www.hsabank.com Open in urlscan Pro
70.37.166.146 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
Submission: On January 23 via api (January 23rd 2023, 7:19:50 pm UTC) from US — Scanned from DE

Summary HTTP 53 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 13 domains to perform 53 HTTP transactions. The main IP is 70.37.166.146, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.hsabank.com. The Cisco Umbrella rank of the primary domain is 170694.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 19th 2022. Valid for: a year.

This is the only time www.hsabank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
24	70.37.166.146 70.37.166.146	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:400d:808::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.203.18.187 34.203.18.187	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:246... 2600:9000:2467:ae00:1:fb61:2b80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400d:80e::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80d::200e	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:402... 2a00:1450:4025:401::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	34.237.219.119 34.237.219.119	14618 (AMAZON-AES) (AMAZON-AES)
1	3.215.172.219 3.215.172.219	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:445... 2600:1f18:4457:4600:b0a3:bb6f:460d:8b4d	14618 (AMAZON-AES) (AMAZON-AES)
53	16

24 70.37.166.146 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.hsabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:808::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.203.18.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-18-187.compute-1.amazonaws.com

7298557.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nova.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2467:ae00:1:fb61:2b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.levelaccess.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80d::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4025:401::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:802::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.237.219.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-237-219-119.compute-1.amazonaws.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.215.172.219 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-172-219.compute-1.amazonaws.com

info.hsabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:4457:4600:b0a3:bb6f:460d:8b4d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.levelaccess.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	hsabank.com www.hsabank.com — Cisco Umbrella Rank: 170694 info.hsabank.com — Cisco Umbrella Rank: 249377	430 KB
6	gstatic.com fonts.gstatic.com	95 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4562 www.google.com — Cisco Umbrella Rank: 2	893 B
2	pardot.com pi.pardot.com — Cisco Umbrella Rank: 3665	4 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 153	136 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5983	608 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 75	489 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 22	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	125 KB
2	levelaccess.net cdn.levelaccess.net — Cisco Umbrella Rank: 13299 api.levelaccess.net — Cisco Umbrella Rank: 14126	62 KB
2	igodigital.com 7298557.collect.igodigital.com — Cisco Umbrella Rank: 250551 nova.collect.igodigital.com — Cisco Umbrella Rank: 4805	3 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 708 netdna.bootstrapcdn.com — Cisco Umbrella Rank: 2691	11 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	2 KB
53	13

	Domain	Requested by
24	www.hsabank.com	www.hsabank.com
6	fonts.gstatic.com	fonts.googleapis.com
2	pi.pardot.com	www.hsabank.com pi.pardot.com
2	connect.facebook.net	www.hsabank.com connect.facebook.net
2	www.google.de	www.hsabank.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.hsabank.com www.googletagmanager.com
1	api.levelaccess.net	cdn.levelaccess.net
1	info.hsabank.com	pi.pardot.com
1	nova.collect.igodigital.com	www.hsabank.com
1	netdna.bootstrapcdn.com	www.hsabank.com
1	www.google.com	www.hsabank.com
1	cdn.levelaccess.net	www.hsabank.com
1	7298557.collect.igodigital.com	www.hsabank.com
1	maxcdn.bootstrapcdn.com	www.hsabank.com
1	fonts.googleapis.com	www.hsabank.com
53	18

This site contains links to these domains. Also see Links.

Domain
myaccounts.hsabank.com
ioe.hsabank.com
secure.hsabank.com
careers.hsabank.com
www.irs.gov
investors.websterbank.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com
public.websteronline.com

Subject Issuer	Validity	Valid
www.hsabank.com Entrust Certification Authority - L1K	`2022-03-19` - `2023-03-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.collect.igodigital.com Amazon	`2022-12-14` - `2024-01-13`	a year	crt.sh
cdn.levelaccess.net Amazon	`2022-12-30` - `2024-01-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-02` - `2023-01-31`	3 months	crt.sh
pi.pardot.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-13` - `2023-09-12`	a year	crt.sh
info.hsabank.com R3	`2022-12-09` - `2023-03-09`	3 months	crt.sh
api.levelaccess.net Amazon	`2022-12-31` - `2024-01-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
Frame ID: 2B9441006768F72D784B6A7A810DE3AD
Requests: 53 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HSA Tax Time 101 - Frequently Asked Questions - HSA Bank

