urlscan.io logo urlscan.io
SecurityTrails logo

www.nerdwallet.com Open in urlscan Pro
104.18.23.225  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nerdwallet.us/takeover.html
Effective URL: https://www.nerdwallet.com/takeover.html
Submission: On February 26 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 31 IPs in 3 countries across 25 domains to perform 63 HTTP transactions. The main IP is 104.18.23.225, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.nerdwallet.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 4th 2020. Valid for: a year.
This is the only time www.nerdwallet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.218.246.34 16509 (AMAZON-02)
1 1 35.170.169.214 14618 (AMAZON-AES)
9 104.18.23.225 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 65.9.23.76 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
8 52.34.71.92 16509 (AMAZON-02)
1 142.250.186.130 15169 (GOOGLE)
1 35.244.189.141 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:206... 16509 (AMAZON-02)
2 65.9.58.75 16509 (AMAZON-02)
1 4 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 104.18.8.125 13335 (CLOUDFLAR...)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a00:1288:80:... 203220 (YAHOO-DEB)
2 2a04:4e42:3::84 54113 (FASTLY)
1 23.218.209.87 16625 (AKAMAI-AS)
1 199.232.137.44 54113 (FASTLY)
1 3.211.199.159 14618 (AMAZON-AES)
1 46.228.164.13 56396 (TURN)
1 2 2620:119:50e6... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
4 104.75.88.209 16625 (AKAMAI-AS)
1 2 142.250.185.166 15169 (GOOGLE)
2 64.202.112.159 23352 (SERVERCEN...)
2 2 151.101.114.49 54113 (FASTLY)
1 142.250.186.162 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 216.58.212.130 15169 (GOOGLE)
63 31
1    52.218.246.34 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-website-us-west-2.amazonaws.com
nerdwallet.us
1    35.170.169.214 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-169-214.compute-1.amazonaws.com
nerdwallet.com
9    104.18.23.225 (United States)

ASN13335 (CLOUDFLARENET, US)
www.nerdwallet.com
1    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    65.9.23.76 (Orlando, United States)

ASN16509 (AMAZON-02, US)
cdn.amplitude.com
1    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
4    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
3    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
8    52.34.71.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-71-92.us-west-2.compute.amazonaws.com
ssl.kaptcha.com
1    142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net
www.googleadservices.com
1    35.244.189.141 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 141.189.244.35.bc.googleusercontent.com
e.adhaven.com
1    2a00:1450:4001:813::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ping.pdst.fm
1    2600:9000:206f:6a00:a:b27c:d040:93a1 (United States)

ASN16509 (AMAZON-02, US)
ext.chtbl.com
2    65.9.58.75 (United States)

ASN16509 (AMAZON-02, US)
web.chtbl.com
4    2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleadservices.com
googleads.g.doubleclick.net
2    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    104.18.8.125 (United States)

ASN13335 (CLOUDFLARENET, US)
api.nerdwallet.com
1    2a02:26f0:7100:48a::25ea (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
2    2a04:4e42:3::84 (United States)

ASN54113 (FASTLY, US)
s.pinimg.com
1    23.218.209.87 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-87.deploy.static.akamaitechnologies.com
amplify.outbrain.com
1    199.232.137.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cdn.taboola.com
1    3.211.199.159 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-199-159.compute-1.amazonaws.com
pixel.mtrcs.samba.tv
1    46.228.164.13 (United Kingdom)

ASN56396 (TURN, GB)
d.turn.com
2    2620:119:50e6:101::6cae:b05 (United States)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
4    104.75.88.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-209.deploy.static.akamaitechnologies.com
ct.pinterest.com
2    142.250.185.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f6.1e100.net
9935087.fls.doubleclick.net
2    64.202.112.159 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com
tr.outbrain.com
2    151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
rtd-tm.everesttech.net
1    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
cm.g.doubleclick.net
1    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
1    216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net
pubads.g.doubleclick.net
Domain Requested by
9 www.nerdwallet.com www.nerdwallet.com
8 ssl.kaptcha.com www.nerdwallet.com
ssl.kaptcha.com
4 ct.pinterest.com s.pinimg.com
4 maps.googleapis.com www.nerdwallet.com
maps.googleapis.com
3 www.googleadservices.com www.googletagmanager.com
www.googleadservices.com
3 www.googletagmanager.com www.nerdwallet.com
www.googletagmanager.com
2 rtd-tm.everesttech.net 2 redirects
2 tr.outbrain.com amplify.outbrain.com
2 9935087.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 px.ads.linkedin.com 1 redirects
2 s.pinimg.com www.nerdwallet.com
s.pinimg.com
2 s.yimg.com www.nerdwallet.com
s.yimg.com
2 bat.bing.com www.nerdwallet.com
2 api.nerdwallet.com www.nerdwallet.com
2 www.google.de www.nerdwallet.com
2 www.google.com 1 redirects
2 googleads.g.doubleclick.net 1 redirects www.googleadservices.com
2 web.chtbl.com ext.chtbl.com
1 pubads.g.doubleclick.net 9935087.fls.doubleclick.net
1 adservice.google.com 9935087.fls.doubleclick.net
1 cm.g.doubleclick.net 9935087.fls.doubleclick.net
1 www.linkedin.com 1 redirects
1 d.turn.com
1 pixel.mtrcs.samba.tv
1 cdn.taboola.com www.nerdwallet.com
1 amplify.outbrain.com www.nerdwallet.com
1 snap.licdn.com www.googletagmanager.com
1 ext.chtbl.com www.nerdwallet.com
1 ping.pdst.fm www.nerdwallet.com
1 e.adhaven.com www.nerdwallet.com
1 apis.google.com www.nerdwallet.com
1 cdn.amplitude.com www.nerdwallet.com
1 www.google-analytics.com www.nerdwallet.com
1 nerdwallet.com 1 redirects
1 nerdwallet.us 1 redirects
63 35
Subject Issuer Validity Valid
nerdwallet.com
Cloudflare Inc ECC CA-3		 2020-07-04 -
2021-07-04		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
cdn.amplitude.com
Amazon		 2020-11-18 -
2021-12-17		 a year crt.sh
*.apis.google.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
ssl.kaptcha.com
Thawte TLS RSA CA G1		 2019-10-01 -
2021-11-29		 2 years crt.sh
www.googleadservices.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
*.adhaven.com
Go Daddy Secure Certificate Authority - G2		 2019-11-20 -
2022-01-19		 2 years crt.sh
ping.pdst.fm
GTS CA 1D2		 2021-01-24 -
2021-04-24		 3 months crt.sh
ext.chtbl.com
Amazon		 2021-01-25 -
2022-02-22		 a year crt.sh
web.chtbl.com
Amazon		 2020-03-28 -
2021-04-28		 a year crt.sh
*.googleadservices.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
www.google.de
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2021-01-19 -
2021-07-19		 6 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-02-21 -
2021-04-06		 a month crt.sh
*.pinterest.com
DigiCert SHA2 High Assurance Server CA		 2020-07-16 -
2021-08-04		 a year crt.sh
*.outbrain.com
DigiCert SHA2 Secure Server CA		 2020-03-09 -
2021-06-08		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.samba.tv
Amazon		 2020-07-10 -
2021-08-10		 a year crt.sh
*.turn.com
DigiCert SHA2 Secure Server CA		 2020-03-18 -
2021-04-19		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-01-06 -
2021-07-05		 6 months crt.sh
*.doubleclick.net
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
*.google.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
*.google.de
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.nerdwallet.com/takeover.html
Frame ID: 8BE4A306C041DFE58D2C96FE3309C0CD
Requests: 52 HTTP requests in this frame

Frame: https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Frame ID: 254AF041E18328EFBFB323424BCD3B2E
Requests: 5 HTTP requests in this frame

