b3pINmdEWFhyRXA0NE9Ud0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date
Mon, 02 Sep 2024 14:41:05 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
2172
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:33 GMT
etag
W/"11ae-60900565895c0"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
x-amz-cf-id
xoeUxaLWNXAUt9mNLZMwJdp5psdkGxPJkBUoFvqSZhHjV-LfsMAdxQ==
expires
Tue, 02 Sep 2025 01:17:50 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/js/js_O5H1FEGhTszFqn8qgxi6dJLbg5wYmeAvKE2AS9eqZ64.js,qscope=footer,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.yUwXvse6_K.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.77.150.189 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-77-150-189.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
load
www.tsb.co.nz/sitewide_alert/
21 B
60 B
Fetch
General
Full URL
https://www.tsb.co.nz/sitewide_alert/load
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/js/js_A7PiLUJY9f__2yDcQR6N8Z1OxRbelk2M465IoQkqJM8.js,qscope=footer,adelta=2,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.jeb9tqdAtJ.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
884be02526ba926246005e45c6fd619fb4e0b53265d5d82db187a35a98690d55
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2doVEExZWxWWWQtSTktU0FnZ0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2doVEExZWxWWWQtSTktU0FnZ0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2doVEExZWxWWWQtSTktU0FnZ0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' 'nonce-WnRYT2doVEExZWxWWWQtSTktU0FnZ0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2doVEExZWxWWWQtSTktU0FnZ0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2doVEExZWxWWWQtSTktU0FnZ0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Mon, 02 Sep 2024 14:41:06 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
25
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-language
en
content-type
application/json
cache-control
max-age=15, public, s-maxage=15
x-amz-cf-id
0fi7LAAsgm3YerlPdv66dM3stEmGSKG0hVnRPQ1kXz2-obVs2qTzZQ==
quic-version
0x00000001
active_icon-whats_new_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/
883 B
923 B
Image
General
Full URL
https://www.tsb.co.nz/sites/default/files/svg_images/active_icon-whats_new_05102023.svg
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
09d3c01af7d1b64385f5aea38b33807177f382f8dc3ce411548e1beb6523263e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRWTHlpSG9lVHFMTEJlV1Q0OUlRQUFBQUFJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRWTHlpSG9lVHFMTEJlV1Q0OUlRQUFBQUFJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRWTHlpSG9lVHFMTEJlV1Q0OUlRQUFBQUFJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRWTHlpSG9lVHFMTEJlV1Q0OUlRQUFBQUFJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRWTHlpSG9lVHFMTEJlV1Q0OUlRQUFBQUFJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRWTHlpSG9lVHFMTEJlV1Q0OUlRQUFBQUFJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:06 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
883
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 10:08:25 GMT
etag
"373-6090055dff6d8"
x-frame-options
SAMEORIGIN
vary
Cookie,Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000
accept-ranges
bytes
x-amz-cf-id
VgAaVng0j_YHLXVClVJPSsS8HxklkvNOfbbOYiwU39ywej4rEOm3nw==
expires
Tue, 02 Sep 2025 05:23:22 GMT
js
www.googletagmanager.com/gtag/
354 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VRLX9EH3CJ&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
002f0358d1b2c6204663663cf0de419848bd10d956b89e633151b4dba6aa6f01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 14:41:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109682
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 02 Sep 2024 14:41:06 GMT
destination
www.googletagmanager.com/gtag/
215 KB
77 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-4214544&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:814::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fc29d3a5e0f702861f1f3a7e5f033fa15b7720995bc0b97641ec956dd0a3edee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 14:41:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
78774
x-xss-protection
0
last-modified
Mon, 02 Sep 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 02 Sep 2024 14:41:06 GMT
csp-report
www.tsb.co.nz/
0
32 B
Other
General
Full URL
https://www.tsb.co.nz/csp-report
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2duSktJRGRILTd1aDVfSUNqZ0FBQUFj'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2duSktJRGRILTd1aDVfSUNqZ0FBQUFj'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2duSktJRGRILTd1aDVfSUNqZ0FBQUFj'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

quic-version
0x00000001
content-security-policy
default-src 'self' 'nonce-WnRYT2duSktJRGRILTd1aDVfSUNqZ0FBQUFj'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2duSktJRGRILTd1aDVfSUNqZ0FBQUFj'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2duSktJRGRILTd1aDVfSUNqZ0FBQUFj'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
date
Mon, 02 Sep 2024 14:41:06 GMT
x-amz-cf-pop
SYD62-P3
vary
x-aws-env-psk,Cookie
x-frame-options
SAMEORIGIN
content-language
en
cache-control
must-revalidate, no-cache, private
alt-svc
h3=":443"; ma=93600
x-amz-cf-id
1PAnXYGCWvJNKPjV_wTH3M455PPqGd1cr_J6oDPaXuiMPv0YZFwfIg==
x-xss-protection
0
expires
Sun, 19 Nov 1978 05:00:00 GMT
g99432jddf
www.clarity.ms/tag/
637 B
999 B
Script
General
Full URL
https://www.clarity.ms/tag/g99432jddf?ref=gtm2
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0297dcf5e277991cd717a644480ca5bb0712a5a5ed92fbb38e22385466f088b5