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

53
Requests

100 %
HTTPS

75 %
IPv6

13
Domains

18
Subdomains

16
IPs

4
Countries

889 kB
Transfer

2341 kB
Size

12
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccounts.hsabank.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://ioe.hsabank.com/home
Title: Open an HSA

Search URL Search Domain Scan URL

URL: https://secure.hsabank.com/employer/employersignup/EmployerSignUp.aspx
Title: Employer Sign-Up Form

Search URL Search Domain Scan URL

URL: https://careers.hsabank.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.irs.gov/
Title: irs.gov

Search URL Search Domain Scan URL

URL: https://www.irs.gov/pub/irs-pdf/f1099sa.pdf
Title: here

Search URL Search Domain Scan URL

URL: https://www.irs.gov/pub/irs-pdf/f5498sa.pdf
Title: here

Search URL Search Domain Scan URL

URL: https://investors.websterbank.com/overview/default.aspx
Title: Webster Bank Financial Information

Search URL Search Domain Scan URL

URL: https://www.facebook.com/hsabank

Search URL Search Domain Scan URL

URL: https://www.twitter.com/hsabank

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hsa-bank

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/HSABankMedia

Search URL Search Domain Scan URL

URL: https://public.websteronline.com/important-information-about-insuring-your-deposits-through-fdic
Title: Learn about FDIC insurance coverage

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request hsa-tax-time-101 Show response
www.hsabank.com/hsabank/learning-center/ 95 KB
22 KB 736ms
313ms Document
text/html 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

8203eb16111d534e930e8f5c7f3c7426f726bba2e67d211f0a886173e551ce2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Content-Encoding: gzip
Content-Length: 20309
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: text/html; charset=utf-8
Date: Mon, 23 Jan 2023 19:19:43 GMT
Expires: -1
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK bootstrapmin.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 118 KB
29 KB 260ms
260ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:43 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition: inline; filename="bootstrapmin.css"
Content-Length: 27680
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 21 Apr 2020 17:48:44 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H2 200 css2
fonts.googleapis.com/ 23 KB
2 KB 189ms
71ms Stylesheet
text/css 2a00:1450:400d:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

06980e61901dd3da8924dcdfc3f28c4adfd239a38479931236791d793d62a76a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

strict-transport-security: max-age=31536000
date: Mon, 23 Jan 2023 19:19:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 19:19:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 23 Jan 2023 19:19:44 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 47ms
15ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 19:19:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 871
age: 2719994
cdn-cachedat: 07/07/2022 17:49:34
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 53050069f7634df6ba0426ea6471d136
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 78e2e1f6aae02beb-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK style.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 86 KB
25 KB 632ms
376ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

892aad6825528f9fcc609e82d8204c41fcff7efdb1a060a6b79c40a1b1aa8956

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:44 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition: inline; filename="style.css"
Content-Length: 23901
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 07 Dec 2022 14:45:09 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK lock-yellow.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 487 B
2 KB 415ms
157ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/lock-yellow.ashx?la=en

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:18 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="lock-yellow.png"
Accept-Ranges: bytes
Content-Length: 487
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK members.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 6 KB
8 KB 198ms
149ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/members.ashx?la=en

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:23 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="members.jpg"
Accept-Ranges: bytes
Content-Length: 6597
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK logo-hsabank.ashx
www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/ 7 KB
9 KB 149ms
149ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/logo-hsabank.ashx?la=en

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0e61978632f43baea1ca2575e3b0761f2e113d60133f22e8095a6e01a9df0f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:19 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="logo-hsabank.png"
Accept-Ranges: bytes
Content-Length: 6914
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK searchboxmobile.min.css
www.hsabank.com/Styles/ 311 B
2 KB 347ms
136ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Styles/searchboxmobile.min.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:44 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 273
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 08 Dec 2022 04:15:25 GMT
Server: Microsoft-IIS/10.0
ETag: "2e59bb2bbad91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK open-hsa-navbanner.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/ 38 KB
40 KB 384ms
384ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/open-hsa-navbanner.jpg

