www.gesa.com Open in urlscan Pro
2606:4700:10::6816:1055 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.gesa.com/
Submission: On November 16 via api (November 16th 2023, 10:21:16 pm UTC) from US — Scanned from US

Summary HTTP 296 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 60 IPs in 7 countries across 71 domains to perform 296 HTTP transactions. The main IP is 2606:4700:10::6816:1055, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.gesa.com.
TLS certificate: Issued by GTS CA 1P5 on November 15th 2023. Valid for: 3 months.

This is the only time www.gesa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
196	2606:4700:10:... 2606:4700:10::6816:1055	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.128.114 151.101.128.114	54113 (FASTLY) (FASTLY)
2	52.146.86.174 52.146.86.174	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2607:f8b0:400... 2607:f8b0:4004:c06::61	15169 (GOOGLE) (GOOGLE)
2	3.211.123.40 3.211.123.40	14618 (AMAZON-AES) (AMAZON-AES)
4	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2607:f8b0:400... 2607:f8b0:4004:c07::9b	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.161.188.46 3.161.188.46	16509 (AMAZON-02) (AMAZON-02)
2	2600:1408:540... 2600:1408:5400:1c::173d:b3d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
2	2606:4700:303... 2606:4700:3030::ac43:a9a7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	185.167.164.45 185.167.164.45	198622 (ADFORM) (ADFORM)
2	54.239.153.200 54.239.153.200	16509 (AMAZON-02) (AMAZON-02)
1	44.226.76.195 44.226.76.195	16509 (AMAZON-02) (AMAZON-02)
4	3.219.107.148 3.219.107.148	14618 (AMAZON-AES) (AMAZON-AES)
2	35.164.239.32 35.164.239.32	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c08::68	15169 (GOOGLE) (GOOGLE)
3	18.164.96.77 18.164.96.77	16509 (AMAZON-02) (AMAZON-02)
3	52.88.183.153 52.88.183.153	16509 (AMAZON-02) (AMAZON-02)
2 18	185.167.164.49 185.167.164.49	198622 (ADFORM) (ADFORM)
1	104.26.10.16 104.26.10.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.129.140 151.101.129.140	54113 (FASTLY) (FASTLY)
2	2607:f8b0:400... 2607:f8b0:4004:c08::9d	15169 (GOOGLE) (GOOGLE)
1	35.186.228.179 35.186.228.179	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	185.167.164.43 185.167.164.43	198622 (ADFORM) (ADFORM)
2 3	3.232.196.85 3.232.196.85	14618 (AMAZON-AES) (AMAZON-AES)
1	23.206.252.117 23.206.252.117	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	3.120.47.64 3.120.47.64	16509 (AMAZON-02) (AMAZON-02)
1 1	23.105.12.172 23.105.12.172	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
1 2	34.200.65.202 34.200.65.202	14618 (AMAZON-AES) (AMAZON-AES)
1	63.251.28.234 63.251.28.234	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 1	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
1	3.226.187.105 3.226.187.105	14618 (AMAZON-AES) (AMAZON-AES)
1 2	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	50.57.31.206 50.57.31.206	19994 (RACKSPACE) (RACKSPACE)
6 7	77.243.51.121 77.243.51.121	42697 (NETIC-AS) (NETIC-AS)
1 1	18.203.15.21 18.203.15.21	16509 (AMAZON-02) (AMAZON-02)
4 5	68.67.160.184 68.67.160.184	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
1 2	34.197.192.192 34.197.192.192	14618 (AMAZON-AES) (AMAZON-AES)
2 2	34.229.3.43 34.229.3.43	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:6ea0:e20... 2a02:6ea0:e200::2	60068 (CDN77 ^_^) (CDN77 ^_^)
1 2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1 2	54.211.145.128 54.211.145.128	14618 (AMAZON-AES) (AMAZON-AES)
2	23.219.12.236 23.219.12.236	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 1	34.255.135.5 34.255.135.5	16509 (AMAZON-02) (AMAZON-02)
1	52.92.35.48 52.92.35.48	16509 (AMAZON-02) (AMAZON-02)
2 2	141.94.171.213 141.94.171.213	16276 (OVH) (OVH)
3 4	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	18.204.53.13 18.204.53.13	14618 (AMAZON-AES) (AMAZON-AES)
1	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	18.238.55.14 18.238.55.14	16509 (AMAZON-02) (AMAZON-02)
2 3	34.246.239.231 34.246.239.231	16509 (AMAZON-02) (AMAZON-02)
2 2	54.80.30.57 54.80.30.57	14618 (AMAZON-AES) (AMAZON-AES)
1 1	13.225.63.83 13.225.63.83	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	23.220.117.26 23.220.117.26	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	54.172.84.140 54.172.84.140	14618 (AMAZON-AES) (AMAZON-AES)
1 1	69.169.85.6 69.169.85.6	29838 (AMC) (AMC)
1	64.58.232.180 64.58.232.180	13649 (ASN-FLEXE...) (ASN-FLEXENTIAL)
3 4	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
2 2	35.190.24.218 35.190.24.218	15169 (GOOGLE) (GOOGLE)
1	23.220.125.47 23.220.125.47	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	2600:9000:21d... 2600:9000:21d5:6800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	192.0.77.40 192.0.77.40	2635 (AUTOMATTIC) (AUTOMATTIC)
3 3	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	46.19.11.36 46.19.11.36	51790 (SIEL) (SIEL)
1	3.230.136.68 3.230.136.68	14618 (AMAZON-AES) (AMAZON-AES)
1 2	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
1	34.235.210.13 34.235.210.13	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f10... 2a03:2880:f103:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
296	60

196 2606:4700:10::6816:1055 (United States)

ASN13335 (CLOUDFLARENET, US)

www.gesa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.114 (United States)

ASN54113 (FASTLY, US)

cdn.evgnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.146.86.174 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.node7seat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.211.123.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-123-40.compute-1.amazonaws.com

gesacu.us-1.evergage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c07::9b (Washington, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.188.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-188-46.atl59.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:5400:1c::173d:b3d (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3030::ac43:a9a7 (United States)

ASN13335 (CLOUDFLARENET, US)

app.marketplan.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.167.164.45 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.239.153.200 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-239-153-200.iad50.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.226.76.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-76-195.us-west-2.compute.amazonaws.com

app.truconversion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.219.107.148 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-107-148.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.164.239.32 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-164-239-32.us-west-2.compute.amazonaws.com

app.leadsrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::68 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.164.96.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-77.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.88.183.153 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-88-183-153.us-west-2.compute.amazonaws.com

api.alpharank.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.alpharank.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.167.164.49 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

a2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.16 (None, )

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::9d (Ashburn, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.228.179 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 179.228.186.35.bc.googleusercontent.com

google-analytics.bi.owox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.167.164.43 (Denmark)

ASN198622 (ADFORM, DK)

a1.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.232.196.85 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-196-85.compute-1.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ice.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.206.252.117 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-252-117.deploy.static.akamaitechnologies.com

ad.yieldlab.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.47.64 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-47-64.eu-central-1.compute.amazonaws.com

ih.adscale.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.105.12.172 (Manassas, United States) 1 redirects

ASN30633 (LEASEWEB-USA-WDC, US)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.65.202 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.28.234 (Secaucus, United States)

ASN13789 (INTERNAP-BLK3, US)

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.211.178.172 (North Charleston, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.226.187.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-187-105.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.36.155 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.57.31.206 (United States) 2 redirects

ASN19994 (RACKSPACE, US)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 77.243.51.121 (Denmark) 6 redirects

ASN42697 (NETIC-AS, DK)

uip.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
se.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.203.15.21 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-15-21.eu-west-1.compute.amazonaws.com

synchroscript.deliveryengine.adswizz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 68.67.160.184 (Brooklyn, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.62.157 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.197.192.192 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-192-192.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.229.3.43 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-3-43.compute-1.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:e200::2 (Ashburn, United States)

ASN60068 (CDN77 ^_^, GB)

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.211.145.128 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-145-128.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.219.12.236 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-219-12-236.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.255.135.5 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-135-5.eu-west-1.compute.amazonaws.com

api.adrtx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.92.35.48 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1.amazonaws.com

s3-eu-west-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.171.213 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-5.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.71.131.137 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.204.53.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-53-13.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.55.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-55-14.jfk52.r.cloudfront.net

pdw-adf.userreport.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.246.239.231 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-239-231.eu-west-1.compute.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.80.30.57 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-80-30-57.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.63.83 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-83.ewr53.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.220.117.26 (Ashburn, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-117-26.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.172.84.140 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-84-140.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.169.85.6 (Commack, United States) 1 redirects

ASN29838 (AMC, US)

global.ib-ibi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.58.232.180 (Las Vegas, United States)

ASN13649 (ASN-FLEXENTIAL, US)

ib.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 141.95.98.65 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.24.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.24.190.35.bc.googleusercontent.com

redirect.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.220.125.47 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-125-47.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21d5:6800:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com

www.tumblr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.111.113.62 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.19.11.36 (Slovenia)

ASN51790 (SIEL, SI)
PTR: ilog.vsn.si

match.contentexchange.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.230.136.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-136-68.compute-1.amazonaws.com