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
date
Mon, 02 Sep 2024 14:41:06 GMT
x-azure-ref
20240902T144106Z-r17dfb6c6987p6ddauv49v0tag0000000890000000002eta
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
637
expires
-1
rtp.js
snrtp-cdn.marketo.com/rtp-api/v1/
152 KB
42 KB
Script
General
Full URL
https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-248-178.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3e3dee05a65cbc73efd4dde6ab68ddfcf623cef6d983adadfbab83ef86a571a
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63113904
Content-Encoding
gzip
Date
Mon, 02 Sep 2024 14:41:06 GMT
Last-Modified
Sat, 24 Aug 2024 01:47:05 GMT
Server
Jetty(9.4.45.v20220203)
Vary
Accept-Encoding
Content-Type
application/x-javascript; charset=UTF-8
Cache-Control
public, max-age=80
Connection
keep-alive
Content-Length
42641
fbevents.js
connect.facebook.net/en_US/
225 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-syd2.fbcdn.net
Software
/
Resource Hash
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 02 Sep 2024 14:41:06 GMT
document-policy
force-load-at-top
x-fb-server-load
38
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58936
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=23, mss=1232, tbw=4283, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
sx0KmvB5f34ILiP5LaOnjrQmTVcQRpDOtsyekmpputwScMKgkecbKso67oZSoMvbj1mwquptCekC+lvPmRPXCw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
embed.js
nebula-cdn.kampyle.com/wau/210973/onsite/
1 KB
994 B
Script
General
Full URL
https://nebula-cdn.kampyle.com/wau/210973/onsite/embed.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.175 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6ec4b6051cb614a8091bd9f5d116d2e8b741159dbfe569e06eba730a3fae7e1d
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Tx6rxhisXFvoGMypcyJSuR0Ucv19Iirw
content-encoding
gzip
via
1.1 varnish
date
Mon, 02 Sep 2024 14:41:06 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
J3WTRSKNF4V0H6RY
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
520
x-amz-id-2
eeVTcA1M6DtsJsa0qLH/ShRcBnTefOxKDLgU0IL8xiCYhqq5Yd/zV+xrvoZfL4a+lgoHznhBXwCuMwWQ5DrLDZa2M2ds0eypVlX7I+0DmCg=
x-served-by
cache-akl10321-AKL
last-modified
Wed, 28 Aug 2024 08:29:04 GMT
server
AmazonS3
x-timer
S1725288066.428187,VS0,VE0
etag
"7a794dfc3449133275a1682322437ba8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
x-cache-hits
3233
munchkin.js
munchkin.marketo.net/163/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.77.150.189 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-77-150-189.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Wed, 11 Dec 2024 14:41:06 GMT
visitWebPage
454-ize-737.mktoresp.com/webevents/
2 B
487 B
Ping
General
Full URL
https://454-ize-737.mktoresp.com/webevents/visitWebPage?_mchNc=1725288066500&_mchCn=&_mchId=454-IZE-737&_mchTk=_mch-tsb.co.nz-1725288066499-73831&_mchHo=www.tsb.co.nz&_mchPo=&_mchRu=%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.82 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:06 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
d9d8d333-d040-40b2-be66-5cfe4a875f71
344603409212329
connect.facebook.net/signals/config/
65 KB
14 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/344603409212329?v=2.9.166&r=stable&domain=www.tsb.co.nz&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-syd2.fbcdn.net
Software
/
Resource Hash
4b466aab4e8e67fc4a456707ba55c18938b6667be439c828c428d7070e603f76
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 02 Sep 2024 14:41:06 GMT
document-policy
force-load-at-top
x-fb-server-load
36
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14057
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=64, rtx=0, c=74, mss=1232, tbw=66891, tp=62, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
gfvy9F93GYBo1JHo+gWuuBsfeFElYSXt/jpMV6x5VfaKDntb12/rgAWU8YiJkr95BMaYhGlIhbUke89ilQo3PA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=344603409212329&ev=PageView&dl=https%3A%2F%2Fwww.tsb.co.nz&rl=&if=false&ts=1725288066638&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=4124&fbp=fb.2.1725288066637.379803135286209295&pm=1&hrl=d27df4&ler=empty&cdl=API_unavailable&it=1725288066555&coo=false&cs_cc=1&cas=7623493194367735%2C2088552654520035%2C1901459769885203&rqm=GET
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f119:8083:face:b00c:0:25de Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
MODERATE; q=0.3, rtt=207, rtx=0, c=10, mss=1368, tbw=2777, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 02 Sep 2024 14:41:07 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=344603409212329&ev=PageView&dl=https%3A%2F%2Fwww.tsb.co.nz&rl=&if=false&ts=1725288066638&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=4124&fbp=fb.2.1725288066637.379803135286209295&pm=1&hrl=d27df4&ler=empty&cdl=API_unavailable&it=1725288066555&coo=false&cs_cc=1&cas=7623493194367735%2C2088552654520035%2C1901459769885203&rqm=FGET
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f119:8083:face:b00c:0:25de Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 02 Sep 2024 14:41:07 GMT
document-policy
force-load-at-top
x-fb-server-load
48
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410055824054838807", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
MODERATE; q=0.3, rtt=203, rtx=0, c=10, mss=1368, tbw=3095, tp=-1, tpl=-1, uplat=245, ullat=0
pragma
no-cache
x-fb-debug
6TDvoKrjXoX5GKst2z4/ckfgtsrF1Oi18gWeX3q49CF4Y868In1OT9UuuZ2ab6t97Y8Zsn/Zv0HknG3uKlZl/w==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410055824054838807"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CLiAhfO-pIgDFTKpZgId9JcBMw;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv...
4214544.fls.doubleclick.net/ Frame E2EF
Redirect Chain
  • https://4214544.fls.doubleclick.net/activityi;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;ua...
  • https://4214544.fls.doubleclick.net/activityi;dc_pre=CLiAhfO-pIgDFTKpZgId9JcBMw;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;ua...
0
0
Document
General
Full URL
https://4214544.fls.doubleclick.net/activityi;dc_pre=CLiAhfO-pIgDFTKpZgId9JcBMw;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-4214544&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.76.102 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s24-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
344
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 Sep 2024 14:41:07 GMT
expires
Mon, 02 Sep 2024 14:41:07 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 02 Sep 2024 14:41:07 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://4214544.fls.doubleclick.net/activityi;dc_pre=CLiAhfO-pIgDFTKpZgId9JcBMw;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
csp-report
www.tsb.co.nz/
0
32 B
Other
General
Full URL
https://www.tsb.co.nz/csp-report
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2dtRW1wbFNmS2hkSHdrTE83UUFBQUE0'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2dtRW1wbFNmS2hkSHdrTE83UUFBQUE0'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2dtRW1wbFNmS2hkSHdrTE83UUFBQUE0'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