Frame: https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html
Frame ID: 9D49DC652ED5943227AEC926B3D0B832
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://nerdwallet.us/takeover.html HTTP 301
    http://nerdwallet.com/takeover.html HTTP 307
    https://nerdwallet.com/takeover.html HTTP 301
    https://www.nerdwallet.com/takeover.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/\/maps\.googleapis\.com\/maps\/api\/js/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • script /cdn\.amplitude\.com/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

63
Requests

100 %
HTTPS

46 %
IPv6

25
Domains

35
Subdomains

31
IPs

3
Countries

1688 kB
Transfer

6023 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nerdwallet.us/takeover.html HTTP 301
    http://nerdwallet.com/takeover.html HTTP 307
    https://nerdwallet.com/takeover.html HTTP 301
    https://www.nerdwallet.com/takeover.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=iAs5YKuSBPPdmwfirYvYCg&sscte=1&crd=&eitems=Cg8IgNXigQYQ3eSijYWBvx0SHQAvbt5eJ-paNRiuSXUyuSkz0U5D6hhXQUWafGuB HTTP 302
  • https://www.google.com/pagead/1p-conversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iAs5YKuSBPPdmwfirYvYCg&eitems=Cg8IgNXigQYQ3eSijYWBvx0SHQAvbt5e4lzJi_ogagVbmFfK1iLq9ViDoy41lLNc&random=2683219209&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iAs5YKuSBPPdmwfirYvYCg&eitems=Cg8IgNXigQYQ3eSijYWBvx0SHQAvbt5e4lzJi_ogagVbmFfK1iLq9ViDoy41lLNc&random=2683219209&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hDDKM7NP3fMcnXqXIZZ0ZtgR39zJ-LbpjnZdnc4gFlnqrtW0nCbMQmU535HSS8kzz0f6bLroCZxtAZYHjAsD6zA
Request Chain 38
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=312012&time=1614351240433&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D312012%26time%3D1614351240433%26url%3Dhttps%253A%252F%252Fwww.nerdwallet.com%252Ftakeover.html%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=312012&time=1614351240433&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&liSync=true
Request Chain 45
  • https://9935087.fls.doubleclick.net/activityi;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html HTTP 302
  • https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html
Request Chain 56
  • https://rtd-tm.everesttech.net/upi/?sid=cLo95ydYchhUBgxGDQQq&cs=1 HTTP 302
  • https://rtd-tm.everesttech.net/ct/upi/?sid=cLo95ydYchhUBgxGDQQq&cs=1&_test=YDkLiQAAAH6QECrK HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WURrTGlRQUFBSDZRRUNySw

63 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request takeover.html
www.nerdwallet.com/
Redirect Chain
  • http://nerdwallet.us/takeover.html
  • http://nerdwallet.com/takeover.html
  • https://nerdwallet.com/takeover.html
  • https://www.nerdwallet.com/takeover.html
138 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5832acb5142649a14cedd815be0abce56e15bb4b1b861ab90247354fa0caab0e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

:method
GET
:authority
www.nerdwallet.com
:scheme
https
:path
/takeover.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
content-type
text/html
set-cookie
__cfduid=dfb35d55cd3aa2288961af70ac512c4a61614351238; expires=Sun, 28-Mar-21 14:53:58 GMT; path=/; domain=.www.nerdwallet.com; HttpOnly; SameSite=Lax; Secure AWSALB=g9PPWs9TOx13J/XhARxt5YuHO6b8RCAqWBgFRKmo1NZJdIwZHvkzeVNA+z7lPHFrrRQ/iW1ZoTSV9gfkImCG16ZKNIuxmv/RBacvlKc/ekL5nRyIp/xq/y8Xif9l; Expires=Fri, 05 Mar 2021 14:53:59 GMT; Path=/ AWSALBCORS=g9PPWs9TOx13J/XhARxt5YuHO6b8RCAqWBgFRKmo1NZJdIwZHvkzeVNA+z7lPHFrrRQ/iW1ZoTSV9gfkImCG16ZKNIuxmv/RBacvlKc/ekL5nRyIp/xq/y8Xif9l; Expires=Fri, 05 Mar 2021 14:53:59 GMT; Path=/; SameSite=None; Secure __cf_bm=53ce439035600c159c285d2855a84d09638112ec-1614351239-1800-AUNpXxW9ECxPvKSr9clSO0WW/YURxxz+9x/BDqlXXnQN+OkvaQmHZpsYYmVL5C3fNvi2MCXoMmNuLr3nBSS/x/qlxPn9JQWAwP33sNrWd4YZ; path=/; expires=Fri, 26-Feb-21 15:23:59 GMT; domain=.www.nerdwallet.com; HttpOnly; Secure; SameSite=None
x-nerd
Edge
content-security-policy
frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com;
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block;
x-content-type-options
nosniff
x-cache
Error from cloudfront
via
1.1 c4cfd693df2d3c329a667c606d9185f1.cloudfront.net (CloudFront)
x-amz-cf-pop
CPH50-C1
x-amz-cf-id
oIGWBYrm6OdmXTGjD8BNtU3Buurl79a2lfN4-VAaK-lcuoYZVP2F4A==
cf-cache-status
DYNAMIC
cf-request-id
08806e1ef800001d0691b4a000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
627a7fab2c251d06-CPH
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Fri, 26 Feb 2021 14:53:58 GMT
content-type
text/html
content-length
166
location
https://www.nerdwallet.com/takeover.html
set-cookie
AWSALB=PFHldBw7Itxc8/Vh7lTYV7xSv280UdLHcGKWY1o9KUxcK1xKzpiqrD6/6EKtRU1ZumsOr4UpEYn/xRI/xLxp+i1/wGmCV7Jy8OMUZw9xFOq4SxceXRCyZ2ELAv8/; Expires=Fri, 05 Mar 2021 14:53:58 GMT; Path=/ AWSALBCORS=PFHldBw7Itxc8/Vh7lTYV7xSv280UdLHcGKWY1o9KUxcK1xKzpiqrD6/6EKtRU1ZumsOr4UpEYn/xRI/xLxp+i1/wGmCV7Jy8OMUZw9xFOq4SxceXRCyZ2ELAv8/; Expires=Fri, 05 Mar 2021 14:53:58 GMT; Path=/; SameSite=None; Secure
x-nerd
Edge
content-security-policy
frame-ancestors 'none';
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block;
x-content-type-options
nosniff
vary
Origin
global.c589be98b79040bbd902.css
www.nerdwallet.com/cdn/apps/prod/global-markup/ 		206 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/apps/prod/global-markup/global.c589be98b79040bbd902.css
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79d51bd9e69b57364cd080d3e065d263b18b3d7bc1830625ea5c1793b6d978fa

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 b5b008573eab794a3818bb6b76b0a164.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2480382
x-cache
Hit from cloudfront
content-type
text/css
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08806e20b100001d06681f1000000001
last-modified
Thu, 28 Jan 2021 21:50:14 GMT
server
cloudflare
etag
W/"f1d09f8ba61bd5fe74c2b38633c34850"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
x-amz-version-id
u5rutQeTU6HT6Yg3gbnr1nvFB4Pv.fgK
cache-control
public, max-age=31557600
x-amz-cf-pop
HEL50-C1
cf-ray
627a7fadeb9f1d06-CPH
x-amz-cf-id
pCF4H2pj0_rDXgILkYzlFzSifC-VPklqfzkUj-gXZw-ncIecfxcO2g==
x-nerd
Edge
Gotham-Book--critical.fdbad282be.woff2
www.nerdwallet.com/cdn/fonts/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/fonts/Gotham-Book--critical.fdbad282be.woff2
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba8be65746ca30fadff7deb639117ec587a44e0428f89218d70bc5e4888ac308