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.139.29 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.235.210.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-210-13.compute-1.amazonaws.com

e1.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
196	gesa.com www.gesa.com	10 MB
19	adform.net 2 redirects s2.adform.net — Cisco Umbrella Rank: 6944 a2.adform.net — Cisco Umbrella Rank: 10404 c1.adform.net — Cisco Umbrella Rank: 599 dmp.adform.net — Cisco Umbrella Rank: 3509	44 KB
9	semasio.net 8 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1222 uip.semasio.net — Cisco Umbrella Rank: 22187 se.semasio.net — Cisco Umbrella Rank: 25827	4 KB
8	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 245	5 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 246 secure.adnxs.com — Cisco Umbrella Rank: 495	4 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 377 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6003	6 KB
4	id5-sync.com 3 redirects id5-sync.com — Cisco Umbrella Rank: 440	5 KB
4	adsrvr.org 3 redirects match.adsrvr.org — Cisco Umbrella Rank: 353	1 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2977	9 KB
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 727 script.hotjar.com — Cisco Umbrella Rank: 901	106 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	155 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 110	247 B
3	tapad.com 3 redirects pixel.tapad.com — Cisco Umbrella Rank: 487	1 KB
3	audrte.com 2 redirects a.audrte.com — Cisco Umbrella Rank: 2810	2 KB
3	exelator.com 2 redirects loadm.exelator.com — Cisco Umbrella Rank: 1743 load77.exelator.com — Cisco Umbrella Rank: 4116	2 KB
3	360yield.com 2 redirects ad.360yield.com — Cisco Umbrella Rank: 781 ice.360yield.com — Cisco Umbrella Rank: 2116	1 KB
3	alpharank.io api.alpharank.io — Cisco Umbrella Rank: 77980 pixel.alpharank.io — Cisco Umbrella Rank: 80792	47 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2 analytics.google.com — Cisco Umbrella Rank: 157	806 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 366	14 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 417	719 B
2	weborama.fr 2 redirects redirect.frontend.weborama.fr — Cisco Umbrella Rank: 14109	629 B
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 912	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 228	1 KB
2	onaudience.com 2 redirects pixel.onaudience.com — Cisco Umbrella Rank: 3239	972 B
2	openx.net 1 redirects eu-u.openx.net — Cisco Umbrella Rank: 2753	491 B
2	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 685	791 B
2	crwdcntrl.net 1 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 865	485 B
2	rlcdn.com 1 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 415	526 B
2	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1148	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	1 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 327	488 B
2	adscale.de 2 redirects ih.adscale.de — Cisco Umbrella Rank: 3211	690 B
2	leadsrx.com app.leadsrx.com — Cisco Umbrella Rank: 9605	19 KB
2	cloudfront.net d10lpsik1i8c69.cloudfront.net	95 KB
2	marketplan.io app.marketplan.io — Cisco Umbrella Rank: 583609	3 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 778	7 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
2	evergage.com gesacu.us-1.evergage.com	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	201 KB
2	node7seat.com secure.node7seat.com — Cisco Umbrella Rank: 629363	12 KB
1	emxdgt.com e1.emxdgt.com — Cisco Umbrella Rank: 2274	120 B
1	rtactivate.com bpi.rtactivate.com — Cisco Umbrella Rank: 1570	109 B
1	contentexchange.me match.contentexchange.me — Cisco Umbrella Rank: 29393	49 B
1	tumblr.com www.tumblr.com — Cisco Umbrella Rank: 6765	1 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 716	527 B
1	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1403	278 B
1	mookie1.com ib.mookie1.com — Cisco Umbrella Rank: 2882	421 B
1	ib-ibi.com 1 redirects global.ib-ibi.com — Cisco Umbrella Rank: 1962	498 B
1	mathtag.com 1 redirects pixel.mathtag.com — Cisco Umbrella Rank: 1982	640 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1533	456 B
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 560	653 B
1	userreport.com pdw-adf.userreport.com — Cisco Umbrella Rank: 25853	444 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 843	469 B
1	krxd.net beacon.krxd.net — Cisco Umbrella Rank: 758	337 B
1	amazonaws.com s3-eu-west-1.amazonaws.com	390 B
1	adrtx.net 1 redirects api.adrtx.net — Cisco Umbrella Rank: 31067	407 B
1	adswizz.com 1 redirects synchroscript.deliveryengine.adswizz.com — Cisco Umbrella Rank: 2700	478 B
1	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 559	279 B
1	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 351	361 B
1	stickyadstv.com ads.stickyadstv.com — Cisco Umbrella Rank: 566	638 B
1	smartadserver.com 1 redirects rtb-csync.smartadserver.com — Cisco Umbrella Rank: 733	668 B
1	rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 458	655 B
1	yieldlab.net ad.yieldlab.net — Cisco Umbrella Rank: 4925	235 B
1	seadform.net a1.seadform.net — Cisco Umbrella Rank: 24458	456 B
1	owox.com google-analytics.bi.owox.com — Cisco Umbrella Rank: 84498	14 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1452	637 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 10518	1 KB
1	truconversion.com app.truconversion.com — Cisco Umbrella Rank: 83417	1 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1333	8 KB
1	evgnet.com cdn.evgnet.com — Cisco Umbrella Rank: 3780	47 KB
0	e-volution.ai Failed sync.e-volution.ai Failed
296	71

	Domain	Requested by
196	www.gesa.com	www.gesa.com
12	c1.adform.net	1 redirects a2.adform.net c1.adform.net
4	id5-sync.com	3 redirects c1.adform.net
4	dmp.adform.net	c1.adform.net
4	match.adsrvr.org	3 redirects c1.adform.net
4	cm.g.doubleclick.net	4 redirects
4	se.semasio.net	3 redirects c1.adform.net
4	tags.srv.stackadapt.com	www.gesa.com tags.srv.stackadapt.com
4	connect.facebook.net	www.gesa.com connect.facebook.net
3	www.facebook.com	www.gesa.com
3	pixel.tapad.com	3 redirects
3	a.audrte.com	2 redirects c1.adform.net
3	secure.adnxs.com	2 redirects c1.adform.net
3	uip.semasio.net	3 redirects
3	px.ads.linkedin.com	3 redirects
3	script.hotjar.com	static.hotjar.com script.hotjar.com www.gesa.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.gesa.com
2	eb2.3lift.com	1 redirects c1.adform.net
2	redirect.frontend.weborama.fr	2 redirects
2	pm.w55c.net	2 redirects
2	dpm.demdex.net	2 redirects
2	pixel.onaudience.com	2 redirects
2	eu-u.openx.net	1 redirects c1.adform.net
2	tags.bluekai.com	c1.adform.net
2	sync.crwdcntrl.net	1 redirects c1.adform.net
2	idsync.rlcdn.com	1 redirects c1.adform.net
2	loadm.exelator.com	2 redirects
2	ps.eyeota.net	1 redirects c1.adform.net
2	ib.adnxs.com	2 redirects
2	uipglob.semasio.net	2 redirects
2	dsum-sec.casalemedia.com	1 redirects c1.adform.net
2	ups.analytics.yahoo.com	1 redirects c1.adform.net
2	ih.adscale.de	2 redirects
2	ad.360yield.com	1 redirects c1.adform.net
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	a2.adform.net	1 redirects www.gesa.com
2	api.alpharank.io	www.googletagmanager.com api.alpharank.io
2	www.google.com	www.gesa.com
2	app.leadsrx.com	www.gesa.com app.leadsrx.com
2	d10lpsik1i8c69.cloudfront.net	www.gesa.com d10lpsik1i8c69.cloudfront.net
2	app.marketplan.io	www.googletagmanager.com app.marketplan.io
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	gesacu.us-1.evergage.com	cdn.evgnet.com
2	www.googletagmanager.com	www.gesa.com www.googletagmanager.com
2	secure.node7seat.com	www.gesa.com secure.node7seat.com
1	pixel.alpharank.io	api.alpharank.io
1	e1.emxdgt.com	c1.adform.net
1	bpi.rtactivate.com	c1.adform.net
1	match.contentexchange.me	c1.adform.net
1	www.tumblr.com	c1.adform.net
1	s.ad.smaato.net	1 redirects
1	sync.teads.tv	c1.adform.net
1	ice.360yield.com	1 redirects
1	ib.mookie1.com	c1.adform.net
1	global.ib-ibi.com	1 redirects
1	pixel.mathtag.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	aa.agkn.com	1 redirects
1	pdw-adf.userreport.com	c1.adform.net
1	simage2.pubmatic.com	c1.adform.net
1	beacon.krxd.net	c1.adform.net
1	s3-eu-west-1.amazonaws.com	c1.adform.net
1	api.adrtx.net	1 redirects
1	load77.exelator.com	c1.adform.net
1	synchroscript.deliveryengine.adswizz.com	1 redirects
1	match.sharethrough.com	c1.adform.net
1	x.bidswitch.net	1 redirects
1	ads.stickyadstv.com	c1.adform.net
1	rtb-csync.smartadserver.com	1 redirects
1	token.rubiconproject.com	c1.adform.net
1	ad.yieldlab.net	c1.adform.net
1	a1.seadform.net	www.gesa.com
1	px4.ads.linkedin.com	www.gesa.com
1	www.linkedin.com	1 redirects
1	analytics.google.com	www.googletagmanager.com
1	google-analytics.bi.owox.com	www.gesa.com
1	alb.reddit.com	www.gesa.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	app.truconversion.com	www.gesa.com
1	s2.adform.net	www.gesa.com
1	www.redditstatic.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	cdn.evgnet.com	www.gesa.com
0	sync.e-volution.ai Failed	c1.adform.net
296	86

This site contains links to these domains. Also see Links.