quic-version
0x00000001
content-security-policy
default-src 'self' 'nonce-WnRYT2dtRW1wbFNmS2hkSHdrTE83UUFBQUE0'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2dtRW1wbFNmS2hkSHdrTE83UUFBQUE0'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2dtRW1wbFNmS2hkSHdrTE83UUFBQUE0'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
date
Mon, 02 Sep 2024 14:41:06 GMT
x-amz-cf-pop
SYD62-P3
vary
x-aws-env-psk,Cookie
x-frame-options
SAMEORIGIN
content-language
en
cache-control
must-revalidate, no-cache, private
alt-svc
h3=":443"; ma=93600
x-amz-cf-id
JvZYEQO32GvU72zX7UD_gGjHIKpVyTleiLjIM-n2R_8NEoL_0QPCzQ==
x-xss-protection
0
expires
Sun, 19 Nov 1978 05:00:00 GMT
activity;register_conversion=1;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl...
ad.doubleclick.net/
0
0

csp-report
www.tsb.co.nz/
0
32 B
Other
General
Full URL
https://www.tsb.co.nz/csp-report
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2duT1FWYjB6OXAyLVhNbVBtZ0FBQUEw'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2duT1FWYjB6OXAyLVhNbVBtZ0FBQUEw'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2duT1FWYjB6OXAyLVhNbVBtZ0FBQUEw'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