Request headers

Origin
https://www.nerdwallet.com
Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 41dc61beb3fe8e8c2c299a2522d8330d.cloudfront.net (CloudFront)
vary
Origin,Origin, Accept-Encoding
cf-cache-status
HIT
age
6184848
x-cache
Hit from cloudfront
content-type
application/font-woff2
x-amz-replication-status
COMPLETED
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9492
cf-request-id
08806e20b100001d066a81e000000001
last-modified
Wed, 30 Oct 2019 21:14:56 GMT
server
cloudflare
etag
"fdbad282bee3da1c38146487b9c2f412"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
qO4dL.hZdiXhSjcHWUA2gx37GuwESNEa
access-control-allow-origin
https://www.nerdwallet.com
access-control-expose-headers
x-amz-replication-status, content-type, connection, cache-control, x-nerd, etag, access-control-max-age, accept-ranges, vary, access-control-allow-credentials, content-length, x-amz-version-id, last-modified, access-control-allow-methods, x-amz-id-2, access-control-allow-origin, x-amz-request-id
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
OSL50-C1
accept-ranges
bytes
cf-ray
627a7fadeba61d06-CPH
x-amz-cf-id
ZoPC-olTxYoHO-dmSLmjWTlDQTVMf0p5_y5HRjG4Qr0C425bPYgjDA==
x-nerd
Edge
Gotham-Bold--critical.dcf83fb890.woff2
www.nerdwallet.com/cdn/fonts/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/fonts/Gotham-Bold--critical.dcf83fb890.woff2
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ae4bbc3bbd5733dcaf9302940b4115e5871733f71ab3f3e7250e693b4d05f6d

Request headers

Origin
https://www.nerdwallet.com
Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 2291c3a6bbdb0b0147dc7972fd25ec3e.cloudfront.net (CloudFront)
vary
Origin,Origin, Accept-Encoding
cf-cache-status
HIT
age
6184848
x-cache
Hit from cloudfront
content-type
application/font-woff2
x-amz-replication-status
COMPLETED
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9112
cf-request-id
08806e20b100001d062396a000000001
last-modified
Wed, 30 Oct 2019 21:14:54 GMT
server
cloudflare
etag
"dcf83fb8902adcc5fd75fdf6da548573"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
ZVjEQRajXUF6.zxBMjo_c8ABjFp8zQ9a
access-control-allow-origin
https://www.nerdwallet.com
access-control-expose-headers
x-amz-replication-status, content-type, connection, cache-control, x-nerd, etag, access-control-max-age, accept-ranges, vary, access-control-allow-credentials, content-length, x-amz-version-id, last-modified, access-control-allow-methods, x-amz-id-2, access-control-allow-origin, x-amz-request-id
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
OSL50-C1
accept-ranges
bytes
cf-ray
627a7fadeba71d06-CPH
x-amz-cf-id
rEPkw2driFTnChYIhP93qZYqHtNGCfSNcwf4Qu6nFhvOEYBfZgmMdA==
x-nerd
Edge
ChronicleDisplay-Semibold--critical.2c31edcaf3.woff2
www.nerdwallet.com/cdn/fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/fonts/ChronicleDisplay-Semibold--critical.2c31edcaf3.woff2
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c45992da4f0169a7651346ef0a4cb27efe93b28a3b80d230a6f428a0e242db65

Request headers

Origin
https://www.nerdwallet.com
Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
vary
Origin,Origin, Accept-Encoding
cf-cache-status
HIT
age
6184848
x-cache
Hit from cloudfront
content-type
application/font-woff2
x-amz-replication-status
COMPLETED
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11012
cf-request-id
08806e20b200001d06583c7000000001
last-modified
Wed, 30 Oct 2019 21:14:56 GMT
server
cloudflare
etag
"2c31edcaf37bc7ca0ca1103d29b5f5f1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
1RO9fTBmDqOYOptSCn7EaIHnq.wDJAxu
access-control-allow-origin
https://www.nerdwallet.com
access-control-expose-headers
x-amz-replication-status, content-type, connection, cache-control, x-nerd, etag, access-control-max-age, accept-ranges, vary, access-control-allow-credentials, content-length, x-amz-version-id, last-modified, access-control-allow-methods, x-amz-id-2, access-control-allow-origin, x-amz-request-id
cache-control
public, max-age=31536000
access-control-allow-credentials
true
x-amz-cf-pop
OSL50-C1
accept-ranges
bytes
cf-ray
627a7fadeba81d06-CPH
x-amz-cf-id
JmtXgJFd2C4q-QOIcgUjxO86js8_2kkJI80urn2YPIAlBZYj7JRmng==
x-nerd
Edge
ErrorPage_Compass_blue2.png
www.nerdwallet.com/cdn/img/background/error/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nerdwallet.com/cdn/img/background/error/ErrorPage_Compass_blue2.png
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d538ad9f65f05a8479e25d877cbc6f7ec19356465b2db7eaf6a2cca803416d27

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 6be22242aae4af4e7e7512e5e8fcb513.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
x-amz-cf-pop
ARN54-C1
cf-polished
status=not_needed
cf-ray
627a7fae6d5f1d06-CPH
x-cache
Hit from cloudfront
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
46632
cf-request-id
08806e210700001d0618a92000000001
last-modified
Tue, 14 Feb 2017 17:53:33 GMT
server
cloudflare
etag
"dc8886e134d25803a263de860d588c18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
x-amz-version-id
null
accept-ranges
bytes
content-type
image/png
x-amz-cf-id
UycvgYCoKzXvHFege9DFlVi3u5nyiIAVmO92qjndXw1mkPwTFWb-DQ==
x-nerd
Edge
cf-bgj
imgq:85,h2pri
nav.65f916c7bcd07da21be8.js
www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/ 		1 MB
362 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c4afdff9222a9066e6615d441930f9fd7122c92cbb2515262ff351d221c85e2

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 5c2d36b0430d7877f1609d99fe01caa9.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
63836
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-replication-status
PENDING
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08806e212700001d0621050000000001
last-modified
Thu, 25 Feb 2021 21:05:34 GMT
server
cloudflare
etag
W/"d7842227ff3e3cff5bd715cb6f0d80fa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
x-amz-version-id
EXsNtqpFtJd9Lhlpls_8Cx9VcXMVhpX_
cache-control
public, max-age=31557600
x-amz-cf-pop
ARN54-C1
cf-ray
627a7faeae1f1d06-CPH
x-amz-cf-id
AfBZW2lKN9qTR1tyWEKFyvP9ihz0isiAdodByGeRT4d16dNZiKwdtw==
x-nerd
Edge
analytics.js
www.google-analytics.com/ 		46 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 05 Feb 2021 21:33:27 GMT
server
Golfe2
age
3083
date
Fri, 26 Feb 2021 14:02:36 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18980
expires
Fri, 26 Feb 2021 16:02:36 GMT
amplitude-4.1.1-min.gz.js
cdn.amplitude.com/libs/ 		68 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/amplitude-4.1.1-min.gz.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.23.76 Orlando, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
96405d7546b6c0c499bd3d652b75781d36f3b0062d77afdbf3230bba7842bcfc

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 30 Nov 2020 02:16:39 GMT
content-encoding
gzip
age
7648641
x-cache
Hit from cloudfront
content-length
23391
access-control-allow-origin
*
last-modified
Mon, 21 Oct 2019 15:45:35 GMT
server
AmazonS3
etag
"75a5b1a43b9d11cb8fc66b0b63293343"
x-amz-version-id
DHnR8D2Yp1kNVJK0Nr9zflpOyn7y1rWM
via
1.1 9680e9cb5cbc773ebfed1b7a558f7db6.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
ZAG50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
Ex_zfKWFToeoalmFIXkNVBEL7h6K4ANdsr6JFSU4ZT3uFJ-66IVJwA==
nw-auth-dialog.3cc61fbf874adad6013a.js
www.nerdwallet.com/cdn/apps/prod/global-markup/nw-auth-dialog/production/ 		3 MB
681 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/apps/prod/global-markup/nw-auth-dialog/production/nw-auth-dialog.3cc61fbf874adad6013a.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
250657facfe7d62578d001358a6729a3c94e731c0d8776dbd1bb708b080460d1