Domain
applyonline.gesa.com
onlinexpress.gesa.com
www.gesauniversity.com
www.facebook.com
www.instagram.com
twitter.com
vimeo.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.gesa.com GTS CA 1P5	`2023-11-15` - `2024-02-13`	3 months	crt.sh
cdn.evergage.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-06` - `2024-03-04`	a year	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-10` - `2024-07-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.us-1.evergage.com Amazon RSA 2048 M02	`2023-07-05` - `2024-08-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-26` - `2023-11-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
marketplan.io GTS CA 1P5	`2023-10-01` - `2023-12-30`	3 months	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-06` - `2024-09-19`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
www.truconversion.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-15` - `2024-11-13`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.leadsrx.com GeoTrust TLS ECC CA G1	`2023-05-02` - `2024-06-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
api.alpharank.io R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-30` - `2024-04-29`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
google-analytics.bi.owox.com GTS CA 1D4	`2023-09-29` - `2023-12-28`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.seadform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-08`	a year	crt.sh
*.yieldlab.net DigiCert TLS RSA SHA256 2020 CA1	`2023-09-17` - `2024-09-17`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.ads.stickyadstv.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-19` - `2024-05-19`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2023-04-14` - `2024-04-12`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.userreport.com Amazon RSA 2048 M02	`2023-02-22` - `2024-01-18`	a year	crt.sh
teads.tv R3	`2023-11-03` - `2024-02-01`	3 months	crt.sh
*.contentexchange.me Sectigo RSA Domain Validation Secure Server CA	`2023-05-29` - `2024-06-04`	a year	crt.sh
rtactivate.com Amazon RSA 2048 M01	`2023-03-14` - `2024-04-11`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2023-06-14` - `2024-06-14`	a year	crt.sh
pixel.alpharank.io R3	`2023-10-04` - `2024-01-02`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.gesa.com/
Frame ID: A12DD043E09660C6364E07829152ECC4
Requests: 269 HTTP requests in this frame

Frame: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Frame ID: ED629EFA4110A02F307F038BA984905D
Requests: 46 HTTP requests in this frame

Frame: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Frame ID: 982783CE8AE57D87AFA04D847FEA158D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Washington Credit Union | Loans | Savings Accounts | Gesa

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

296
Requests

90 %
HTTPS

21 %
IPv6

71
Domains

86
Subdomains

60
IPs

7
Countries

10790 kB
Transfer

15225 kB
Size

116
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://applyonline.gesa.com/VirtualCapture/Products?ProductSubCategory=Savings
Title: Join Gesa

Search URL Search Domain Scan URL

URL: https://onlinexpress.gesa.com/Banking/SignIn.aspx
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.gesauniversity.com/
Title: Start learning at Gesa University

Search URL Search Domain Scan URL

URL: https://applyonline.gesa.com/VirtualCapture/Products
Title: Become a member

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GesaCU
Title: Facebook-f

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gesacu/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/GesaCU
Title: Twitter

Search URL Search Domain Scan URL

URL: http://vimeo.com/gesacu
Title: Vimeo .cls-1{fill:none;}.cls-2{fill:#31414f;}

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/gesa-credit-union
Title: Linkedin

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 240

https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24 HTTP 302
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

Request Chain 251

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4860388%26time%3D1700173268232%26url%3Dhttps%253A%252F%252Fwww.gesa.com%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKuneqrSUNGSwAAAYvaOUbmSnTkpp9RnLgwd7SB3KbZpbVKoaV0Pjgg_cuNipQjIsrzXg

Request Chain 264

https://ad.360yield.com/match?publisher_dsp_id=42&external_user_id=284712521594400884&Expiration=1701382862 HTTP 302
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=284712521594400884&Expiration=1701382862

Request Chain 267

https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=284712521594400884&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__ HTTP 302
https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=284712521594400884&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__&nut&uu=1a39335ad63f4898b748a3eefabc9da1 HTTP 307
https://c1.adform.net/serving/cookie/match?party=9&uid=56bcfbdcf5ff6f2d2cbe3fcb2c6e03ec271c29f261a93b84c108c5d5f2930d2b

Request Chain 268

https://rtb-csync.smartadserver.com/redir/?partnerid=22&partneruserid=284712521594400884&redirurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d10%26cid%3DSMART_USER_ID HTTP 302
https://c1.adform.net/serving/cookie/match?party=10&cid=1662969534616477105

Request Chain 269

https://ups.analytics.yahoo.com/ups/55944/sync?uid=284712521594400884&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55944/sync?uid=284712521594400884&_origin=1&verify=true

Request Chain 271

https://x.bidswitch.net/sync?dsp_id=70&user_id=284712521594400884 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=284712521594400884&seat_key=70&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=

Request Chain 272

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=284712521594400884&expiration=1701382862 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=284712521594400884&expiration=1701382862&C=1

Request Chain 273

https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=284712521594400884&sInitiator=external HTTP 302
https://uip.semasio.net/adform/1/info?sType=sync&sExtCookieId=284712521594400884&sInitiator=external HTTP 302
https://uip.semasio.net/adform/1/info2?sType=sync&sExtCookieId=284712521594400884&sInitiator=external HTTP 302
https://se.semasio.net/sync/1/16266044?sExtCookieId=284712521594400884&gdpr=&sInitiator=external HTTP 302
https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F5108661%3FsExtCookieId%3D%24%7BUID%7D%26sInitiator%3Dinternal HTTP 302
https://se.semasio.net/sync/1/5108661?sExtCookieId=fa5e80e4893d79cfc7d8b881a9974063&sInitiator=internal HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F4354957%3FsExtCookieId%3D%24UID%26sInitiator%3Dinternal&gdpr= HTTP 302
https://se.semasio.net/sync/1/4354957?sExtCookieId=6092989962616973874&sInitiator=internal&gdpr= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=semasio_ddp&google_cm&google_hm=MTlGRkUyREE2NDU1MjQ2Ng&gdpr= HTTP 302
https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=&google_cver=1 HTTP 302
https://uip.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=&google_cver=1 HTTP 302
https://se.semasio.net/sync/1/12092831?sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=

Request Chain 274

https://ps.eyeota.net/match?uid=284712521594400884&bid=9gdtmu1 HTTP 302
https://ps.eyeota.net/match/bounce/?uid=284712521594400884&bid=9gdtmu1

Request Chain 275

https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=284712521594400884 HTTP 302
https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=284712521594400884&xl8blockcheck=1 HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 276

https://idsync.rlcdn.com/398366.gif?partner_uid=284712521594400884 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMoPm8ni1d1X7jKh52d5Og&google_cver=1

Request Chain 279

https://eu-u.openx.net/w/1.0/sd?id=537113484&val=284712521594400884 HTTP 302
https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=284712521594400884

Request Chain 280

https://api.adrtx.net/thirdparty/click?p=adfo HTTP 302
https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif

Request Chain 281

https://pixel.onaudience.com/?mapped=284712521594400884&partner=68 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=dadce82870a7f84a/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1

Request Chain 283

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_cm&google_ula=1641347&party=1&google_hm=Mjg0NzEyNTIxNTk0NDAwODg0 HTTP 302
https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKYFzG24WWM_8F8l43CqaDE&google_cver=1&google_ula=1641347,0

Request Chain 284

https://secure.adnxs.com/getuid?https://c1.adform.net/serving/cookie/match?party=3&id=$UID&redirect=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3Fparty%3D3%26id%3D%24UID%26redirect%3D1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=3&id=6092989962616973874&redirect=1 HTTP 302
https://secure.adnxs.com/setuid?entity=91&code=284712521594400884

Request Chain 288

https://a.audrte.com/a?adform_uid=284712521594400884 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=aTUzYmVxemFOWUFSUUtWYjNoSDdUYjZuUQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/p

Request Chain 289

https://dpm.demdex.net/ibs:dpid=1586&dpuuid=284712521594400884&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1586&dpuuid=284712521594400884&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1 HTTP 302
https://c1.adform.net/serving/cookie/match?party=1007&cid=16498473886063855933135759732638122012&noredirect=1

Request Chain 290

https://aa.agkn.com/adscores/g.pixel?sid=9212269628&_puid=284712521594400884 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1014&cid=214690604702012895007

Request Chain 291

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1049%26cid%3D%25%25COOKIE%25%25 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7302188587898828954

Request Chain 293

https://pixel.mathtag.com/sync/img?redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1066%26cid%3D%5BMM_UUID%5D HTTP 302
https://c1.adform.net/serving/cookie/match?party=1066&cid=aad36556-95d5-4300-a3fe-96b412f38346

Request Chain 294

https://pm.w55c.net/ping_match.gif?st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_ HTTP 302
https://c1.adform.net/serving/cookie/match?party=1084&cid=dcMlTJhM1R3KJv5

Request Chain 295

https://match.adsrvr.org/track/cmf/generic?ttd_pid=71ei9rr&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=71ei9rr&ttd_tpi=1 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1144&tdid=86376af5-9bfe-4d63-b60a-906658ef077a