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:20:20 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="open-hsa-navbanner.jpg"
Accept-Ranges: bytes
Content-Length: 38779
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK 2022-ER-Partner-Navigation
www.hsabank.com/~/media/Images/Mobile_Responsive_2017/2017/learning-center/health-and-wealth-index/ 57 KB
59 KB 385ms
385ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/media/Images/Mobile_Responsive_2017/2017/learning-center/health-and-wealth-index/2022-ER-Partner-Navigation

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

175d25eb48831e6f67bacbc9afbc26665736432cc379e79c3d84148eb1acd55f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 01 Jun 2022 20:52:20 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="2022-ER-Partner-Navigation.jpg"
Accept-Ranges: bytes
Content-Length: 58795
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK learning-center.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 10 KB
12 KB 149ms
149ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/learning-center.ashx?la=en

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:22 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="learning-center.jpg"
Accept-Ranges: bytes
Content-Length: 10245
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK about.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 11 KB
13 KB 144ms
144ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/about.ashx?la=en

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:23 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="about.jpg"
Accept-Ranges: bytes
Content-Length: 11131
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK searchbox.min.css
www.hsabank.com/Styles/ 920 B
2 KB 379ms
128ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Styles/searchbox.min.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:44 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 594
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 08 Dec 2022 04:15:25 GMT
Server: Microsoft-IIS/10.0
ETag: "eeda93b2bbad91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK searchglass.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 439 B
2 KB 139ms
139ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/searchglass.ashx?la=en

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:19 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="searchglass.png"
Accept-Ranges: bytes
Content-Length: 439
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK searchbox.min.js Show response
www.hsabank.com/Scripts/ 85 B
2 KB 142ms
142ms Script
application/x-javascript 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Scripts/searchbox.min.js

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:44 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 191
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 08 Dec 2022 04:15:25 GMT
Server: Microsoft-IIS/10.0
ETag: "374387b2bbad91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK breadcrumb.min.css
www.hsabank.com/Styles/Site/ 563 B
2 KB 393ms
138ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Styles/Site/breadcrumb.min.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:44 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 407
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 08 Dec 2022 04:15:25 GMT
Server: Microsoft-IIS/10.0
ETag: "6c76d4b2bbad91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK still-contribute-box
www.hsabank.com/hsabank/learning-center/~/media/Images/Mobile_Responsive_2017/2017/members/tax-page/ 19 KB
21 KB 383ms
383ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/hsabank/learning-center/~/media/Images/Mobile_Responsive_2017/2017/members/tax-page/still-contribute-box

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2fa6c35e9cad0e35bec93ed34de1da81ff14bfe4a5800c4eff634cef47fd8920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 02 Nov 2020 16:58:17 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="still-contribute-box.jpg"
Accept-Ranges: bytes
Content-Length: 19704
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H2 200 collect.js Show response
7298557.collect.igodigital.com/ 8 KB
2 KB 499ms
119ms Script
application/javascript 34.203.18.187
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://7298557.collect.igodigital.com/collect.js
Requested by: Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.203.18.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-203-18-187.compute-1.amazonaws.com
Software: /
Resource Hash: 463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 19:19:44 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 13:45:10 GMT
vary: Accept-Encoding
content-type: application/javascript

GET
H/1.1 200
OK access.js Show response
cdn.levelaccess.net/accessjs/YW1wMTEwNDI/ 461 KB
62 KB 155ms
36ms Script
application/javascript 2600:9000:2467:ae00:1:fb61:2b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Requested by: Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2467:ae00:1:fb61:2b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ec7a5529dd7c6368cc3d9ebeac06497ef8c77a1dd91664ce3f0fc5cc93670b3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

x-amz-version-id: oNecIRIxqtDE1il4Y0VbkkLojldcDXoU
Content-Encoding: gzip
Via: 1.1 a691127ceb6e813dc3ada040272c1fae.cloudfront.net (CloudFront)
Date: Mon, 23 Jan 2023 19:17:13 GMT
X-Amz-Cf-Pop: SOF50-P1
Age: 152
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 62474
Last-Modified: Tue, 28 Jun 2022 06:00:39 GMT
Server: AmazonS3
ETag: "de038ce754f9f0880d8201b0883f7c1d"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Accept-Ranges: bytes
X-Amz-Cf-Id: IrYFjwRQa7CQhhPJmQZtOxj9aYYYVOnvPccDbl5LRmZOAr9pbCkjZQ==