quic-version
0x00000001
content-security-policy
default-src 'self' 'nonce-WnRYT2duT1FWYjB6OXAyLVhNbVBtZ0FBQUEw'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2duT1FWYjB6OXAyLVhNbVBtZ0FBQUEw'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2duT1FWYjB6OXAyLVhNbVBtZ0FBQUEw'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
date
Mon, 02 Sep 2024 14:41:06 GMT
x-amz-cf-pop
SYD62-P3
vary
x-aws-env-psk,Cookie
x-frame-options
SAMEORIGIN
content-language
en
cache-control
must-revalidate, no-cache, private
alt-svc
h3=":443"; ma=93600
x-amz-cf-id
A-8TzCafsIolvDSwXzh7wSvpe6WeNRkeI6m7uU_hTk25aKTZL118WQ==
x-xss-protection
0
expires
Sun, 19 Nov 1978 05:00:00 GMT
truncated
/ Frame BFB3
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame BFB3
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-VRLX9EH3CJ&gtm=45je48s0v879078468z89111675971za200zb9111675971&_p=1725288065245&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1219584338.1725288067&ul=en-nz&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1725288066&sct=1&seg=0&dl=https%3A%2F%2Fwww.tsb.co.nz%2F&dt=The%20perfect%20amount%20of%20bank%20%7C%20TSB&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4289
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VRLX9EH3CJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 Sep 2024 14:41:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.tsb.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
253 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VRLX9EH3CJ&cid=1219584338.1725288067&gtm=45je48s0v879078468z89111675971za200zb9111675971&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VRLX9EH3CJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::9c Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 Sep 2024 14:41:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.tsb.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.nz/ads/
42 B
63 B
Image
General
Full URL
https://www.google.co.nz/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VRLX9EH3CJ&cid=1219584338.1725288067&gtm=45je48s0v879078468z89111675971za200zb9111675971&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1587652294
Requested by
Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.67.3 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s16-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 Sep 2024 14:41:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 9F49
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 9F49
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
clarity.js
www.clarity.ms/s/0.7.45/
64 KB
27 KB
Script
General
Full URL
https://www.clarity.ms/s/0.7.45/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/g99432jddf?ref=gtm2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Mon, 02 Sep 2024 14:41:06 GMT
content-encoding
br
last-modified
Fri, 30 Aug 2024 23:52:41 GMT
etag
W/"0x8DCC94ED5C26BE6"
vary
Accept-Encoding
x-azure-ref
20240902T144106Z-r17dfb6c6987p6ddauv49v0tag0000000890000000002etf
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
359d170d-801e-0005-768b-fbfc00000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
jquery.min.js
rtp-static.marketo.com/rtp/libs/jquery/3.7.0/
85 KB
30 KB
Script
General
Full URL
https://rtp-static.marketo.com/rtp/libs/jquery/3.7.0/jquery.min.js
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-248-178.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Jun 2023 14:58:35 GMT
Server
AkamaiNetStorage
ETag
"e6c2415c0ace414e5153670314ce99a9:1685718127.441272"
Vary
Accept-Encoding
Access-Control-Max-Age
86400
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
30386
jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/
23 KB
4 KB
Stylesheet
General
Full URL
https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-248-178.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 May 2024 05:08:51 GMT
Server
AkamaiNetStorage
ETag
"c89c0f4cc3c0f0f2bd846508a3cd504c:1715749730.923559"
Vary
Accept-Encoding
Access-Control-Max-Age
86400
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
3762
trw
snrtp1.marketo.com/gw1/
0
466 B
Script
General
Full URL
https://snrtp1.marketo.com/gw1/trw?aid=tsbco&trwv.uid=tsbco-1725288067026-3a909b76&trwv.vc=1&trwsa.sid=tsbco-1725288067027-b64928cf&trwsb.cpv=1&ctzo=+12:00&uri=https%3A%2F%2Fwww.tsb.co.nz%2F&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1725288066499-73831&pm=2273,2274,2275,2276,2277,2278&viewedTypes=&rts=1725288067028
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Connection
close
Content-Length
0
Content-Type
application/x-javascript;charset=utf-8
trw
snrtp1.marketo.com/gw1/
0
466 B
Script
General
Full URL
https://snrtp1.marketo.com/gw1/trw?aid=tsbco&trwv.uid=tsbco-1725288067026-3a909b76&trwv.vc=1&trwsa.sid=tsbco-1725288067027-b64928cf&trwsb.cpv=2&ctzo=+12:00&uri=https%3A%2F%2Fwww.tsb.co.nz%2F&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1725288066499-73831&pm=2273,2274,2275,2276,2277,2278&viewedTypes=&rts=1725288067029
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Connection
close
Content-Length
0
Content-Type
application/x-javascript;charset=utf-8
ga-integration-2.0.5.js
rtp-static.marketo.com/rtp/libs/
18 KB
6 KB
Script
General
Full URL
https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-248-178.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Content-Encoding
gzip
Last-Modified
Thu, 15 Jun 2023 08:00:53 GMT
Server
AkamaiNetStorage
ETag
"18a7b0f60655900c0010a35d07b9da0f:1686816053.163727"
Vary
Accept-Encoding
Access-Control-Max-Age
86400
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Access-Control-Allow-Credentials
false
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Content-Length
5654
msg
snrtp1.marketo.com/gw1/
0
457 B
Script
General
Full URL
https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1725288067027-b64928cf&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1725288066499-73831&viewedTypes=&0.5945322640812061&rts=1725288067079
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Connection
close
Content-Length
0
Content-Type
text/javascript;charset=utf-8
msg
snrtp1.marketo.com/gw1/
0
457 B
Script
General
Full URL
https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1725288067027-b64928cf&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1725288066499-73831&viewedTypes=&0.7137580826953358&rts=1725288067081
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Connection
close
Content-Length
0
Content-Type
text/javascript;charset=utf-8
csp-report
www.tsb.co.nz/
0
33 B
Other
General
Full URL
https://www.tsb.co.nz/csp-report
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.45/clarity.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2dfZ3JhWFR2ODY3YmpaOE85d0FBQUJN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2dfZ3JhWFR2ODY3YmpaOE85d0FBQUJN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2dfZ3JhWFR2ODY3YmpaOE85d0FBQUJN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

quic-version
0x00000001
content-security-policy
default-src 'self' 'nonce-WnRYT2dfZ3JhWFR2ODY3YmpaOE85d0FBQUJN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2dfZ3JhWFR2ODY3YmpaOE85d0FBQUJN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2dfZ3JhWFR2ODY3YmpaOE85d0FBQUJN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
date
Mon, 02 Sep 2024 14:41:07 GMT
x-amz-cf-pop
SYD62-P3
vary
x-aws-env-psk,Cookie
x-frame-options
SAMEORIGIN
content-language
en
cache-control
must-revalidate, no-cache, private
alt-svc
h3=":443"; ma=93600
x-amz-cf-id
DeYxXc4EfnrmNACqx10Xe5QQCVFF0yIJLowA0QirpkAOuTloXp5DOQ==
x-xss-protection
0
expires
Sun, 19 Nov 1978 05:00:00 GMT
collect
f.clarity.ms/
0
0