Request Chain 296

https://global.ib-ibi.com/image.sbmx?go=302927&pid=567&xid=284712521594400884 HTTP 302
https://ib.mookie1.com/image.sbmx?go=302927&pid=567&xid=284712521594400884

Request Chain 297

https://id5-sync.com/s/10/0.gif?puid=284712521594400884 HTTP 302
https://id5-sync.com/c/10/10/2/1.gif?puid=284712521594400884&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://ib.adnxs.com/getuid?https://id5-sync.com/c/10/2/1/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/10/2/1/2.gif?puid=6092989962616973874&gdpr=0&gdpr_consent= HTTP 302
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-5a55JsMx-RuctIZgM1K_XaH7d8XN3zi28X8x8OrPbQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F10%2F124%2F0%2F3.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/cq/10/124/0/3.gif?puid=0b22f182-cc39-4bc0-8403-73e3bfbe3405&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

Request Chain 298

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D HTTP 307
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D&bounce=1&random=419072084 HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1145&cid=fTciQPOb7dhcNwE8wtJ3eu

Request Chain 300

https://s.ad.smaato.net/c/?dspInit=1001213&dspCookie=284712521594400884 HTTP 302
https://www.tumblr.com/ads-user-sync?partner=smaato&uid=d7fbb2f820&gdpr=0&gdpr_consent=

Request Chain 301

https://pixel.tapad.com/idsync/ex/receive?partner_id=2032&partner_device_id=284712521594400884&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2032&partner_device_id=284712521594400884&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=07844c2f-0e80-4452-aa67-af2d0e199c1f%252Chttps%25253A%25252F%25252Fc1.adform.net%25252Fserving%25252Fcookie%25252Fmatch%25253Fparty%25253D2007%252526cid%25253D07844c2f-0e80-4452-aa67-af2d0e199c1f%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=86376af5-9bfe-4d63-b60a-906658ef077a&ttd_puid=07844c2f-0e80-4452-aa67-af2d0e199c1f%2Chttps%253A%252F%252Fc1.adform.net%252Fserving%252Fcookie%252Fmatch%253Fparty%253D2007%2526cid%253D07844c2f-0e80-4452-aa67-af2d0e199c1f%2C HTTP 302
https://c1.adform.net/serving/cookie/match?party=2007&cid=07844c2f-0e80-4452-aa67-af2d0e199c1f

Request Chain 304

https://eb2.3lift.com/xuid?mid=7354&xuid=284712521594400884&dongle=AD20 HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=7354&xuid=284712521594400884&dongle=AD20&gdpr=0&cmp_cs=&us_privacy=

296 HTTP transactions
20 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.gesa.com/ 700 KB
64 KB 369ms
165ms Document
text/html 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

2e7347641bb77cc5caa5334f0548be059a490e20ea1082da3d4209e5c4f3fa02

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 827320038bdb032d-MIA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 16 Nov 2023 22:21:06 GMT
link: <https://www.gesa.com/wp-json/>; rel="https://api.w.org/" <https://www.gesa.com/wp-json/wp/v2/pages/47>; rel="alternate"; type="application/json" <https://www.gesa.com/>; rel=shortlink
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
referrer-policy: origin
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 78
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-xss-protection: 1; mode=block

GET
H2 200 styles.min.css
www.gesa.com/wp-content/plugins/wp-store-locator/css/ 15 KB
4 KB 48ms
43ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a2adf4c1187ff44afb6596a750c078a97b07717364daade11a8c337771832e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 215684
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-3a83"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce05032d-MIA

GET
H2 200 front-css.css
www.gesa.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 79ms
75ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 215684
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Jun 2023 15:45:46 GMT
server: cloudflare
etag: W/"648b322a-cca5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce09032d-MIA

GET
H2 200 new-flags.css
www.gesa.com/wp-content/plugins/weglot/app/styles/ 86 KB
3 KB 81ms
76ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/app/styles/new-flags.css?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 302428
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Jun 2023 15:45:46 GMT
server: cloudflare
etag: W/"648b322a-15817"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce0a032d-MIA

GET
H2 200 elementor-icons.min.css
www.gesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 48ms
44ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1419605
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-4b4f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce0d032d-MIA

GET
H2 200 frontend.min.css
www.gesa.com/wp-content/plugins/elementor/assets/css/ 158 KB
20 KB 53ms
49ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 483373
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:46 GMT
server: cloudflare
etag: W/"6480cc5e-27687"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce0e032d-MIA

GET
H2 200 frontend.min.css
www.gesa.com/wp-content/plugins/elementor-pro/assets/css/ 483 KB
45 KB 82ms
77ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b10604af435fcda6674878212b06d1b8d557aee0f5c877dc5befab22ebf71c9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 479821
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:39 GMT
server: cloudflare
etag: W/"6480cc57-78c7d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce0f032d-MIA

GET
H2 200 default.min.css
www.gesa.com/wp-content/plugins/tablepress/css/ 5 KB
2 KB 53ms
50ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 400104
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:13 GMT
server: cloudflare
etag: W/"6480cc3d-13e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce10032d-MIA

GET
H2 200 responsive.css
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 30 KB
3 KB 54ms
51ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 308826
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-764b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce11032d-MIA

GET
H2 200 foundation.css
www.gesa.com/wp-content/themes/gesa/assets/css/ 167 KB
18 KB 80ms
77ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/css/foundation.css?ver=6.5.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e77dafe902b5371d42c7e236b778a91874bfb8bdb2dc82b3ee3d4803d20fd9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 483373
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-29dfd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce12032d-MIA

GET
H2 200 custom.css
www.gesa.com/wp-content/themes/gesa/assets/css/ 353 KB
45 KB 55ms
51ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e18b9694e50520d13ba30b0825d6d47dd3eff828d49e4f9485e484ca502f188d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 561835
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 29 Jun 2023 00:08:23 GMT
server: cloudflare
etag: W/"649ccb77-58274"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004ce14032d-MIA

GET
H2 200 style.css
www.gesa.com/wp-content/themes/gesa/ 1 KB
904 B 84ms
80ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/style.css?ver=1.1.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69bba50b17d75423288fd69eb23a6bf3a4ad2b63e762f64bd01c973228204e28

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1410179
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 11 Jul 2023 08:13:53 GMT
server: cloudflare
etag: W/"64ad0f41-453"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004fe4f032d-MIA

GET
H2 200 front-js.js Show response
www.gesa.com/wp-content/plugins/weglot/dist/ 4 KB
2 KB 88ms
85ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/dist/front-js.js?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14ab9d038257f517c4e1b485d7a9228fe500c0ebfa571350232f73f2c1c8e991

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 215683
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Jun 2023 15:45:46 GMT
server: cloudflare
etag: W/"648b322a-1124"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004fe50032d-MIA

GET
H2 200 jquery.min.js Show response
www.gesa.com/wp-includes/js/jquery/ 85 KB
31 KB 89ms
86ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1419605
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 26 May 2023 11:33:35 GMT
server: cloudflare
etag: W/"6470990f-155ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004fe52032d-MIA

GET
H2 200 jquery.bind-first-0.2.3.min.js Show response
www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/ 1 KB
764 B 107ms
105ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/jquery.bind-first-0.2.3.min.js?ver=6.3.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37045bf0d243623db4f2e99567c986944957b336dafa6368f4f75bcbad6fc4fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 102086
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 25 Oct 2023 12:57:10 GMT
server: cloudflare
etag: W/"653910a6-525"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004fe55032d-MIA

GET
H2 200 js.cookie-2.1.3.min.js Show response
www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/ 2 KB
969 B 107ms
104ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/js.cookie-2.1.3.min.js?ver=2.1.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4af105297c5b49ca668eaa0774c0eb479e907175f12ccc30e9c038dd7b6fcaf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 751681
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 25 Oct 2023 12:57:10 GMT
server: cloudflare
etag: W/"653910a6-6ad"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004fe57032d-MIA

GET
H2 200 public.js Show response
www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/ 111 KB
18 KB 107ms
104ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/public.js?ver=9.4.7.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

213e952d847772a3a51ca5c0931cdd084efd1010c737928c5a0b1c6a0d5be0a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 376057
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 25 Oct 2023 12:57:10 GMT
server: cloudflare
etag: W/"653910a6-1bb96"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732004fe5a032d-MIA

GET
H2 200 evergage.min.js Show response
cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/ 194 KB
47 KB 117ms
54ms Script
application/javascript 151.101.128.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.128.114 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0cc9b6262b97ecc400e496047cf0c01b47da5196e01952a7a413a9e6f964607f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: gPKYpwaG66x3NRbQhy4CyNHwgv1k8_pS
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Thu, 16 Nov 2023 22:21:06 GMT
x-amz-request-id: RR0S4JS8CDTV8BR4
age: 81
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-replication-status: COMPLETED
content-length: 47897
x-amz-id-2: nWfSamX16oqfiXHo7OsLlBpokYDxNVgKPRbaDz23VZ2vBveoPZ11naEdEanzhSTqkOa8/eOiDN0=
x-served-by: cache-iad-kcgs7200023-IAD, cache-mia-kmia1760062-MIA
x-amz-meta-evergage-sum: 7d6d99bc68c491140cbf688ddfa992fb5fdbf712
last-modified: Tue, 31 Oct 2023 01:28:51 GMT
server: AmazonS3
x-timer: S1700173267.747350,VS0,VE27
etag: "d64ff2074b88b4187a2ebdbee272240f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-evergage-beacon-ver: 16
x-cache-hits: 21634, 1