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 9185d752d6f0456185fc3ff8fe29c34b.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2480494
x-cache
Miss from cloudfront
content-type
application/javascript
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08806e212b00001d0655b0b000000001
last-modified
Thu, 28 Jan 2021 21:50:14 GMT
server
cloudflare
etag
W/"6f426f49296385c16faf94a9200bfd41"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
x-amz-version-id
O2x7JgGT7Ym6.CTTozW0kElxPsqQIu7l
cache-control
public, max-age=31557600
x-amz-cf-pop
CPH50-C1
cf-ray
627a7faeae351d06-CPH
x-amz-cf-id
xtRd4kLwQ-Kn1Gi_AQ_ptspnx1Ckc4AfxVoZKHMwsPvvh4j4e7ikZw==
x-nerd
Edge
platform.js
apis.google.com/js/ 		49 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1c4bb92c67b29e30733781f22f6339360707bbbb6319672825d6b6e0684fa3a9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-nZh1cZ1YnCljSPyvRm3TfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
etag
"3641adac83d1f8afc319b089eeb0322c"
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-nZh1cZ1YnCljSPyvRm3TfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
expires
Fri, 26 Feb 2021 14:53:59 GMT
js
maps.googleapis.com/maps/api/ 		131 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyBz-5AV-kNx9OMDQqoL7OQPyHU_eWoiFv0
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
965d35c5c0309f8d2b3bf28157fb71cd07f51215fa7a362f9b4d710f2a0b7d97
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
server-timing
gfet4t7; dur=10
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43468
x-xss-protection
0
expires
Fri, 26 Feb 2021 15:23:59 GMT
gtm.js
www.googletagmanager.com/ 		280 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NVWSKF5
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
16175564865d677a3b205bfd3a247f0f656062e50f6118ab4caddcff0701bc9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67390
x-xss-protection
0
last-modified
Fri, 26 Feb 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 26 Feb 2021 14:53:59 GMT
sdk
ssl.kaptcha.com/collect/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/collect/sdk?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ad9f69ab697fa27dfea70a1e0b9bdb5c34eac7b42c6733bc782dde92a127352c

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 26 Feb 2021 14:53:59 GMT
Transfer-Encoding
chunked
P3p
CP=CAO PSA OUR
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, private
Content-Type
text/javascript
Expires
0
nw-auth-dialog.3cc61fbf874adad6013a.css
www.nerdwallet.com/cdn/apps/prod/global-markup/nw-auth-dialog/production/css/ 		282 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nerdwallet.com/cdn/apps/prod/global-markup/nw-auth-dialog/production/css/nw-auth-dialog.3cc61fbf874adad6013a.css
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.225 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5fa12396b3dff6c9b335b7f551d3aff017d637f8322eacf6a7d4ed8d3c639f6

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 a7ccb4d80699d116fa5cf39b77f68f2f.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
2480495
x-cache
Miss from cloudfront
content-type
text/css
x-amz-replication-status
COMPLETED
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
08806e212e00001d06739af000000001
last-modified
Thu, 28 Jan 2021 21:50:15 GMT
server
cloudflare
etag
W/"f4c1b5241d9dd1a50e58a01332cbc0dc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
x-amz-version-id
1e5c4XIpczWgxOWPHbIS5mkCljlVfTsc
cache-control
public, max-age=31557600
x-amz-cf-pop
CPH50-C1
cf-ray
627a7faeae3d1d06-CPH
x-amz-cf-id
xzHKnOOoTUznRa_qQCrW5fJGr486GtBBIxQHN3ceGHiERemMPx4q8g==
x-nerd
Edge
conversion_async.js
www.googleadservices.com/pagead/ 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NVWSKF5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f2.1e100.net
Software
cafe /
Resource Hash
b4ceacee581031a4014c658e33aa47874612b4c25c1aed8ef682cada98b99d6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
12348
x-xss-protection
0
server
cafe
etag
7672817363517198860
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 26 Feb 2021 14:53:59 GMT
conversion
e.adhaven.com/events/ 		0
92 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://e.adhaven.com/events/conversion?aid=54455&conversion_id=1&gtmcb=2091018242
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.189.141 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
141.189.244.35.bc.googleusercontent.com
Software
WildFly/10 / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 google
server
WildFly/10
x-powered-by
Undertow/1
alt-svc
clear
content-length
0
tr.gif
ping.pdst.fm/ 		0
47 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.pdst.fm/tr.gif?key=9f2a6d4945db42a098d4a310507145c1&a=init&gtmcb=1502139948
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:53:59 GMT
via
1.1 google
trackable.js
ext.chtbl.com/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ext.chtbl.com/trackable.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:206f:6a00:a:b27c:d040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
27dc4f62298834987d3d8e5608c1af94c82ee3d18ee31858d39e0202697b5308

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:00:25 GMT
via
1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
last-modified
Fri, 12 Feb 2021 20:28:32 GMT
server
AmazonS3
age
3215
etag
"4a494dbb82444463b6fd8bff0e5593d6"
x-cache
Hit from cloudfront
content-type
application/javascript;charset=UTF-8
cache-control
max-age=3600
x-amz-cf-pop
FRA56-C1
accept-ranges
bytes
content-length
4092
x-amz-cf-id
EFDSu4SL_J3tKnsbi4BitEm4s9d-h8I1idtDwV_LSLvFpmgj0aEYxQ==
track
web.chtbl.com/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://web.chtbl.com/track
Protocol
H2
Server
65.9.58.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.nerdwallet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-type
application/json
content-length
1
date
Fri, 26 Feb 2021 14:54:00 GMT
x-amzn-requestid
3e3e5280-689c-4ab9-b84a-14e5427b0e9f
access-control-allow-origin
https://www.nerdwallet.com
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
x-amz-apigw-id
bW69SEx9IAMFTHA=
access-control-allow-methods
OPTIONS,POST
x-amzn-trace-id
Root=1-60390b88-35611ede2d7954707bcd0d64
x-cache
Miss from cloudfront
via
1.1 df7c0ba7857d5300ae11e7566c926f17.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
1F0IrTY6t2SnLXrd8N8GNt9rWlp-WIh8KLsAN7pC6w8D-TW4IaYScg==
track
web.chtbl.com/ 		49 B
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://web.chtbl.com/track
Requested by
Host: ext.chtbl.com
URL: https://ext.chtbl.com/trackable.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.58.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
bb30148d9df7671c14f2cd5be91e6b7a1488932efb740a80b66f39052744c168

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/json;charset=UTF-8

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
via
1.1 df7c0ba7857d5300ae11e7566c926f17.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
x-amzn-requestid
073a596c-1d22-49b6-96e5-980483c9b823
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-60390b88-48e82bc87b0bfdd8077a2bdc
x-amz-apigw-id
bW69VHAgIAMFRYA=
content-length
49
x-amz-cf-id
0Re5kRiBQmq89ZpBs7qpYboyvzOeTr3wELilAD8x5LbnKV6BQqYpyQ==
/
www.googleadservices.com/pagead/conversion/957893550/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/957893550/?random=1614351240027&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
abc9f7d6ab10f271dffd38bc46e41222a42aee678acbb0e514411ef3126403cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1187
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
kasupport
ssl.kaptcha.com/collect/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/collect/kasupport
Requested by
Host: ssl.kaptcha.com
URL: https://ssl.kaptcha.com/collect/sdk?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
3bc2de937406e2abe308b65e05f195f4250cc63470262a59f895de500abfc542

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, private
Expires
0
Content-Length
1997
Content-Type
text/plain; charset=utf-8
Cookie set logo.htm
ssl.kaptcha.com/ Frame 254A 		24 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Requested by
Host: ssl.kaptcha.com
URL: https://ssl.kaptcha.com/collect/sdk?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
82699caeac23d5ec9220cc93bc7777f392025e27e969de78bcb0a84c947a7eb1