csp-report
www.tsb.co.nz/
0
35 B
Other
General
Full URL
https://www.tsb.co.nz/csp-report
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.45/clarity.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2c4Y0F1N3dISXkwVDhCVjA2d0FBQUFN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2c4Y0F1N3dISXkwVDhCVjA2d0FBQUFN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2c4Y0F1N3dISXkwVDhCVjA2d0FBQUFN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

quic-version
0x00000001
content-security-policy
default-src 'self' 'nonce-WnRYT2c4Y0F1N3dISXkwVDhCVjA2d0FBQUFN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2c4Y0F1N3dISXkwVDhCVjA2d0FBQUFN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2c4Y0F1N3dISXkwVDhCVjA2d0FBQUFN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
date
Mon, 02 Sep 2024 14:41:07 GMT
x-amz-cf-pop
SYD62-P3
vary
x-aws-env-psk,Cookie
x-frame-options
SAMEORIGIN
content-language
en
cache-control
must-revalidate, no-cache, private
alt-svc
h3=":443"; ma=93600
x-amz-cf-id
L2l2P7IdZhgq3QYgcl8atkNHJ2WNBnKe2JFTHuqXBDfG5EE82G4reA==
x-xss-protection
0
expires
Sun, 19 Nov 1978 05:00:00 GMT
collect
f.clarity.ms/
0
0

csp-report
www.tsb.co.nz/
0
34 B
Other
General
Full URL
https://www.tsb.co.nz/csp-report
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.45/clarity.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2d4VEExZWxWWWQtSTktU0Fnd0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2d4VEExZWxWWWQtSTktU0Fnd0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2d4VEExZWxWWWQtSTktU0Fnd0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

quic-version
0x00000001
content-security-policy
default-src 'self' 'nonce-WnRYT2d4VEExZWxWWWQtSTktU0Fnd0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2d4VEExZWxWWWQtSTktU0Fnd0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2d4VEExZWxWWWQtSTktU0Fnd0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
date
Mon, 02 Sep 2024 14:41:07 GMT
x-amz-cf-pop
SYD62-P3
vary
x-aws-env-psk,Cookie
x-frame-options
SAMEORIGIN
content-language
en
cache-control
must-revalidate, no-cache, private
alt-svc
h3=":443"; ma=93600
x-amz-cf-id
8AJ4sNnwKtuQCnOuKsqF1bKM3XQAOgOGhj5K23SmCGEdI0xZM7_JPg==
x-xss-protection
0
expires
Sun, 19 Nov 1978 05:00:00 GMT
jquery-custom-ui.min.js
rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/
522 KB
126 KB
Script
General
Full URL
https://rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/jquery-custom-ui.min.js
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-248-178.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Content-Encoding
gzip
Last-Modified
Thu, 01 Jun 2023 11:54:52 GMT
Server
AkamaiNetStorage
ETag
"85c4e68263c6de164e4bad3fb60222a5:1685620750.615377"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
msg
snrtp1.marketo.com/gw1/
0
457 B
Script
General
Full URL
https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1725288067027-b64928cf&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1725288066499-73831&viewedTypes=&0.4056751513362924&rts=1725288067549
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Connection
close
Content-Length
0
Content-Type
text/javascript;charset=utf-8
msg
snrtp1.marketo.com/gw1/
0
457 B
Script
General
Full URL
https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1725288067027-b64928cf&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1725288066499-73831&viewedTypes=&0.5921893048871685&rts=1725288067550
Requested by
Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:07 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Connection
close
Content-Length
0
Content-Type
text/javascript;charset=utf-8
generic1724833743586.js
nebula-cdn.kampyle.com/au/wau/210973/onsite/
359 KB
82 KB
Script
General
Full URL
https://nebula-cdn.kampyle.com/au/wau/210973/onsite/generic1724833743586.js
Requested by
Host: nebula-cdn.kampyle.com
URL: https://nebula-cdn.kampyle.com/wau/210973/onsite/embed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.129.175 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cf9cbd57e982cfb1f39e141c1e3caab91e22c38a398bfccc51ea1aacdc15f791
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
jZ3LcKd4HqcbhHFYvZhrTuovC2TyXc7c
content-encoding
gzip
via
1.1 varnish
date
Mon, 02 Sep 2024 14:41:07 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
GT8PZWKR4KWDQSBC
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
83169
x-amz-id-2
BO7xun1kPRMeOgXfDXS/A8KaWIZE7Tl9iaJw0vqMt+pFgBN4UO6CgYWDAwKpom8Xo4iPNbIlOts=
x-served-by
cache-akl10321-AKL
last-modified
Wed, 28 Aug 2024 08:29:04 GMT
server
AmazonS3
x-timer
S1725288068.830109,VS0,VE0
etag
"750ae2ea48cf9c84d5a96a38677fc690"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
x-cache-hits
1407
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=050BC1E8A2424DAE9558524A2C8CFE88&RedC=c.clarity.ms&MXFR=330DDC8E0A3A602C34CDC8600E3A6E79
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=050BC1E8A2424DAE9558524A2C8CFE88&MUID=320C8E9DED326C1F1A229A73ECA26DE2
42 B
443 B
Image
General
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=050BC1E8A2424DAE9558524A2C8CFE88&MUID=320C8E9DED326C1F1A229A73ECA26DE2
Protocol
H2
Server
52.231.230.148 Busan, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 Sep 2024 14:41:07 GMT
last-modified
Tue, 13 Aug 2024 21:12:15 GMT
server
Microsoft-IIS/10.0
etag
"3bd2d078c5edda1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Mon, 02 Sep 2024 14:41:08 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E4FD4C69A2354283AE0008ED01E115D5 Ref B: SYD03EDGE1017 Ref C: 2024-09-02T14:41:08Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=050BC1E8A2424DAE9558524A2C8CFE88&MUID=320C8E9DED326C1F1A229A73ECA26DE2
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
visitor
snrtp1.marketo.com/gw1/rtp/api/v1_1/
287 B
1 KB
XHR
General
Full URL
https://snrtp1.marketo.com/gw1/rtp/api/v1_1/visitor?sid=tsbco-1725288067027-b64928cf&aid=tsbco&1725288067818
Requested by
Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
a40de3cec62a0aa7fc878cffffcfcbc855cd8278e7d28847bcabab6c67f4549e
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma
No-cache
Date
Mon, 02 Sep 2024 14:41:08 GMT
Strict-Transport-Security
max-age=63113904
Last-Modified
Mon Sep 02 09:41:08 CDT 2024
Server
Jetty(9.4.45.v20220203)
Vary
Origin
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
https://www.tsb.co.nz
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials
true
Connection
close
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sgm
snrtp1.marketo.com/gw1/ga/
48 B
532 B
XHR
General
Full URL
https://snrtp1.marketo.com/gw1/ga/sgm?sid=tsbco-1725288067027-b64928cf&1725288067818
Requested by
Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.237.104.73 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software
Jetty(9.4.45.v20220203) /
Resource Hash
25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44
Security Headers
Name Value
Strict-Transport-Security max-age=63113904