GET
H/1.1 200
OK 219777.js Show response
secure.node7seat.com/js/ 25 KB
12 KB 393ms
78ms Script
text/javascript 52.146.86.174
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.node7seat.com/js/219777.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.146.86.174 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 78c917da7996aab5334be848b0a45fb0adfea9cf6ca5650fffa0e6bb0c073c04

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Thu, 16 Nov 2023 22:21:07 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: no-store, must-revalidate
Connection: keep-alive
Request-Context: appId=cid-v1:bc2713c3-85d3-454a-adab-7b0fd01bd9ed

GET
H2 200 AFF-LH-Veteran.webp
www.gesa.com/wp-content/uploads/2022/06/ 196 KB
196 KB 90ms
89ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Veteran.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcce3372b7f8e6f3f73291a90fe22268c87fb0ba4c149f89e1463e8b7675ce42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 400104
alt-svc: h3=":443"; ma=86400
content-length: 200436
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-30ef4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732004fe5c032d-MIA

GET
H2 200 dc-affinity-hs-kibe.png
www.gesa.com/wp-content/uploads/2022/06/ 84 KB
84 KB 79ms
78ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-kibe.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ae8d74f433ccc26f492867cb1964639892e27298c26e169bfc0777ccd1626b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 480154
cf-polished: origFmt=png, origSize=133591
content-disposition: inline; filename="dc-affinity-hs-kibe.webp"
alt-svc: h3=":443"; ma=86400
content-length: 86124
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:10 GMT
server: cloudflare
etag: "63977dbe-209d7"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732004fe5f032d-MIA

GET
H3 200 AFF-Lynnwood-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 52 KB
52 KB 50ms
48ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Lynnwood-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e87f2df7792f0f76c391e34fb95c32c45c1eebc228f7eadfe6e7191997d4d18

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117357
cf-polished: origFmt=png, origSize=59030
content-disposition: inline; filename="AFF-Lynnwood-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 53118
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-e696"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320057f23333d-MIA

GET
H3 200 AFF-Meadowdale-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 46 KB
47 KB 93ms
93ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Meadowdale-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e779c3a7445c68e4334fbf89302ecb07ef48ba033e02ac0485ad8ca410be6d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2458212
cf-polished: origFmt=png, origSize=52525
content-disposition: inline; filename="AFF-Meadowdale-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 47248
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-cd2d"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320058f54333d-MIA

GET
H3 200 AFF-Mountlake-Terrace-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 47 KB
48 KB 69ms
66ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Mountlake-Terrace-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f97ab3d97b58d92065b53294cd5fc2afd4215498de07727f585321cf01a0d6bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117357
cf-polished: origFmt=png, origSize=54344
content-disposition: inline; filename="AFF-Mountlake-Terrace-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 48622
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d448"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200628bb333d-MIA

GET
H3 200 AFF-New-Horizons-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 56 KB
56 KB 211ms
194ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-New-Horizons-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dbfeb7d4f8335eba017f0cbb0b779b34122d5e1f2b478e08afd0dd439bdf597

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34231
cf-polished: origFmt=png, origSize=62417
content-disposition: inline; filename="AFF-New-Horizons-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 57248
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-f3d1"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c38333d-MIA

GET
H3 200 AFF-Pasco-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 57 KB
57 KB 214ms
197ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Pasco-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22cb7afd879af42251168f826b48ee24fc02073275e079dbf9760af9d7e074e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740407
cf-polished: origFmt=png, origSize=64476
content-disposition: inline; filename="AFF-Pasco-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 58356
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-fbdc"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c3a333d-MIA

GET
H3 200 AFF-Richland-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 48 KB
49 KB 230ms
213ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Richland-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c668b9785b8c2c0bb2479b6bd16f736385324a5a39870a92cf3d9e801080f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740407
cf-polished: origFmt=png, origSize=55744
content-disposition: inline; filename="AFF-Richland-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 49456
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d9c0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c3e333d-MIA

GET
H3 200 AFF-LH-Law.png
www.gesa.com/wp-content/uploads/2022/06/ 78 KB
78 KB 232ms
214ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Law.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c0364839511190adcbff9a36a5e132148ceb13b68cbf9e15754731d674343d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117356
cf-polished: origFmt=png, origSize=91673
content-disposition: inline; filename="AFF-LH-Law.webp"
alt-svc: h3=":443"; ma=86400
content-length: 79582
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-16619"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c42333d-MIA

GET
H3 200 dc-affinity-hs-riverview.png
www.gesa.com/wp-content/uploads/2022/06/ 69 KB
70 KB 236ms
218ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-riverview.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e438b7cda01c633b5bac61a6af60b042244039708fed06ed9cbbab45dc4e4e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740407
cf-polished: origFmt=png, origSize=159013
content-disposition: inline; filename="dc-affinity-hs-riverview.webp"
alt-svc: h3=":443"; ma=86400
content-length: 70792
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 20 Sep 2023 23:12:01 GMT
server: cloudflare
etag: "650b7c41-26d25"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c43333d-MIA

GET
H3 200 AFF-Scriber-Lake-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 49 KB
50 KB 237ms
220ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Scriber-Lake-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e657f7cbb9079a832a9376c1c8d207f573e432cf5be12a3d25edbac232ec9115

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117356
cf-polished: origFmt=png, origSize=55222
content-disposition: inline; filename="AFF-Scriber-Lake-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 50292
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d7b6"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c45333d-MIA

GET
H3 200 AFF-Southridge-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 48 KB
48 KB 271ms
254ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Southridge-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06610fe2a43b1065a10fef2028f0e284be932e564723402722764bc7e9b4bee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 128710
cf-polished: origFmt=png, origSize=54525
content-disposition: inline; filename="AFF-Southridge-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 49072
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d4fd"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c46333d-MIA

GET
H3 200 AFF-St-Patrick-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 25 KB
25 KB 273ms
256ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-St-Patrick-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c32a32a129e8bc0d7eed9d55e997308e4fb48d3af5c89f38f9af6ff1907f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740406
cf-polished: origFmt=png, origSize=28495
content-disposition: inline; filename="AFF-St-Patrick-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 25432
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-6f4f"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c48333d-MIA

GET
H3 200 AFF-LH-Teacher.webp
www.gesa.com/wp-content/uploads/2022/06/ 180 KB
181 KB 274ms
256ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Teacher.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

226898bfae2c40913fd46106a6634772385e08dddfd767474385770ebae28e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740403
alt-svc: h3=":443"; ma=86400
content-length: 184432
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-2d070"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c4a333d-MIA

GET
H3 200 AFF-Kennewick-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 44 KB
45 KB 276ms
259ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Kennewick-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfbd42ebc962e0689ff68829d89849ec773ce8dd88ba545355753384cca4ca58

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740403
cf-polished: origFmt=png, origSize=49732
content-disposition: inline; filename="AFF-Kennewick-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 45106
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-c244"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c4d333d-MIA

GET
H3 200 AFF-Walla-Walla-Debit.webp
www.gesa.com/wp-content/uploads/2022/06/ 41 KB
41 KB 277ms
259ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Walla-Walla-Debit.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92a53ce94858393660decb26aa46fd5884ac7d407bd03081b624602e04dd0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2283648
alt-svc: h3=":443"; ma=86400
content-length: 42088
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-a468"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c54333d-MIA

GET
H3 200 AFF-Wenatchee-Debit-1.webp
www.gesa.com/wp-content/uploads/2022/06/ 111 KB
112 KB 280ms
263ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Wenatchee-Debit-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fac441fc28156645fa152344532bfd8005e06c134980dd4112fbd0eaf4d7662f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1834523
alt-svc: h3=":443"; ma=86400
content-length: 114018
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1bd62"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c56333d-MIA

GET
H3 200 AFF-Westside-Debit.webp
www.gesa.com/wp-content/uploads/2022/06/ 111 KB
111 KB 284ms
266ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Westside-Debit.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

241d5d37ce41bf5054b2a911827b9480f99e669dc2aa7982dca688028b35cb51

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740402
alt-svc: h3=":443"; ma=86400
content-length: 113498
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1bb5a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c82333d-MIA

GET
H3 200 dc-affinity-hs-edmonds-woodway.png
www.gesa.com/wp-content/uploads/2022/12/ 31 KB
31 KB 291ms
273ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/12/dc-affinity-hs-edmonds-woodway.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

137ce284058103233f12c23f00cb0ce873387bf0d46ce523b5fb1dfb22d8cb05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117354
cf-polished: origFmt=png, origSize=69435
content-disposition: inline; filename="dc-affinity-hs-edmonds-woodway.webp"
alt-svc: h3=":443"; ma=86400
content-length: 31420
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 22 Dec 2022 23:35:32 GMT
server: cloudflare
etag: "63a4e9c4-10f3b"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c89333d-MIA