GET
H/1.1 200
OK SITE.js Show response
www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/ 360 KB
149 KB 273ms
273ms Script
application/x-javascript 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/SITE.js?v=1.07

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 23 Jan 2023 19:19:44 GMT
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition: inline; filename="SITE.js"
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 08 Sep 2022 19:00:47 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 128 KB
49 KB 193ms
76ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9346baf6db5fa1e625252efc0ce54dfa82aae882b071856d414666214525f006

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 19:19:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49442
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 18:14:41 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 23 Jan 2023 19:19:44 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 162ms
47ms Script
text/javascript 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 23 Jan 2023 18:21:46 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3478
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20085
expires: Mon, 23 Jan 2023 20:21:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
76 KB 78ms
77ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

17a7d5baecdfbe5e2d897deb6c740204d84435dd5b7c0522effe600e3b0d7b8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 19:19:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77798
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 23 Jan 2023 19:19:44 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
347 B 133ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=2oe1i0&_p=1843479664&_gaz=1&cid=1410958200.1674501585&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674501584&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 132ms
19ms Ping
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=1410958200.1674501585&gtm=2oe1i0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 202ms
83ms Image
image/gif 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=1410958200.1674501585&gtm=2oe1i0&aip=1&z=112106622

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
209 B 68ms
67ms XHR
text/plain 2a00:1450:400d:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1843479664&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&ul=en-us&de=UTF-8&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=590970895&gjid=982998134&cid=1410958200.1674501585&tid=UA-187387-6&_gid=673819016.1674501585&_r=1&_slc=1&gtm=2wg1i0PZV52K3&z=1133058757

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hsabank.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:44 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
442 B 19ms
18ms XHR
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-187387-6&cid=1410958200.1674501585&jid=590970895&gjid=982998134&_gid=673819016.1674501585&_u=YADAAEAAAAAAACAAI~&z=1479074178

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hsabank.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 23 Jan 2023 19:19:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 200ms
84ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-187387-6&cid=1410958200.1674501585&jid=590970895&_u=YADAAEAAAAAAACAAI~&z=970858934

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 83ms
82ms Image
image/gif 2a00:1450:400d:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-187387-6&cid=1410958200.1674501585&jid=590970895&_u=YADAAEAAAAAAACAAI~&z=970858934

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap-glyphicons.css
netdna.bootstrapcdn.com/bootstrap/3.0.0/css/ 13 KB
3 KB 29ms
15ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 19:19:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 845
age: 2719947
cdn-cachedat: 05/14/2022 02:00:35
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"4e99a55d216e622c9ed6b9708d8b8010"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: f8c2e3722ceff6e5855cdbf6466b8eec
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 78e2e1fa8b792beb-FRA
cdn-requestpullsuccess: True

GET
H/1.1 200
OK tridown-green.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 200 B
2 KB 218ms
205ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tridown-green.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:30 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="tridown-green.png"
Accept-Ranges: bytes
Content-Length: 200
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 219ms
101ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 19:16:22 GMT
x-content-type-options: nosniff
age: 203
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15700
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 19:16:22 GMT

GET
H2 200 ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 17 KB
17 KB 232ms
119ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 11:09:14 GMT
x-content-type-options: nosniff
age: 29431
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17376
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:55:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 11:09:14 GMT

GET
H/1.1 200
OK divider.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 1 KB
3 KB 275ms
224ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/divider.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:14 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="divider.png"
Accept-Ranges: bytes
Content-Length: 1458
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 242ms
139ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Fri, 20 Jan 2023 12:49:17 GMT
x-content-type-options: nosniff
age: 282628
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15660
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 Jan 2024 12:49:17 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 252ms
150ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Mon, 23 Jan 2023 11:48:56 GMT
x-content-type-options: nosniff
age: 27049
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 11:48:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 151ms
49ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Wed, 18 Jan 2023 19:33:08 GMT
x-content-type-options: nosniff
age: 431197
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 18 Jan 2024 19:33:08 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 61ms
9ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ef8f067f829af7c95936a36f38e54c98ab090f937f5557e4c78829ed8fcf5ffd