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Mon, 02 Sep 2024 14:41:08 GMT
Strict-Transport-Security
max-age=63113904
Server
Jetty(9.4.45.v20220203)
Content-Type
text/json;charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
close
Content-Length
48
favicon.ico
www.tsb.co.nz/themes/TSB/
15 KB
15 KB
Other
General
Full URL
https://www.tsb.co.nz/themes/TSB/favicon.ico
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
23.32.5.119 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-32-5-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c29898818975d404bc311ef4043893f26e1ad7b6c8760fe1984b3aba82444365
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'nonce-WnRVV0VRb3pBa3ZVamFFMndseDRwd0FBQUFV'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVV0VRb3pBa3ZVamFFMndseDRwd0FBQUFV'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVV0VRb3pBa3ZVamFFMndseDRwd0FBQUFV'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version
0x00000001
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-security-policy
default-src 'self' 'nonce-WnRVV0VRb3pBa3ZVamFFMndseDRwd0FBQUFV'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRVV0VRb3pBa3ZVamFFMndseDRwd0FBQUFV'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRVV0VRb3pBa3ZVamFFMndseDRwd0FBQUFV'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options
nosniff
date
Mon, 02 Sep 2024 14:41:07 GMT
x-amz-cf-pop
SYD62-P3
alt-svc
h3=":443"; ma=93600
content-length
15406
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 28 Aug 2024 10:31:17 GMT
etag
"3c2e-620bbdbb1ab88"
x-frame-options
SAMEORIGIN
vary
Cookie
content-type
image/vnd.microsoft.icon
cache-control
max-age=31488767
accept-ranges
bytes
x-amz-cf-id
6fOgNH3RVmxeGRti9lAZSnFQCLSCNEzPVbyKaCoXOzcLQ7NK8pDvmQ==
expires
Tue, 02 Sep 2025 01:33:54 GMT
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/
0
318 B
Image
General
Full URL
https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI4LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiVGhlIHBlcmZlY3QgYW1vdW50IG9mIGJhbmsgfCBUU0IiLCJwYWdlX3VybCI6ICJodHRwczovL3d3dy50c2IuY28ubnovIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE3MjUyODgwNjc5MDEiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAxMiwidXNlcl9pZCI6ICIxOTFiMzJlYjMzNzU4Mi0wZTdmYjI2M2Y4NzViOC0xZjQ2MmM2Zi0xZDRjMDAtMTkxYjMyZWIzMzgxYWQ2IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXN5ZDEiLCJhY2NvdW50SWQiOiAyMTA5NzIsInVybCI6ICJodHRwczovL3d3dy50c2IuY28ubnovIiwid2Vic2l0ZUlkIjogMjEwOTczLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIwNzg2LTRlZDQtNWUzNi0yZDYyLWI3YjAtNmM0My1iN2NmLTRmZjciLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTcyNTI4ODA2NzkwMCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA2MjYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjU2LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjU2LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE3MjUyODgwNjc5MDEsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
82.45.241.35.bc.googleusercontent.com
Software
Jetty(9.2.11.v20150529) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.tsb.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-me
prod-instance-gatewayservice-green-vh8j
date
Mon, 02 Sep 2024 14:41:08 GMT
via
1.1 google
alt-svc
clear
server
Jetty(9.2.11.v20150529)
access-control-max-age
1800
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
image/gif; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept
content-length
0
x-application-context
application:9090