Request headers

Host
ssl.kaptcha.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.nerdwallet.com/takeover.html
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
k=340d2eeec8084519a50870c58f1c36bd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.nerdwallet.com/takeover.html

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache no-store must-revalidate private
Content-Type
text/html
Expires
0
Pragma
no-cache
Set-Cookie
k=340d2eeec8084519a50870c58f1c36bd; Path=/; Expires=Thu, 27 May 2021 14:54:00 GMT; Secure; SameSite=None
Date
Fri, 26 Feb 2021 14:54:00 GMT
Transfer-Encoding
chunked
/
www.google.de/pagead/1p-conversion/957893550/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u...
  • https://www.google.com/pagead/1p-conversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_a...
  • https://www.google.de/pagead/1p-conversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw...
42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iAs5YKuSBPPdmwfirYvYCg&eitems=Cg8IgNXigQYQ3eSijYWBvx0SHQAvbt5e4lzJi_ogagVbmFfK1iLq9ViDoy41lLNc&random=2683219209&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hDDKM7NP3fMcnXqXIZZ0ZtgR39zJ-LbpjnZdnc4gFlnqrtW0nCbMQmU535HSS8kzz0f6bLroCZxtAZYHjAsD6zA
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/957893550/?random=172811754&cv=9&fst=1614351240027&num=1&value=0&label=RVTxCPzMg9MBEK6X4cgD&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg2h0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=iAs5YKuSBPPdmwfirYvYCg&eitems=Cg8IgNXigQYQ3eSijYWBvx0SHQAvbt5e4lzJi_ogagVbmFfK1iLq9ViDoy41lLNc&random=2683219209&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hDDKM7NP3fMcnXqXIZZ0ZtgR39zJ-LbpjnZdnc4gFlnqrtW0nCbMQmU535HSS8kzz0f6bLroCZxtAZYHjAsD6zA
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
query0
api.nerdwallet.com/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.nerdwallet.com/query0
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.8.125 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6644a0fe705c06f74e5c353a75087d8f747f375d3dacdb069453385a9c1f9200
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;

Request headers

apollographql-client-name
global-markup
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
x-client-platform
web
x-kount-session-id
00c627af31f54bd6ab3f8c1bc4b71e4a
content-type
application/json
x-originating-url
https://www.nerdwallet.com/takeover.html
Referer
https://www.nerdwallet.com/takeover.html
apollographql-client-version
1.86.11
x-caller-client-id
global-markup
x-request-id
107c3cd8-293e-4c2e-8310-1b977d0c5f45
x-originating-user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block;
server
cloudflare
x-frame-options
DENY
etag
W/"1e28-q3BZnJfHvg5OvN7S/90WDRdbBWQ"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.nerdwallet.com
vary
Origin
access-control-allow-credentials
true
content-security-policy
frame-ancestors 'none';
cf-request-id
08806e25db0000737fa6073000000001
cf-ray
627a7fb62aea737f-CPH
x-nerd
Edge
access-control-expose-headers
content-type, connection, x-nerd, etag, strict-transport-security, x-xss-protection, x-frame-options, content-security-policy, content-length, access-control-allow-credentials, set-cookie, vary, x-content-type-options, access-control-allow-origin
query0
api.nerdwallet.com/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://api.nerdwallet.com/query0
Protocol
H2
Server
104.18.8.125 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block;

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
apollographql-client-name,apollographql-client-version,content-type,x-caller-client-id,x-client-platform,x-kount-session-id,x-originating-url,x-originating-user-agent,x-request-id
Origin
https://www.nerdwallet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
x-nerd
Edge
content-security-policy
frame-ancestors 'none';
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block;
x-content-type-options
nosniff
vary
Origin
access-control-allow-origin
https://www.nerdwallet.com
access-control-allow-credentials
true
access-control-allow-methods
POST
access-control-allow-headers
apollographql-client-name,apollographql-client-version,content-type,x-caller-client-id,x-client-platform,x-kount-session-id,x-originating-url,x-originating-user-agent,x-request-id
cf-cache-status
DYNAMIC
cf-request-id
08806e2432000073734faa3000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
627a7fb38df87373-CPH
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
md
ssl.kaptcha.com/ Frame 254A 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/md
Requested by
Host: ssl.kaptcha.com
URL: https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, private
Content-Length
0
Expires
0
js
www.googletagmanager.com/gtag/ 		98 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-829289198
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NVWSKF5
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0f7bcd8e6e0808d5c39fc7dc4ae5b7083bc70f82ff4c3b21d4b8ec767b97b927
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39435
x-xss-protection
0
last-modified
Fri, 26 Feb 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 26 Feb 2021 14:54:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NVWSKF5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:48a::25ea Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 26 Feb 2021 14:54:00 GMT
Content-Encoding
gzip
Last-Modified
Mon, 04 Jan 2021 22:14:03 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=61793
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1855
bat.js
bat.bing.com/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0f8b92749ed5ae1a53b456979b6b1fa2157fbc804b8b6b871f0068316bbf1320

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
last-modified
Thu, 25 Feb 2021 01:12:13 GMT
x-msedge-ref
Ref A: 02662BC20863471D98031E68AB0056BA Ref B: FRAEDGE1408 Ref C: 2021-02-26T14:54:00Z
etag
"8014993f13bd71:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8512
ytc.js
s.yimg.com/wi/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

ats-carp-promotion
1
date
Fri, 26 Feb 2021 14:32:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1263
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5581
x-amz-id-2
R9tkWNmR4EIO9d/zNL0SUWaWpJS2cd14Qo4/VvoGjMA5YRTY9loq9q/7blu+qjEwFdHaFGd7tS0=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 30 Oct 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 24 Sep 2020 23:08:16 GMT
server
ATS
etag
"49db10c8315384e8dad2e92a6841ed81-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
D2F3F10F7E70DDA6
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
swANRqp_TdPZf97XDKuCKoVnrp7c.h.0
accept-ranges
bytes
content-type
application/javascript
core.js
s.pinimg.com/ct/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/core.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:3::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3b55e27038f70b1b7cfae4116bf09fe3faf8cb97795673d1fd338113d0c0d53f

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
fastly-restarts
1
x-cdn
fastly
etag
"7dfd742fa9951f09da578c3e4cfc7d96"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=7200
content-length
1142
access-control-expose-headers
X-CDN
obtp.js
amplify.outbrain.com/cp/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.218.209.87 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-218-209-87.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e15eca5878352d8972f4e93b9aed80e34860514c23bfe9ee0a01767a291cf28a

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 26 Feb 2021 14:54:00 GMT
Content-Encoding
gzip
Last-Modified
Mon, 25 Jan 2021 14:42:51 GMT
Server
AkamaiNetStorage
ETag
"c43e7f1b0459d05cce32768dd16af59b:1611585771.492103"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=1200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2864
Expires
Fri, 26 Feb 2021 15:14:00 GMT
tfa.js
cdn.taboola.com/libtrc/unip/1040862/ 		64 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/unip/1040862/tfa.js
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
abcbfd3de9b80db4889c158fd40ed21e17e8f39d09a7eb9fd7fc267e8279e73b