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 23 Jan 2023 19:19:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27859
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: V0oztfRAsVrmQXtXOjRph9/6zmnc0/8QVuhbXtle24eYr9oBuQG1AKVfR4WNmyClhG9Rm0rr9povw+Tl0YkC4g==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 403 track_page_view
nova.collect.igodigital.com/c2/7298557/ 43 B
354 B 114ms
113ms Image
image/gif 34.203.18.187
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%22%2C%22referrer%22%3A%22%22%7D

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.203.18.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-18-187.compute-1.amazonaws.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

x-runtime: 0.002240
date: Mon, 23 Jan 2023 19:19:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/gif
cache-control: private
content-transfer-encoding: binary
content-disposition: inline
x-xss-protection: 1; mode=block
x-request-id: eb649a6e-6e28-420d-9b8b-d42407ecb930

GET
H/1.1 200
OK tertiary-green-line.jpg
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 12 KB
14 KB 186ms
186ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tertiary-green-line.jpg

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 08 Jun 2021 13:26:47 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="tertiary-green-line.jpg"
Accept-Ranges: bytes
Content-Length: 12233
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK facebook-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 320 B
2 KB 223ms
222ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/facebook-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:20 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="facebook-grey.png"
Accept-Ranges: bytes
Content-Length: 320
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK twitter-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 2 KB
4 KB 201ms
200ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/twitter-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:16 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="twitter-grey.png"
Accept-Ranges: bytes
Content-Length: 1821
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK linkedin-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 402 B
2 KB 268ms
268ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/linkedin-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:15 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="linkedin-grey.png"
Accept-Ranges: bytes
Content-Length: 402
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK youtube-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 389 B
2 KB 229ms
229ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/youtube-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Mon, 23 Jan 2023 19:19:44 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:19 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="youtube-grey.png"
Accept-Ranges: bytes
Content-Length: 389
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 119ms
61ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Sat, 21 Jan 2023 17:59:22 GMT
x-content-type-options: nosniff
age: 177623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15528
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:53:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 21 Jan 2024 17:59:22 GMT

GET
H2 200 1686908524672324 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 228ms
228ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1686908524672324?v=2.9.94&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d676512a6805324aa5ffa469ba2c906bdcf2d0b1673429b8648ccc3abe3cfba5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 23 Jan 2023 19:19:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: T9Wt2Tqukc5rSknbBVH1Km+1naOIwEY0R352/j/GdigxiDX9UcW4vnf2SWDG/ML86qNqIQxWfpIMHg8E0UBCdw==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK pd.js Show response
pi.pardot.com/ 5 KB
2 KB 442ms
108ms Script
application/javascript 34.237.219.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pi.pardot.com/pd.js
Requested by: Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.237.219.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-237-219-119.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: 3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Date: Mon, 23 Jan 2023 19:19:46 GMT
content-encoding: gzip
X-Pardot-Route: 16b0ab393667a33fe86adedc3141e88c
last-modified: Mon, 23 Jan 2023 14:32:12 GMT
Server: PardotServer
etag: "1547-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1946
expires: Wed, 22 Jan 2025 19:19:46 GMT

GET
H/1.1 200
OK analytics Show response
pi.pardot.com/ 1 KB
2 KB 284ms
283ms Script
text/javascript 34.237.219.119
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=1267&account_id=149681&title=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&url=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&referrer=

Requested by

Host: pi.pardot.com
URL: https://pi.pardot.com/pd.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.237.219.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-237-219-119.compute-1.amazonaws.com