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ad.doubleclick.net
URL
https://ad.doubleclick.net/activity;register_conversion=1;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?
Domain
f.clarity.ms
URL
https://f.clarity.ms/collect
Domain
f.clarity.ms
URL
https://f.clarity.ms/collect

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| dataLayer string| nonceForCustomScripts function| rtp function| once function| jQuery object| drupalSettings object| Drupal function| closeModal function| ds07o6pcmkorn object| Popper function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data function| clarity function| queryForm function| fbq function| _fbq object| KAMPYLE_EMBED object| MunchkinTracker function| onYouTubeIframeAPIReady object| gaGlobal function| getInternetExplorerVersion function| consoleMessage function| makeGetRequest function| createCORSRequest object| ITLocalStorageAPI object| InsighteraUtil object| iiq object| ibq object| trackObj function| isCurrentSession function| addDynamicScript function| rtpRCMD object| AITag object| aiq object| AIConfig function| setButtonWidthHeight function| getDirectionForWidgetSide function| updateWidget function| initialize function| showWidgetCampaign function| hideWidgetCampaign function| injectContent function| execute function| destroy object| InsighteraWidget function| setTimeoutFunction object| exp_2_year function| loadRichMediaImage function| alignElementPosition function| applyAttributeHeightToPics function| revertAttributeHeightToPics object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK object| KAMPYLE_INTEGRATION object| cooladata

23 Cookies

Domain/Path Name / Value
.tsb.co.nz/ Name: _gcl_au
Value: 1.1.855811215.1725288066
.tsb.co.nz/ Name: _mkto_trk
Value: id:454-IZE-737&token:_mch-tsb.co.nz-1725288066499-73831
.tsb.co.nz/ Name: _fbp
Value: fb.2.1725288066637.379803135286209295
www.clarity.ms/ Name: CLID
Value: 07827623bf0b4891be83e097b5c1e64d.20240902.20250902
.tsb.co.nz/ Name: _ga_VRLX9EH3CJ
Value: GS1.1.1725288066.1.0.1725288066.60.0.0
.tsb.co.nz/ Name: _ga
Value: GA1.1.1219584338.1725288067
.tsb.co.nz/ Name: trwv.uid
Value: tsbco-1725288067026-3a909b76%3A1
.tsb.co.nz/ Name: trwsa.sid
Value: tsbco-1725288067027-b64928cf%3A2
.tsb.co.nz/ Name: _clck
Value: 1l5ms2q%7C2%7Cfou%7C0%7C1706
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
www.tsb.co.nz/ Name: mdLogger
Value: false
www.tsb.co.nz/ Name: kampyle_userid
Value: 0786-4ed4-5e36-2d62-b7b0-6c43-b7cf-4ff7
www.tsb.co.nz/ Name: kampyleUserSession
Value: 1725288067900
www.tsb.co.nz/ Name: kampyleUserSessionsCount
Value: 1
www.tsb.co.nz/ Name: kampyleSessionPageCounter
Value: 1
.bing.com/ Name: MUID
Value: 320C8E9DED326C1F1A229A73ECA26DE2
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 320C8E9DED326C1F1A229A73ECA26DE2
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 320C8E9DED326C1F1A229A73ECA26DE2
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0