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
DFoMyU5tJbqa.VsrRsZBTRaJ43xAQzVv
content-encoding
gzip
etag
"c1bad2a4c6247af623e6625561e23a15"
age
85
x-cache
HIT
x-amz-replication-status
PENDING
content-length
21897
x-amz-id-2
adeHgnIb1rZZPeoq/tX3U0g/ZzPBYKDEC4FaGKsZYjQGdWkws9GOxv9UiFPXt4xvJL2q1nfXTcQ=
x-served-by
cache-hhn11539-HHN
last-modified
Mon, 22 Feb 2021 13:50:14 GMT
server
AmazonS3
x-timer
S1614351240.496934,VS0,VE0
date
Fri, 26 Feb 2021 14:54:00 GMT
vary
Accept-Encoding
x-amz-request-id
66388B3828AECD9B
via
1.1 varnish
cache-control
private,max-age=14401
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
abp
91
x-cache-hits
162
js
www.googletagmanager.com/gtag/ 		98 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-9935087
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NVWSKF5
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b504ae11d47a30bc007dde2ea8002e9049317f92e24a259756cc3c9f50e8ccd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39484
x-xss-protection
0
last-modified
Fri, 26 Feb 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 26 Feb 2021 14:54:00 GMT
impression
pixel.mtrcs.samba.tv/v2/vtr/mediahub/nerdwallet111919/sitetag/ 		0
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.mtrcs.samba.tv/v2/vtr/mediahub/nerdwallet111919/sitetag/impression?c=500200843&sa_pl=homepage&gtmcb=322536644
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.211.199.159 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-211-199-159.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 26 Feb 2021 14:54:00 GMT
access-control-allow-headers
Content-Type, Authorization
access-control-allow-methods
HEAD,OPTIONS,GET
Pagename=nerdwallet
d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzE3NDg4MjQ0NjkvdC8y/kv/ 		43 B
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzE3NDg4MjQ0NjkvdC8y/kv/Pagename=nerdwallet
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.228.164.13 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software
/
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type
image/gif
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
10001828.json
s.yimg.com/wi/config/ 		2 B
459 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/config/10001828.json
Requested by
Host: s.yimg.com
URL: https://s.yimg.com/wi/ytc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:50:44 GMT
x-content-type-options
nosniff
age
196
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-request-id
3ECFB999F5E99B4F
x-amz-id-2
zc9wESpBoMqKLm/eY8bgD/ZX2CB+SAZhEbQRbq69YV2nc4RlF+3Z79xaDCwxiLNXZ7zOi7xhBPY=
referrer-policy
no-referrer-when-downgrade
server
ATS
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
content-length
2
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=312012&time=1614351240433&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D312012%26time%3D1614351240433%26url%3Dhttps%253A%252F%252Fwww.nerdwallet.com%252F...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=312012&time=1614351240433&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&liSync=true
0
81 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=312012&time=1614351240433&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&liSync=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:119:50e6:101::6cae:b05 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:01 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
x-li-proto
http/2
x-li-pop
prod-ech2
content-type
application/javascript
content-length
0
x-li-uuid
ZH4ZieZTZxbAJU9lCSsAAA==

Redirect headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
linkedin-action
1
content-length
0
x-li-uuid
WHGgfuZTZxagSEQH3yoAAA==
pragma
no-cache
x-li-pop
afd-prod-lva1
x-msedge-ref
Ref A: 1A64E454378940AC857B81F6704922DB Ref B: FRAEDGE1109 Ref C: 2021-02-26T14:54:00Z
date
Fri, 26 Feb 2021 14:54:00 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=312012&time=1614351240433&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&liSync=true
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
main.2a04f3ee.js
s.pinimg.com/ct/lib/ 		48 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.pinimg.com/ct/lib/main.2a04f3ee.js
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/core.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:3::84 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a6d2c0675a46c16261ab620e5eda102fdfb5d085391347db3306bf872a90664