GET
H3 200 dc-affinity-hs-talley.png
www.gesa.com/wp-content/uploads/2022/10/ 72 KB
72 KB 298ms
280ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-talley.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cc56655684dd02ce927521ac8435d2b35c0482a7153a2fadac60b4a91cd8f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740401
cf-polished: origFmt=png, origSize=111681
content-disposition: inline; filename="dc-affinity-hs-talley.webp"
alt-svc: h3=":443"; ma=86400
content-length: 73642
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
server: cloudflare
etag: "63977dbb-1b441"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c8e333d-MIA

GET
H3 200 dc-affinity-hs-renton.png
www.gesa.com/wp-content/uploads/2022/10/ 26 KB
26 KB 300ms
283ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-renton.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c42b88e1c62f40544d064489d9ec2ff8a1b3053bd12cb579a41ba6bfdcc2fb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117354
cf-polished: origFmt=png, origSize=56304
content-disposition: inline; filename="dc-affinity-hs-renton.webp"
alt-svc: h3=":443"; ma=86400
content-length: 26252
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:06 GMT
server: cloudflare
etag: "63977dba-dbf0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c97333d-MIA

GET
H3 200 dc-affinity-hs-lindbergh.png
www.gesa.com/wp-content/uploads/2022/10/ 34 KB
35 KB 301ms
284ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-lindbergh.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f6593da5f5c0c28ddb6413992e1f3dcbbce263b0790eae02daf1ae8df812bac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740401
cf-polished: origFmt=png, origSize=70604
content-disposition: inline; filename="dc-affinity-hs-lindbergh.webp"
alt-svc: h3=":443"; ma=86400
content-length: 35128
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:06 GMT
server: cloudflare
etag: "63977dba-113cc"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078c9b333d-MIA

GET
H3 200 dc-affinity-hs-hazen.png
www.gesa.com/wp-content/uploads/2022/10/ 41 KB
42 KB 302ms
285ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-hazen.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10bd18f098e5cef6e2a15898fe091a6b7821fb97f3f524349552bb3a4f3576d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34230
cf-polished: origFmt=png, origSize=85198
content-disposition: inline; filename="dc-affinity-hs-hazen.webp"
alt-svc: h3=":443"; ma=86400
content-length: 42412
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:06 GMT
server: cloudflare
etag: "63977dba-14cce"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078ca2333d-MIA

GET
H3 200 dc-affinity-hs-westvalley.png
www.gesa.com/wp-content/uploads/2023/01/ 32 KB
32 KB 302ms
285ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/01/dc-affinity-hs-westvalley.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dba8bca52aa39a7625f4d95945248c572f6d15999b2f539effcafd17a3c61528

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34230
cf-polished: origFmt=png, origSize=72168
content-disposition: inline; filename="dc-affinity-hs-westvalley.webp"
alt-svc: h3=":443"; ma=86400
content-length: 32608
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 11 Jan 2023 20:38:41 GMT
server: cloudflare
etag: "63bf1e51-119e8"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078ca8333d-MIA

GET
H3 200 dc-college-heritage.png
www.gesa.com/wp-content/uploads/2023/04/ 12 KB
13 KB 304ms
287ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/04/dc-college-heritage.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a71c1b9c1b84a8603ced9fcc3a73fc59521065a35fe045a03c3fcd6f6c01977

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1028633
cf-polished: origFmt=png, origSize=27560
content-disposition: inline; filename="dc-college-heritage.webp"
alt-svc: h3=":443"; ma=86400
content-length: 12654
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 14 Apr 2023 18:09:26 GMT
server: cloudflare
etag: "643996d6-6ba8"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cae333d-MIA

GET
H3 200 forevergreen-min-1920x1210.png
www.gesa.com/wp-content/uploads/2023/04/ 110 KB
111 KB 304ms
287ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/04/forevergreen-min-1920x1210.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb5bb791c0aa0ded45801e3762ee1507cee4076d3ac4f3b155e3d25d68c15422

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291592
cf-polished: origFmt=png, origSize=235113
content-disposition: inline; filename="forevergreen-min-1920x1210.webp"
alt-svc: h3=":443"; ma=86400
content-length: 112662
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Tue, 25 Apr 2023 16:52:13 GMT
server: cloudflare
etag: "6448053d-39669"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cb1333d-MIA

GET
H3 200 dc-affinity-hs-prosser-1920x1210.png
www.gesa.com/wp-content/uploads/2023/07/ 224 KB
225 KB 306ms
289ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/07/dc-affinity-hs-prosser-1920x1210.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe9c1f23cc3e0d87a3ed0094d41727945ab61b28651e45441f0f98f9ac309153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291592
cf-polished: origFmt=png, origSize=457633
content-disposition: inline; filename="dc-affinity-hs-prosser-1920x1210.webp"
alt-svc: h3=":443"; ma=86400
content-length: 229794
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Tue, 18 Jul 2023 23:15:30 GMT
server: cloudflare
etag: "64b71d12-6fba1"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cb6333d-MIA

GET
H3 200 dc-affinity-hs-vanguard-academy.png
www.gesa.com/wp-content/uploads/2023/07/ 24 KB
24 KB 308ms
291ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/07/dc-affinity-hs-vanguard-academy.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55bf0bda5de576f5026effeddf372974746d1ed1309ad882b39e24fbc9eb6c0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 781179
cf-polished: origFmt=png, origSize=56203
content-disposition: inline; filename="dc-affinity-hs-vanguard-academy.webp"
alt-svc: h3=":443"; ma=86400
content-length: 24600
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 18 Aug 2023 23:47:08 GMT
server: cloudflare
etag: "64e002fc-db8b"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cbd333d-MIA

GET
H3 200 AFF-Chiawana-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 58 KB
58 KB 343ms
326ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Chiawana-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f28f5c6a226dcd2c3b80fca12f7ef0b43a0385bd27cb69c698c8443f050d66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
cf-polished: origFmt=png, origSize=65059
content-disposition: inline; filename="AFF-Chiawana-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 59116
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-fe23"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cc2333d-MIA

GET
H3 200 AFF-LH-Healthcare.webp
www.gesa.com/wp-content/uploads/2022/06/ 112 KB
112 KB 325ms
307ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Healthcare.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

326b21d33a052c868180ff94d32409cdc689aa9ba9b68ca6787a2853100a1ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015529
alt-svc: h3=":443"; ma=86400
content-length: 114426
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1befa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cc8333d-MIA

GET
H3 200 AFF-WSU-Debit-2.webp
www.gesa.com/wp-content/uploads/2022/06/ 63 KB
64 KB 328ms
311ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-2.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dffbec59d2319c3236a3edfe56f55f12ada2d9023eed6f204fc7f83b32c0cb40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2283647
alt-svc: h3=":443"; ma=86400
content-length: 64664
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-fc98"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cd3333d-MIA

GET
H3 200 AFF-WSU-Debit-1.webp
www.gesa.com/wp-content/uploads/2022/06/ 93 KB
93 KB 339ms
322ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c26c8fee132cba88ff48de65daefb51c9972fab6d3d13136d54634033d0e9bac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2349901
alt-svc: h3=":443"; ma=86400
content-length: 94978
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-17302"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cd7333d-MIA

GET
H3 200 AFF-WSU-Credit.webp
www.gesa.com/wp-content/uploads/2022/06/ 29 KB
29 KB 370ms
353ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Credit.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9ef83e9ca2f04a0a6ef605ecdc810c7ea0b36e7b9767bdcf6bdc38c6a8e831

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34230
alt-svc: h3=":443"; ma=86400
content-length: 29664
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-73e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078ce1333d-MIA

GET
H3 200 AFF-WSU-Credit-1.webp
www.gesa.com/wp-content/uploads/2022/06/ 20 KB
20 KB 370ms
353ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Credit-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d428752937c011563195cd8738502cfbefb1f52d1ace608bf297eabda0e64e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
alt-svc: h3=":443"; ma=86400
content-length: 20314
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-4f5a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078ce7333d-MIA

GET
H3 200 AFF-WSU-Debit-3.webp
www.gesa.com/wp-content/uploads/2022/06/ 46 KB
46 KB 340ms
322ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-3.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

251f896d186d1d27c03670e3ea1894bff902ba52479c5ae148fa28cd218e9625

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
alt-svc: h3=":443"; ma=86400
content-length: 47076
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-b7e4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078ced333d-MIA

GET
H3 200 AFF-Highline-Debit-2.png
www.gesa.com/wp-content/uploads/2022/06/ 36 KB
36 KB 341ms
323ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Highline-Debit-2.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3169045b619f079c09edc6c6dc04268c645697430b7f0ccdfe815b8735c199d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
cf-polished: origFmt=png, origSize=41188
content-disposition: inline; filename="AFF-Highline-Debit-2.webp"
alt-svc: h3=":443"; ma=86400
content-length: 36530
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-a0e4"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cf3333d-MIA

GET
H3 200 AFF-Highline-Debit-1.png
www.gesa.com/wp-content/uploads/2022/06/ 34 KB
35 KB 342ms
324ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Highline-Debit-1.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d31b51d4ac3d588bbcc4a10aed1abafcf50fb626b656fa5309fedaed567645cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=40882
content-disposition: inline; filename="AFF-Highline-Debit-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 35172
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-9fb2"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078cf9333d-MIA

GET
H3 200 AFF-CBC-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 27 KB
27 KB 343ms
326ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-CBC-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63046617ab9c0650fb173a815023797cbd872c48898e0f57b6ec8fca7bd1d390