8 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7(Line 784)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'". Either the 'unsafe-inline' keyword, a hash ('sha256-02AmQL9wkufukhYO0oecviSq4Hb8pxAowQtdG8xLfuY='), or a nonce ('nonce-...') is required to enable inline execution.
security error URL: https://www.tsb.co.nz/
Message:
Refused to load the image 'https://ad.doubleclick.net/activity;register_conversion=1;src=4214544;type=Remar0;cat=tsbba0;ord=2538685825493;npa=0;auiddc=855811215.1725288066;u1=%2F;ps=1;pcor=1746364326;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe48s0v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?' because it violates the following Content Security Policy directive: "img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com".
security error URL: https://www.googletagmanager.com/
Message:
Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com".
security error URL: https://www.googletagmanager.com/
Message:
Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com".
security error URL: https://www.clarity.ms/s/0.7.45/clarity.js(Line 1)
Message:
Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security error URL: https://www.clarity.ms/s/0.7.45/clarity.js(Line 1)
Message:
Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security error URL: https://www.clarity.ms/s/0.7.45/clarity.js(Line 1)
Message:
Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security error URL: https://www.clarity.ms/s/0.7.45/clarity.js(Line 1)
Message:
Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnRYT2Z6MmQ3R3hTeFNUdU0zM3NWQUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4214544.fls.doubleclick.net
454-ize-737.mktoresp.com
ad.doubleclick.net
analytics.google.com
c.bing.com
c.clarity.ms
connect.facebook.net
f.clarity.ms
munchkin.marketo.net
nebula-cdn.kampyle.com
rtp-static.marketo.com
shielded.co.nz
snrtp-cdn.marketo.com
snrtp1.marketo.com
staticcdn.co.nz
stats.g.doubleclick.net
udc-neb.kampyle.com
unpkg.com
www.clarity.ms
www.facebook.com
www.google.co.nz
www.googletagmanager.com
www.tsb.co.nz
ad.doubleclick.net
f.clarity.ms
103.237.104.73
103.237.104.82
142.250.67.3
142.250.76.102
151.101.129.175
157.240.8.23
18.67.110.70
18.67.110.87
184.24.248.178
2001:4860:4802:36::181
23.32.5.119
23.77.150.189
2404:6800:4003:c1a::9c
2404:6800:4006:814::2008
2600:1415:2000::17ca:e648
2606:4700::6811:f9cb
2620:1ec:bdf::31
2620:1ec:c11::237
2a03:2880:f119:8083:face:b00c:0:25de
35.241.45.82
52.231.230.148
002f0358d1b2c6204663663cf0de419848bd10d956b89e633151b4dba6aa6f01
00e23df10377c1a86b7e881fd0e8e209b08c89a0fd3a9437d3e56d6087398f60
023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c
0297dcf5e277991cd717a644480ca5bb0712a5a5ed92fbb38e22385466f088b5
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
09d3c01af7d1b64385f5aea38b33807177f382f8dc3ce411548e1beb6523263e
0c82a95daa5ef40bf810ade32aad3a375ed14df6966ea1bd65520d6a85029975
0c91d9180a4fbd8d7a81f954632dfcc5570720d01ff2be2f3cd3f899e1d65677
143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9
1af1da6717bf645b3f5b8af41f16f7a149f0bf11e817492a2b3f711f50a6bef7
229153c7c6646487031d2e5f8be0ec43a58bb341dcb5417fb0ae480efd4ac162
25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44
264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
414277d359e2c453607104f2495ac2af09fa15c2ccaf2e485d3933e5727f348d
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
4b466aab4e8e67fc4a456707ba55c18938b6667be439c828c428d7070e603f76
4c0e86b58a95d6cc42324dc9f51d082538b49b3762b4b210accb9b190a58443b
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
54c3efbdfca5f0a68b2fe25942ec652c41ae5ce6e07baca2b9f1a895409adfbe
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a33562cad9eb06c691cb48e26df44406a7eab40b986d508d0927d70d77dd0d2
5b38685c3ce8b9d7e1bdf8779cd7ac5983028f904dfeccdd350d83c416ba1c3d
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6992a15f0f21ebb0cdf8ceed9163d84f150bee78148e954cbb96fd4e2dfdebe3
6a8996a4866b94877454218ae2202c8d1ac982a1a7d4870b07820d1b88fd576a
6acd54f2994ad7633ebed65bf2bf2349922118b715731763482a6cb2f802bf18
6d85c6b6712f50bf6b61aeb1d96103d99903abb4d3fdba53ccf96552d9f86fcf
6ec4b6051cb614a8091bd9f5d116d2e8b741159dbfe569e06eba730a3fae7e1d
752ac7b6a1d83373e07af1ee17b3a0e4a304e9b9304b55e49d93c7ab6a1c394e
79caa592cde5bfd0a417bf66926410d967a5334c9f0d1990671456e5bd4f5ce8
86e6459d734e4861ef736467ab64fc8b433923d940fd39271fd923ae2c34f9b0
884be02526ba926246005e45c6fd619fb4e0b53265d5d82db187a35a98690d55
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9e056e574bfbca2ce3ec6cb73b68750db9bd29d91c3471add8b8db217f78a275
a2df8a1ea57ff1a48259665a5aae51c21df18d91406f0a3e3623afb26c60c31d
a40de3cec62a0aa7fc878cffffcfcbc855cd8278e7d28847bcabab6c67f4549e
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af5a9628858b383c6257068c476c25b5a8a6421b686a349a828c47f526e7f877
b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129
b8666c40390e333bbbef6b67ce910ed6fc73c7b7c4476f48b3be06fbe2198a2d
b8710e59c134288dfa22585733639c1e70b133850bf414ee097f9e73eb4d8eee
ba2e65e6de11b597587bdb304a49174e41a23ccd9bf20e7dec7fca7d07ffb439
bc12b29df8637c88266cf0908c237d82b8afe69ea7965810e9dd5431fdf3492f
bedfc97fc67ea23fe97336f8c0032203f1b08f889e0ee6bb3d8a2ff3da4f8baa
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641
c212f4b505a86352aed62b24a8f16f999f821ecbe6456c7f3c8a04bc87968782
c29898818975d404bc311ef4043893f26e1ad7b6c8760fe1984b3aba82444365
cf9cbd57e982cfb1f39e141c1e3caab91e22c38a398bfccc51ea1aacdc15f791
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
e2fed2719e47f4428f31b5f6d8584ed8b6848f9b3586644e070749341806344e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e3dee05a65cbc73efd4dde6ab68ddfcf623cef6d983adadfbab83ef86a571a
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e5c2dd00df7892f31ac96aa60a9b2b2b28f90400fb38ffea648f1c9ba73769bc
e79b999464b8a504fef7e85f011be9ccdbd7442d324d6d6af8dbba5bb590a0c6
e9b29db4f9339b5c9320c9dc1a64c95d0b099c3529514803addc148ec8774b2c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fc29d3a5e0f702861f1f3a7e5f033fa15b7720995bc0b97641ec956dd0a3edee
ffd1091010e051a8a2614601a6a15480c6c82db983abb95354c1bae68377c8f9