Software

PardotServer /

Resource Hash

2d35f916b8ca87be1cc61accf466eae2296f22f0731abec5d42d81ef40788ab6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
Date: Mon, 23 Jan 2023 19:19:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
Server: PardotServer
vary: Accept-Encoding,User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 550
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK analytics Show response
info.hsabank.com/ 50 B
1 KB 694ms
218ms Script
text/javascript 3.215.172.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://info.hsabank.com/analytics?conly=true&visitor_id=396262774&visitor_id_sign=6be4ad64c5bc6459e60c03b1a18741f4057350ad32a19e4375b9278c5c8b82ddac46ae0c25a34c60188d221afe6dfafb99fc78da&pi_opt_in=&campaign_id=1267&account_id=149681&title=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&url=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&referrer=
Requested by: Host: pi.pardot.com
URL: https://pi.pardot.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=1267&account_id=149681&title=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&url=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&referrer=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.215.172.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-172-219.compute-1.amazonaws.com
Software: PardotServer /
Resource Hash: dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
Date: Mon, 23 Jan 2023 19:19:47 GMT
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
Server: PardotServer
vary: User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
x-pardot-canary: true
Content-Length: 50
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 200 results Show response
api.levelaccess.net/analytics/3.0/ 0
322 B 428ms
103ms XHR
text/plain 2600:1f18:4457:4600:b0a3:bb6f:460d:8b4d
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.levelaccess.net/analytics/3.0/results

Requested by

Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4457:4600:b0a3:bb6f:460d:8b4d Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hsabank.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 23 Jan 2023 19:19:48 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 18ms
17ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=2oe1i0&_p=1843479664&cid=1410958200.1674501585&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674501584&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Mon, 23 Jan 2023 19:19:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.hsabank.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: omwveib5j1gxn2ptcsrnj55e
.hsabank.com/	1970-01-20 18:44:21	Name: _ga_HR1XKMEB6P Value: GS1.1.1674501584.1.0.1674501584.60.0.0
.hsabank.com/	1970-01-20 18:44:21	Name: _ga Value: GA1.2.1410958200.1674501585
.hsabank.com/	1970-01-20 09:09:47	Name: _gid Value: GA1.2.673819016.1674501585
.hsabank.com/	1970-01-20 09:08:21	Name: _gat_gtmtrack Value: 1
.pardot.com/	1970-01-20 18:44:21	Name: visitor_id148681 Value: 396262774
.pardot.com/	1970-01-20 18:44:21	Name: visitor_id148681-hash Value: 6be4ad64c5bc6459e60c03b1a18741f4057350ad32a19e4375b9278c5c8b82ddac46ae0c25a34c60188d221afe6dfafb99fc78da
pi.pardot.com/	1970-01-20 09:08:23	Name: lpv148681 Value: aHR0cHM6Ly93d3cuaHNhYmFuay5jb20vaHNhYmFuay9sZWFybmluZy1jZW50ZXIvaHNhLXRheC10aW1lLTEwMQ%3D%3D
www.hsabank.com/	1970-01-20 18:44:21	Name: visitor_id148681 Value: 396262774
www.hsabank.com/	1970-01-20 18:44:21	Name: visitor_id148681-hash Value: 6be4ad64c5bc6459e60c03b1a18741f4057350ad32a19e4375b9278c5c8b82ddac46ae0c25a34c60188d221afe6dfafb99fc78da
info.hsabank.com/	1970-01-20 18:44:21	Name: visitor_id148681 Value: 396262774
info.hsabank.com/	1970-01-20 18:44:21	Name: visitor_id148681-hash Value: 6be4ad64c5bc6459e60c03b1a18741f4057350ad32a19e4375b9278c5c8b82ddac46ae0c25a34c60188d221afe6dfafb99fc78da