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
fastly-restarts
1
x-cdn
fastly
etag
"248210fef24a364a0e167a9a4db13563"
vary
Accept-Encoding, Origin
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=1209600
content-length
17102
access-control-expose-headers
X-CDN
/
ct.pinterest.com/user/ 		38 B
515 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/user/?tid=2614854290289&cb=1614351240448
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2a04f3ee.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a0774f290781320b1ee451e53e384381cfa827d5c94526856eb4f5f80b3e50e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cdn
akamai
access-control-allow-origin
https://www.nerdwallet.com
x-envoy-upstream-service-time
0
x-pinterest-rid
1489792272447814
pin-unauth
dWlkPU4yVm1aamMxWkdNdFlqUTFPUzAwWVdJeExXSmlOall0TVRZd1lUSTJObVF5TXprMg
referrer-policy
origin
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
content-type
application/json; charset=utf-8
pragma
no-cache
access-control-expose-headers
Epik,Pin-Unauth
cache-control
no-cache,no-store,must-revalidate,max-age=0
access-control-allow-credentials
true
content-length
64
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/ 		35 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?tid=2614854290289&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222a04f3ee%22%7D&cb=1614351240449
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
referrer-policy
origin
x-cdn
akamai
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
6
content-length
35
x-pinterest-rid
1771946478933835
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
ct.pinterest.com/v3/ 		35 B
546 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ct.pinterest.com/v3/?event=pagevisit&tid=2614854290289&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html%22%2C%22ref%22%3A%22%22%2C%22if%22%3Afalse%2C%22sh%22%3A1200%2C%22sw%22%3A1600%2C%22mh%22%3A%222a04f3ee%22%7D&cb=1614351240449
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
referrer-policy
origin
x-cdn
akamai
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
6
content-length
35
x-pinterest-rid
1511774766268094
expires
Sat, 01 Jan 2000 00:00:00 GMT
0
bat.bing.com/action/ 		0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5000528&Ver=2&mid=de2b78c2-696c-45c0-bc83-2861cc3b11e4&sid=75cec920784211eb97426b4a481f8d73&vid=75cf05d0784211eb8d29390c78fe793d&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Whoops,%20wrong%20turn!&p=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&r=&lt=2277&evt=pageLoad&msclkid=N&sv=1&rn=121597
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: E2327E4473C048E8BD39D9AF4F5E573C Ref B: FRAEDGE1408 Ref C: 2021-02-26T14:54:00Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-829289198
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4ceacee581031a4014c658e33aa47874612b4c25c1aed8ef682cada98b99d6d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
12348
x-xss-protection
0
server
cafe
etag
7672817363517198860
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 26 Feb 2021 14:54:00 GMT
activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html
9935087.fls.doubleclick.net/ Frame 9D49
Redirect Chain
  • https://9935087.fls.doubleclick.net/activityi;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
  • https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww....
932 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-9935087
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.185.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f6.1e100.net
Software
cafe /
Resource Hash
5835a95bad6da99b6f1d8134a4dcf7530f4ab5d0a97b4135ff8654b653a95980
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
9935087.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.nerdwallet.com/takeover.html
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUk2GDwwIQqORDd0h2h3OpX0wAjQlBveG9ANbj0YK3MbaiaxHQuR1uHK6wJU
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 26 Feb 2021 14:54:00 GMT
expires
Fri, 26 Feb 2021 14:54:00 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
576
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 26 Feb 2021 14:54:00 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/829289198/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/829289198/?random=1614351240500&cv=9&fst=1614351240500&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa2h0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8e6a9537a71d28093f466dd2a3ef77f2bb1db943ab5b81a5af0c54f1c71f6d19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1040
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
md
ssl.kaptcha.com/ Frame 254A 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/md
Requested by
Host: ssl.kaptcha.com
URL: https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, private
Content-Length
0
Expires
0
/
ct.pinterest.com/md/ 		0
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ct.pinterest.com/md/
Requested by
Host: s.pinimg.com
URL: https://s.pinimg.com/ct/lib/main.2a04f3ee.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.88.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-88-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
referrer-policy
origin
x-cdn
akamai
strict-transport-security
max-age=31536000 ; includeSubDomains ; preload
access-control-allow-origin
*
cache-control
no-cache,no-store,must-revalidate,max-age=0
x-envoy-upstream-service-time
1
x-pinterest-rid
1470645653340984
expires
Sat, 01 Jan 2000 00:00:00 GMT
cachedClickId
tr.outbrain.com/ 		35 B
239 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=0095ec7197cd8cf1a8b4c4373d3fc03b87,003112159e5927627fd75a5414d8b67845,00b75b0ef07e062745877ea6d14164672d,00d99426a8a263e0af63b58409d514697c,0008ee2a930abaa4b2a53a366f8c22442c,00d9365098c48b1b56591354a551894b49,00593c94f5dd948ff5be3b64882db6bece,00ea115a2d30c5775f5d363c69787980da,00da5ef67e6cfde4cbde58183685879927
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.159 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 26 Feb 2021 14:54:00 GMT
content-encoding
gzip
X-TraceId
8e8a7a02ad0313eb928649efd2d517fd
Content-Length
56
Content-Type
application/javascript
unifiedPixel
tr.outbrain.com/ 		43 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.outbrain.com/unifiedPixel?marketerId=0095ec7197cd8cf1a8b4c4373d3fc03b87,003112159e5927627fd75a5414d8b67845,00b75b0ef07e062745877ea6d14164672d,00d99426a8a263e0af63b58409d514697c,0008ee2a930abaa4b2a53a366f8c22442c,00d9365098c48b1b56591354a551894b49,00593c94f5dd948ff5be3b64882db6bece,00ea115a2d30c5775f5d363c69787980da,00da5ef67e6cfde4cbde58183685879927&obApiVersion=1.0&obtpVersion=1.4.1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&optOut=false&bust=09079683601003672
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.159 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache
X-TraceId
b7316efe2d1bda08f5d1206c45845751
content-encoding
gzip
Content-Length
60
Content-Type
image/gif;
cookiestore
ssl.kaptcha.com/collect/ 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/collect/cookiestore
Requested by
Host: www.nerdwallet.com
URL: https://www.nerdwallet.com/takeover.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, private
Content-Length
0
Expires
0
md
ssl.kaptcha.com/ Frame 254A 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/md
Requested by
Host: ssl.kaptcha.com
URL: https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, private
Content-Length
0
Expires
0
fin
ssl.kaptcha.com/ Frame 254A 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssl.kaptcha.com/fin
Requested by
Host: ssl.kaptcha.com
URL: https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.34.71.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-71-92.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ssl.kaptcha.com/logo.htm?m=171456&s=00c627af31f54bd6ab3f8c1bc4b71e4a
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
*
Pragma
no-cache
Date
Fri, 26 Feb 2021 14:54:00 GMT
Cache-Control
no-cache, no-store, must-revalidate, private
Content-Length
0
Expires
0
/
www.google.com/pagead/1p-user-list/829289198/ 		42 B
530 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/829289198/?random=1614351240500&cv=9&fst=1614348000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa2h0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&async=1&fmt=3&is_vtc=1&random=878656710&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/829289198/ 		42 B
530 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/829289198/?random=1614351240500&cv=9&fst=1614348000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa2h0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&tiba=Whoops%2C%20wrong%20turn!&async=1&fmt=3&is_vtc=1&random=878656710&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 9D49
Redirect Chain
  • https://rtd-tm.everesttech.net/upi/?sid=cLo95ydYchhUBgxGDQQq&cs=1
  • https://rtd-tm.everesttech.net/ct/upi/?sid=cLo95ydYchhUBgxGDQQq&cs=1&_test=YDkLiQAAAH6QECrK
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WURrTGlRQUFBSDZRRUNySw
170 B
752 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WURrTGlRQUFBSDZRRUNySw
Requested by
Host: 9935087.fls.doubleclick.net
URL: https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:01 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:01 GMT
via
1.1 varnish
server
Jetty(9.3.8.v20160314)
x-timer
S1614351241.090833,VS0,VE189
x-served-by
cache-hhn4025-HHN
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WURrTGlRQUFBSDZRRUNySw
cache-control
no-cache
accept-ranges
bytes
access-control-allow-origin
*
x-cache-hits
0
dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=*;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html
adservice.google.com/ddm/fls/z/ Frame 9D49 		42 B
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=*;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html
Requested by
Host: 9935087.fls.doubleclick.net
URL: https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:00 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
NerdWallet_2020_RTG;ord=2364714644762.22;dc_seg=961887917
pubads.g.doubleclick.net/activity;dc_iu=/5206/invc.invc/ Frame 9D49 		42 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubads.g.doubleclick.net/activity;dc_iu=/5206/invc.invc/NerdWallet_2020_RTG;ord=2364714644762.22;dc_seg=961887917?
Requested by
Host: 9935087.fls.doubleclick.net
URL: https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://9935087.fls.doubleclick.net/activityi;dc_pre=CMKJ9oHnh-8CFdJTFQgdOkwB5g;src=9935087;type=impre0;cat=nerdw0;ord=4009555461636;gtm=2od2h0;auiddc=1038764017.1614351240;~oref=https%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html?
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
common.js
maps.googleapis.com/maps-api-v3/api/js/44/2/ 		76 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/44/2/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyBz-5AV-kNx9OMDQqoL7OQPyHU_eWoiFv0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0230797e54d0649c0e667ad5c761091c7b5d06eb05ed9b62b96a6e2fe37d926a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 09:08:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 22 Feb 2021 19:54:41 GMT
server
sffe
age
20743
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28484
x-xss-protection
0
expires
Sat, 26 Feb 2022 09:08:21 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/44/2/ 		145 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/44/2/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?libraries=places&key=AIzaSyBz-5AV-kNx9OMDQqoL7OQPyHU_eWoiFv0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
42032ffebf225507d2ae40244e8ec83c543494e18f1196fb86773caab99c24e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 26 Feb 2021 02:46:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 22 Feb 2021 19:54:41 GMT
server
sffe
age
43681
vary
Accept-Encoding, Origin
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55198
x-xss-protection
0
expires
Sat, 26 Feb 2022 02:46:03 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ 		62 B
406 B 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fwww.nerdwallet.com%2Ftakeover.html&4sAIzaSyBz-5AV-kNx9OMDQqoL7OQPyHU_eWoiFv0&callback=_xdc_._m1b1uu&key=AIzaSyBz-5AV-kNx9OMDQqoL7OQPyHU_eWoiFv0&token=48106
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps-api-v3/api/js/44/2/common.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
e005e87f9d3f99b416ab046b04298632b2b9723c89341b0030309b9d65dc4bc9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.nerdwallet.com/takeover.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 26 Feb 2021 14:54:04 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
content-disposition
attachment
server-timing
gfet4t7; dur=6
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| __NW_APP_CONFIG--GLOBAL-MARKUP__ object| __GLOBAL_NAV_INITIAL_STATE__ object| nwPageTaxonomy string| GoogleAnalyticsObject function| ga object| amplitude object| core object| nwapi object| dataLayer string| __KOUNT_SESSION_ID__ object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| postscribe function| trackable object| gapi object| ___jsl object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| __core-js_shared__ object| nerdwallet object| regeneratorRuntime object| __SENTRY__ object| $$bole object| __nwAnalyticsState function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO undefined| myUndefined string| typeUndefined object| reEnable boolean| CONSOLE_ENABLED object| ka object| cookieElements string| _linkedin_data_partner_id object| uetq object| dotq function| pintrk function| obApi object| _tfa object| YAHOO function| lintrk boolean| _already_called_lintrk function| UET function| gtag function| _typeof object| TFASC object| TRC object| _taboola number| taboola_view_id object| TRCImpl function| __trcError string| cname string| cvalue string| lsCookieValue string| currentCookie string| htmlCookieValue string| url string| payload object| _xdc_