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117353
cf-polished: origFmt=png, origSize=31577
content-disposition: inline; filename="AFF-CBC-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 27596
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-7b59"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d00333d-MIA

GET
H3 200 AFF-Naches-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 50 KB
51 KB 343ms
326ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Naches-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92af5c3016059719e31e89d97c6c9a63cbeaa5e938ce63e2c16dc7e8bc6d54fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=55683
content-disposition: inline; filename="AFF-Naches-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 51314
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d983"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d0c333d-MIA

GET
H3 200 dc-affinity-hs-moseslake.png
www.gesa.com/wp-content/uploads/2022/06/ 56 KB
57 KB 352ms
335ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-moseslake.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb82eb390a781039b7a17650eaf12f0d043c5df1a46e260977c0e5bb9c030b22

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117353
cf-polished: origFmt=png, origSize=109428
content-disposition: inline; filename="dc-affinity-hs-moseslake.webp"
alt-svc: h3=":443"; ma=86400
content-length: 57848
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:10 GMT
server: cloudflare
etag: "63977dbe-1ab74"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d10333d-MIA

GET
H3 200 AFF-Liberty-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 52 KB
52 KB 353ms
335ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Liberty-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef101c7141faba6cb722927ca4ec51fde7482befad59c13b9ecee64eba139060

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=58152
content-disposition: inline; filename="AFF-Liberty-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 52762
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-e328"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d14333d-MIA

GET
H3 200 AFF-TCA-1.png
www.gesa.com/wp-content/uploads/2022/06/ 22 KB
23 KB 354ms
336ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-TCA-1.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aba30c4a7bbf09cdd029e920b0c2e78f1ab14cb99c78443c1a684c0270b15212

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=26018
content-disposition: inline; filename="AFF-TCA-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22590
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-65a2"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d18333d-MIA

GET
H3 200 AFF-WSU-Debit-Retro.webp
www.gesa.com/wp-content/uploads/2022/06/ 29 KB
29 KB 355ms
337ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-Retro.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03875f5ffa03acb3b4e09691ae36cdb0f1a4d3af8da45b8f4d998ed175236f59

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
alt-svc: h3=":443"; ma=86400
content-length: 29602
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-73a2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d19333d-MIA

GET
H3 200 AFF-College-Place-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 50 KB
51 KB 362ms
344ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-College-Place-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b900014a85bda70cde617cdaae7a8a91727943c760cfc92b40760c29cef14312

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=56881
content-disposition: inline; filename="AFF-College-Place-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 51584
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-de31"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d20333d-MIA

GET
H3 200 AFF-Columbia-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 53 KB
54 KB 362ms
344ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Columbia-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c2f8e000136ab8664c9c2f22cbc8aafbee419a1eac3fec7ec32822c925cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=60576
content-disposition: inline; filename="AFF-Columbia-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 54748
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-eca0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320078d23333d-MIA

GET
H3 200 AFF-Davis-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 19 KB
20 KB 377ms
359ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Davis-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9796bc60fc921b490963396feaf198b84c0791bfdf574b230f75e451fb6368ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 781179
cf-polished: origFmt=png, origSize=22616
content-disposition: inline; filename="AFF-Davis-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 19544
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-5858"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd25333d-MIA

GET
H3 200 AFF-Delta-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 42 KB
43 KB 379ms
358ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Delta-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3026106731138872e882acce33910e82c9280990fa45317c9e900e1535e5039b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=47670
content-disposition: inline; filename="AFF-Delta-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 43112
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-ba36"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd2a333d-MIA

GET
H3 200 AFF-TCDD.png
www.gesa.com/wp-content/uploads/2022/06/ 22 KB
23 KB 379ms
359ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-TCDD.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2ba197eefdf3e395c59767820118e11190c70b206b99ac654f0155008cc62af

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117353
cf-polished: origFmt=png, origSize=26484
content-disposition: inline; filename="AFF-TCDD.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22924
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-6774"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd2e333d-MIA

GET
H3 200 AFF-Eastmont-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 54 KB
54 KB 380ms
359ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Eastmont-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

334d5e7f9a35f81aeabf466f3ee3c0c9522077a4f14c336998c7cb9827e7b21d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1028630
cf-polished: origFmt=png, origSize=60044
content-disposition: inline; filename="AFF-Eastmont-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 55142
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-ea8c"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd32333d-MIA

GET
H3 200 AFF-Edmonds-Heights-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 45 KB
45 KB 380ms
359ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Edmonds-Heights-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5716bdd72281749566ea5f0b5961c0c3b9c9d7ac0ba04cf45e064f0cd8bada0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=51532
content-disposition: inline; filename="AFF-Edmonds-Heights-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 45584
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-c94c"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd36333d-MIA

GET
H3 200 AFF-Edmonds-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 27 KB
28 KB 387ms
366ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Edmonds-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d2f6022504259884302bb439c2b3782b0fa686af2a040f3766119cc5a83d464

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=31194
content-disposition: inline; filename="AFF-Edmonds-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 27696
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-79da"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd3a333d-MIA

GET
H3 200 AFF-Eisenhower-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 23 KB
23 KB 388ms
366ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Eisenhower-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

119c68cafab2592ca4b6c4c435cc38885313eefbaf9b6373f9ad20c37d172d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=26444
content-disposition: inline; filename="AFF-Eisenhower-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 23558
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-674c"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd3e333d-MIA

GET
H3 200 AFF-LH-Fire.png
www.gesa.com/wp-content/uploads/2022/06/ 109 KB
109 KB 391ms
368ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Fire.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fffd742919bedf3c6281c0f6b22c79d1d9c618255adedcda280cc1fdaf6b45c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=127363
content-disposition: inline; filename="AFF-LH-Fire.webp"
alt-svc: h3=":443"; ma=86400
content-length: 111310
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1f183"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd43333d-MIA

GET
H3 200 dc-affinity-hs-hanford.png
www.gesa.com/wp-content/uploads/2022/06/ 26 KB
26 KB 392ms
369ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-hanford.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ef003c90c31f90a2abb3b6003fa3c8c463d1eb66eb3c2379b2bd2d7cac626e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=59872
content-disposition: inline; filename="dc-affinity-hs-hanford.webp"
alt-svc: h3=":443"; ma=86400
content-length: 26372
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-e9e0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd49333d-MIA

GET
H3 200 dc-affinity-hs-kamiakin.png
www.gesa.com/wp-content/uploads/2022/06/ 30 KB
30 KB 420ms
397ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-kamiakin.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0afe04cfbce95f98b08ab24d6d787e27054a02c3c02c6bb7da44c86c8515e132

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117352
cf-polished: origFmt=png, origSize=64021
content-disposition: inline; filename="dc-affinity-hs-kamiakin.webp"
alt-svc: h3=":443"; ma=86400
content-length: 30314
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-fa15"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd5a333d-MIA

GET
H3 200 animations.min.css
www.gesa.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 58ms
57ms Stylesheet
text/css 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752940
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-4824"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320064914333d-MIA

GET
H3 200 frontend-script.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/ 40 B
432 B 52ms
52ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2458212
alt-svc: h3=":443"; ma=86400
content-length: 40
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: "647f71b8-28"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200699e8333d-MIA

GET
H3 200 widget-scripts.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 134 KB
37 KB 51ms
50ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1015535
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-2193f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732006a9fb333d-MIA

GET
H3 200 core.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 59ms
59ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 1834523
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: cloudflare
etag: W/"63dbe690-53be"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732006fa9f333d-MIA

GET
H3 200 menu.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 10 KB
3 KB 44ms
43ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc50c28f1db50dbce579d4738a0e55001a5f954df3307ca5d502f42202d1d05c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: cloudflare
etag: W/"63dbe690-2782"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732006fab4333d-MIA

GET
H3 200 selectmenu.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 9 KB
3 KB 155ms
154ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/selectmenu.min.js?ver=1.13.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6816ba59d3757e525880fbf568b3faf808ffc743411d46ebfb33a543247ad628

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2279638
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 19 Sep 2022 18:04:09 GMT
server: cloudflare
etag: W/"6328af19-2483"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320076b92333d-MIA

GET
H3 200 foundation.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/ 46 KB
16 KB 156ms
138ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/foundation.min.js?ver=6.5.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58a752f5a1298d0757f7953670951352ab722958e4332e1f1f20a315f836e6e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 748616
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-b835"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bd4333d-MIA

GET
H3 200 slick.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 52 KB
12 KB 180ms
162ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/slick.min.js?ver=1.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6c39ab37a92035619ffbf66dd293f6d6980fc1bebdaeb9a0b922775abc32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2101744
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-d13f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bd8333d-MIA

GET
H3 200 lazyload.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 8 KB
3 KB 181ms
163ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/lazyload.min.js?ver=12.4.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7866661e9747c63d27963b389bd0bbc19c29dc5255cf7393b727368927e9b06c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2210510
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-1f24"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bdb333d-MIA

GET
H3 200 jquery.matchHeight-min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 3 KB
2 KB 181ms
163ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/jquery.matchHeight-min.js?ver=0.7.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

246faa0aca51a7be47ae13827bffdec1f0e69699d291c727646b56e83ee1fd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 34231
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-d39"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078be0333d-MIA