235 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 49) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=2oe1i0&_p=1843479664&_gaz=1&cid=1410958200.1674501585&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674501584&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_nsi=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 49) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=2oe1i0&_p=1843479664&_gaz=1&cid=1410958200.1674501585&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674501584&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_nsi=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 49) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=1410958200.1674501585&gtm=2oe1i0&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 49) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=1410958200.1674501585&gtm=2oe1i0&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101(Line 116) Message: [Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=1410958200.1674501585&gtm=2oe1i0&aip=1&z=112106622' because it violates the following Content Security Policy directive: "img-src 'self' https://.igodigital.com https://.hsabank.com https://*.google-analytics.com".
security	error	URL: https://www.google-analytics.com/analytics.js(Line 33) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-187387-6&cid=1410958200.1674501585&jid=590970895&gjid=982998134&_gid=673819016.1674501585&_u=YADAAEAAAAAAACAAI~&z=1479074178' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101(Line 116) Message: [Report Only] Refused to load the image 'https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-187387-6&cid=1410958200.1674501585&jid=590970895&_u=YADAAEAAAAAAACAAI~&z=970858934' because it violates the following Content Security Policy directive: "img-src 'self' https://.igodigital.com https://.hsabank.com https://*.google-analytics.com".
security	error	URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101(Line 116) Message: [Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-187387-6&cid=1410958200.1674501585&jid=590970895&_u=YADAAEAAAAAAACAAI~&z=970858934' because it violates the following Content Security Policy directive: "img-src 'self' https://.igodigital.com https://.hsabank.com https://*.google-analytics.com".
network	error	URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%22%2C%22referrer%22%3A%22%22%7D Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 49) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=2oe1i0&_p=1843479664&cid=1410958200.1674501585&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674501584&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 49) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=2oe1i0&_p=1843479664&cid=1410958200.1674501585&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674501584&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7298557.collect.igodigital.com
api.levelaccess.net
cdn.levelaccess.net
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
info.hsabank.com
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
nova.collect.igodigital.com
pi.pardot.com
region1.analytics.google.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hsabank.com
2001:4860:4802:34::36
2600:1f18:4457:4600:b0a3:bb6f:460d:8b4d
2600:9000:2467:ae00:1:fb61:2b80:93a1
2606:4700::6812:acf
2a00:1450:400d:802::2003
2a00:1450:400d:808::200a
2a00:1450:400d:80a::2003
2a00:1450:400d:80a::2004
2a00:1450:400d:80d::200e
2a00:1450:400d:80e::2008
2a00:1450:4025:401::9d
2a03:2880:f01c:216:face:b00c:0:3
3.215.172.219
34.203.18.187
34.237.219.119
70.37.166.146
06980e61901dd3da8924dcdfc3f28c4adfd239a38479931236791d793d62a76a
0e61978632f43baea1ca2575e3b0761f2e113d60133f22e8095a6e01a9df0f7a
134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2
175d25eb48831e6f67bacbc9afbc26665736432cc379e79c3d84148eb1acd55f
17a7d5baecdfbe5e2d897deb6c740204d84435dd5b7c0522effe600e3b0d7b8b
2d35f916b8ca87be1cc61accf466eae2296f22f0731abec5d42d81ef40788ab6
2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
2fa6c35e9cad0e35bec93ed34de1da81ff14bfe4a5800c4eff634cef47fd8920
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3
3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b
3b91e6a4b14493d67f9660e6d4a2e27c1eea54d97ccb7c30acf3b89998b3be99
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
8203eb16111d534e930e8f5c7f3c7426f726bba2e67d211f0a886173e551ce2e
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
892aad6825528f9fcc609e82d8204c41fcff7efdb1a060a6b79c40a1b1aa8956
9346baf6db5fa1e625252efc0ce54dfa82aae882b071856d414666214525f006
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
d676512a6805324aa5ffa469ba2c906bdcf2d0b1673429b8648ccc3abe3cfba5
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
ec7a5529dd7c6368cc3d9ebeac06497ef8c77a1dd91664ce3f0fc5cc93670b3e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8f067f829af7c95936a36f38e54c98ab090f937f5557e4c78829ed8fcf5ffd
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

www.hsabank.com Open in urlscan Pro 70.37.166.146 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

53 Requests

100 %HTTPS

75 %IPv6

13 Domains

18 Subdomains

16 IPs

4 Countries

889 kBTransfer

2341 kBSize

12 Cookies

13 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.hsabank.com Open in urlscan Pro
70.37.166.146 Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

100 %
HTTPS

75 %
IPv6

13
Domains

18
Subdomains

16
IPs

4
Countries

889 kB
Transfer

2341 kB
Size

12
Cookies

53 HTTP transactions
0 data transactions