10 Cookies

Domain/Path Name / Value
ssl.kaptcha.com/ Name: k
Value: 340d2eeec8084519a50870c58f1c36bd
www.nerdwallet.com/ Name: _wchtbl_uid
Value: aa817739-4f7a-41a4-9d66-e545860c2358
.nerdwallet.com/ Name: _gid
Value: GA1.2.589261321.1614351239
.www.nerdwallet.com/ Name: __cf_bm
Value: 53ce439035600c159c285d2855a84d09638112ec-1614351239-1800-AUNpXxW9ECxPvKSr9clSO0WW/YURxxz+9x/BDqlXXnQN+OkvaQmHZpsYYmVL5C3fNvi2MCXoMmNuLr3nBSS/x/qlxPn9JQWAwP33sNrWd4YZ
www.nerdwallet.com/ Name: AWSALBCORS
Value: g9PPWs9TOx13J/XhARxt5YuHO6b8RCAqWBgFRKmo1NZJdIwZHvkzeVNA+z7lPHFrrRQ/iW1ZoTSV9gfkImCG16ZKNIuxmv/RBacvlKc/ekL5nRyIp/xq/y8Xif9l
www.nerdwallet.com/ Name: AWSALB
Value: g9PPWs9TOx13J/XhARxt5YuHO6b8RCAqWBgFRKmo1NZJdIwZHvkzeVNA+z7lPHFrrRQ/iW1ZoTSV9gfkImCG16ZKNIuxmv/RBacvlKc/ekL5nRyIp/xq/y8Xif9l
.nerdwallet.com/ Name: _gcl_au
Value: 1.1.1038764017.1614351240
.nerdwallet.com/ Name: _ga
Value: GA1.2.347038163.1614351239
www.nerdwallet.com/ Name: _wchtbl_sid
Value: bd0d0a91-0993-4d79-b5ae-2ec7851d5605
.www.nerdwallet.com/ Name: __cfduid
Value: dfb35d55cd3aa2288961af70ac512c4a61614351238

9 Console Messages

Source Level URL
Text
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
==================================== NNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNNNN NNNNNNNNNNNN NNNNNNNNNNNNN ==================================== 👋 Welcome to NerdWallet! 👩‍💻 Looking at our code? 🛠 Want to help make it better? https://www.nerdwallet.com/company/ ====================================
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
%cevent %celement_impression %cglobal_header_sign_in_button %cerror color: gray; font-weight: lighter; font-weight: bold; font-weight: lighter; font-style: italic; color: red
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
%cevent font-weight: bold; color: #03A9F4; [object Object]
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
%cerror font-weight: bold; color: red; [object Object]
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
console.groupEnd
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
%cevent %celement_impression %cglobal_header_register_button %cerror color: gray; font-weight: lighter; font-weight: bold; font-weight: lighter; font-style: italic; color: red
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
%cevent font-weight: bold; color: #03A9F4; [object Object]
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
%cerror font-weight: bold; color: red; [object Object]
console-api log URL: https://www.nerdwallet.com/cdn/apps/prod/global-markup/global-nav/build/production/nav.65f916c7bcd07da21be8.js(Line 1)
Message:
console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' *.app.clicktale.com app.optimizely.com analytics.google.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9935087.fls.doubleclick.net
adservice.google.com
amplify.outbrain.com
api.nerdwallet.com
apis.google.com
bat.bing.com
cdn.amplitude.com
cdn.taboola.com
cm.g.doubleclick.net
ct.pinterest.com
d.turn.com
e.adhaven.com
ext.chtbl.com
googleads.g.doubleclick.net
maps.googleapis.com
nerdwallet.com
nerdwallet.us
ping.pdst.fm
pixel.mtrcs.samba.tv
pubads.g.doubleclick.net
px.ads.linkedin.com
rtd-tm.everesttech.net
s.pinimg.com
s.yimg.com
snap.licdn.com
ssl.kaptcha.com
tr.outbrain.com
web.chtbl.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.nerdwallet.com
104.18.23.225
104.18.8.125
104.75.88.209
142.250.185.166
142.250.186.130
142.250.186.162
151.101.114.49
199.232.137.44
216.58.212.130
23.218.209.87
2600:9000:206f:6a00:a:b27c:d040:93a1
2620:119:50e6:101::6cae:b05
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:800::200e
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:812::200a
2a00:1450:4001:813::200e
2a00:1450:4001:813::2013
2a00:1450:4001:827::2003
2a00:1450:4001:827::2008
2a00:1450:4001:82b::2002
2a02:26f0:7100:48a::25ea
2a04:4e42:3::84
3.211.199.159
35.170.169.214
35.244.189.141
46.228.164.13
52.218.246.34
52.34.71.92
64.202.112.159
65.9.23.76
65.9.58.75
0230797e54d0649c0e667ad5c761091c7b5d06eb05ed9b62b96a6e2fe37d926a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c4afdff9222a9066e6615d441930f9fd7122c92cbb2515262ff351d221c85e2
0f3be44690ae9914ae3e47b7752e1bdea316f09938e9094f99e0de19ccd8987a
0f7bcd8e6e0808d5c39fc7dc4ae5b7083bc70f82ff4c3b21d4b8ec767b97b927
0f8b92749ed5ae1a53b456979b6b1fa2157fbc804b8b6b871f0068316bbf1320
16175564865d677a3b205bfd3a247f0f656062e50f6118ab4caddcff0701bc9a
1a6d2c0675a46c16261ab620e5eda102fdfb5d085391347db3306bf872a90664
1c4bb92c67b29e30733781f22f6339360707bbbb6319672825d6b6e0684fa3a9
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
250657facfe7d62578d001358a6729a3c94e731c0d8776dbd1bb708b080460d1
27dc4f62298834987d3d8e5608c1af94c82ee3d18ee31858d39e0202697b5308
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b
3b55e27038f70b1b7cfae4116bf09fe3faf8cb97795673d1fd338113d0c0d53f
3bc2de937406e2abe308b65e05f195f4250cc63470262a59f895de500abfc542
42032ffebf225507d2ae40244e8ec83c543494e18f1196fb86773caab99c24e7
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4ae4bbc3bbd5733dcaf9302940b4115e5871733f71ab3f3e7250e693b4d05f6d
5832acb5142649a14cedd815be0abce56e15bb4b1b861ab90247354fa0caab0e
5835a95bad6da99b6f1d8134a4dcf7530f4ab5d0a97b4135ff8654b653a95980
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
6644a0fe705c06f74e5c353a75087d8f747f375d3dacdb069453385a9c1f9200
79d51bd9e69b57364cd080d3e065d263b18b3d7bc1830625ea5c1793b6d978fa
82699caeac23d5ec9220cc93bc7777f392025e27e969de78bcb0a84c947a7eb1
8e6a9537a71d28093f466dd2a3ef77f2bb1db943ab5b81a5af0c54f1c71f6d19
96405d7546b6c0c499bd3d652b75781d36f3b0062d77afdbf3230bba7842bcfc
965d35c5c0309f8d2b3bf28157fb71cd07f51215fa7a362f9b4d710f2a0b7d97
a0774f290781320b1ee451e53e384381cfa827d5c94526856eb4f5f80b3e50e7
a5fa12396b3dff6c9b335b7f551d3aff017d637f8322eacf6a7d4ed8d3c639f6
abc9f7d6ab10f271dffd38bc46e41222a42aee678acbb0e514411ef3126403cc
abcbfd3de9b80db4889c158fd40ed21e17e8f39d09a7eb9fd7fc267e8279e73b
ad9f69ab697fa27dfea70a1e0b9bdb5c34eac7b42c6733bc782dde92a127352c
b4ceacee581031a4014c658e33aa47874612b4c25c1aed8ef682cada98b99d6d
b504ae11d47a30bc007dde2ea8002e9049317f92e24a259756cc3c9f50e8ccd4
ba8be65746ca30fadff7deb639117ec587a44e0428f89218d70bc5e4888ac308
bb30148d9df7671c14f2cd5be91e6b7a1488932efb740a80b66f39052744c168
c45992da4f0169a7651346ef0a4cb27efe93b28a3b80d230a6f428a0e242db65
d538ad9f65f05a8479e25d877cbc6f7ec19356465b2db7eaf6a2cca803416d27
e005e87f9d3f99b416ab046b04298632b2b9723c89341b0030309b9d65dc4bc9
e15eca5878352d8972f4e93b9aed80e34860514c23bfe9ee0a01767a291cf28a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629