GET
H3 200 jquery.fancybox.v3.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 67 KB
22 KB 182ms
163ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/jquery.fancybox.v3.js?ver=3.5.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4961dda4383b1a3727e5aa981024c40cb07005f89e3264a3ab423eb356380f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 624401
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-10aa1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078be4333d-MIA

GET
H3 200 webpack.runtime.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 183ms
165ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2300948
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:45 GMT
server: cloudflare
etag: W/"6480cc5d-135d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078be7333d-MIA

GET
H3 200 frontend-modules.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 32 KB
11 KB 183ms
165ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-80b3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bea333d-MIA

GET
H3 200 waypoints.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 183ms
165ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 34231
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-2fa6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bec333d-MIA

GET
H3 200 frontend.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 40 KB
13 KB 184ms
166ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2458213
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-9e41"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bef333d-MIA

GET
H3 200 global.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/ 42 KB
11 KB 184ms
167ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/global.js?ver=1.0.18

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f708c31ba347c4b2bd756b4d2fd4d371f250182b241c0306268d3a0ec340b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 11 Jul 2023 08:13:53 GMT
server: cloudflare
etag: W/"64ad0f41-a661"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bf2333d-MIA

GET
H3 200 jquery.smartmenus.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/ 25 KB
8 KB 206ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2447937
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:37 GMT
server: cloudflare
etag: W/"647f71b1-6272"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bf7333d-MIA

GET
H3 200 imagesloaded.min.js Show response
www.gesa.com/wp-includes/js/ 5 KB
2 KB 206ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 34231
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Sat, 13 Jun 2020 18:53:27 GMT
server: cloudflare
etag: W/"5ee520a7-15fd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078bfa333d-MIA

GET
H3 200 webpack-pro.runtime.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
3 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc65806adf6c251323693c9b7adb6b97e19879aa2f5428f2f05c0f08fca18404

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:38 GMT
server: cloudflare
etag: W/"6480cc56-1472"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c05333d-MIA

GET
H3 200 wp-polyfill-inert.min.js Show response
www.gesa.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: cloudflare
etag: W/"63c7d511-1feb"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c09333d-MIA

GET
H3 200 regenerator-runtime.min.js Show response
www.gesa.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
server: cloudflare
etag: W/"63e274b5-19cf"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c0c333d-MIA

GET
H3 200 wp-polyfill.min.js Show response
www.gesa.com/wp-includes/js/dist/vendor/ 16 KB
6 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
server: cloudflare
etag: W/"649af113-3f12"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c10333d-MIA

GET
H3 200 hooks.min.js Show response
www.gesa.com/wp-includes/js/dist/ 5 KB
2 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
server: cloudflare
etag: W/"649af113-1213"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c19333d-MIA

GET
H3 200 i18n.min.js Show response
www.gesa.com/wp-includes/js/dist/ 9 KB
4 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/i18n.min.js?ver=7701b0c3857f914212ef

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2210510
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 28 Jun 2023 20:08:46 GMT
server: cloudflare
etag: W/"649c934e-24e5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c1e333d-MIA

GET
H3 200 frontend.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 21 KB
6 KB 207ms
189ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7fdd491f449c314d884b9b9b6d11cfe037179d84e567a62e1e19584881e3e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 34231
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-543b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c27333d-MIA

GET
H3 200 elements-handlers.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
6 KB 208ms
190ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27c3bae726c78894582c23e5b507dda2dacd2c5c8aa9afe17ae179519e4ba3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2458213
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-60dc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c2b333d-MIA

GET
H3 200 animate-circle.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 810 B
831 B 208ms
190ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2210510
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-32a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c2e333d-MIA

GET
H3 200 elementor.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 18 KB
5 KB 208ms
190ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a496ca0aa2b9981aef70474b2219472dcf25db655779c48e3ab018e268857558

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2194166
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:33 GMT
server: cloudflare
etag: W/"6480cc51-461c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c32333d-MIA

GET
H3 200 swiper.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
36 KB 208ms
191ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2458213
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-21f91"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c34333d-MIA

GET
H3 200 jquery.sticky.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 211ms
193ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752941
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:37 GMT
server: cloudflare
etag: W/"647f71b1-e89"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 827320078c37333d-MIA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 369 KB
106 KB 213ms
85ms Script
application/javascript 2607:f8b0:4004:c06::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

94e3c0e2c4567cd2d986d5637fe036e3bacb468296246074e4c62196d520733d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108390
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 16 Nov 2023 22:21:07 GMT

GET
H/1.1 200
OK Capture.aspx Show response
secure.node7seat.com/Track/ 0
184 B 98ms
75ms Script
text/plain 52.146.86.174
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.node7seat.com/Track/Capture.aspx?retType=js&trk_jshv=1&trk_uid=&trk_user=219777&trk_sw=1600&trk_sh=1200&trk_ref=&trk_tit=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&trk_loc=https%3A%2F%2Fwww.gesa.com%2F&trk_agn=Netscape&trk_agv=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36.lfcd24.lflng&trk_dom=www.gesa.com&trk_cookie=NA&trk_culid=01HFD3JG41H708TJR7QH6CESZA
Requested by: Host: secure.node7seat.com
URL: https://secure.node7seat.com/js/219777.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.146.86.174 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 22:21:07 GMT
Server: Kestrel
Connection: keep-alive
Content-Length: 0
Request-Context: appId=cid-v1:bc2713c3-85d3-454a-adab-7b0fd01bd9ed

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8aa916be8ee9babafc0055de42bd64e344202fe3223d463d0cc35e1637f1ea1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 641611b58754d802f2a7672c62a4d15ee0950f47c28f1bb9b2c1f38d9f7bca50

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f085b0387d391f11026a10c6ea821ebbe9e2b7f7e065a4368ef5ff6589a79737

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 09bb15f21c30116957d4917230f723fd982a18e323b9728dee8825ee409b5715

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aa40111e30b48fba40d8a719f9102bcf3bab3faedce696673fd4e13998e16e0a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 049998472f24fe69a2a5d946806e7d7772f733953c2e8947dfee3c925becf9ba

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fcdf290b43a70854a24110a5a9a189fb31c321110313269e8a5601e869f0c862

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4af9a2e261fb48aca31900045f77d2a6d7dbd55df0c5967c40743f94dd8de0c6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6fa6a7c8f92bfe1fe10d8700f08cfcca04d16558cc130fdf78643b66986a998

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f30381d45f347ae210ebd73a518a8747d5d5a0cb1e0d855b7bca3e2459853dca

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff0a79ec21356d69477f2e854838c684d1a18f82c8c384dc8530efd60392f18b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 white-logo.svg
www.gesa.com/wp-content/themes/gesa/assets/images/ 12 KB
6 KB 399ms
397ms Image
image/svg+xml 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/images/white-logo.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4543785910eab419295691033691a60ec304e11afe3927e18e2442445bea2f84

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2185263
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-3130"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732007fd68333d-MIA

GET
H3 200 Patterns.png
www.gesa.com/wp-content/uploads/2022/07/ 15 KB
15 KB 395ms
394ms Image
image/png 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/07/Patterns.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

402c047e48c28bd9d49d6a18a3dc1a38d37fbb0cfb7a5fc9112cb284d84dd93b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2314421
cf-polished: origSize=15975, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 15269
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
server: cloudflare
etag: "63977dbb-3e67"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 82732007fd6f333d-MIA

GET
H3 200 Commercial-Banking-icon.svg
www.gesa.com/wp-content/themes/gesa/assets/images/ 1 KB
717 B 398ms
396ms Image
image/svg+xml 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/images/Commercial-Banking-icon.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d849984aadfbd799da2ee8e12277ac18a70d5e5a2166f73418ba4b46d382432

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 740410
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-436"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732007fd77333d-MIA

GET
H3 200 Loans-icon.svg
www.gesa.com/wp-content/themes/gesa/assets/images/ 794 B
853 B 398ms
396ms Image
image/svg+xml 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/images/Loans-icon.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec335d354b53a8fd44ef06fddfb6663dea667f2da5631d8526df515db8d9d3e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2185263
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-31a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732007fd84333d-MIA

GET
H3 200 Credit-Cards-icon.svg
www.gesa.com/wp-content/themes/gesa/assets/images/ 2 KB
1 KB 398ms
397ms Image
image/svg+xml 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/images/Credit-Cards-icon.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bc396bf8a3b9e6cd2c8275599ba07f84ae64a6833d38ae8739e44ca553daf0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 30922
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-9da"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732007fd8c333d-MIA

GET
H3 200 Investments-icon.svg
www.gesa.com/wp-content/themes/gesa/assets/images/ 2 KB
812 B 399ms
397ms Image
image/svg+xml 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/images/Investments-icon.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e72cd55c905f3b710316c822d2dcfc305b17460b58d73639294b9b5867ec7d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 34229
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-659"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732007fd8f333d-MIA

GET
H3 200 girl-photo.jpg
www.gesa.com/wp-content/uploads/2022/06/ 40 KB
40 KB 399ms
397ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/girl-photo.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ae31397cc4d7d17099739f75a952c286250fb6cef2b1481a04480d36c64271

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 40618
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:10 GMT
server: cloudflare
etag: "63977dbe-9eaa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320081e08333d-MIA

GET
DATA 200
OK truncated
/ 968 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0020646d32da84bf3e786d16ad939d610e989ba3bc2304fb68072f3537c60ee0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 270 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 34b57f0562e1b835d9472015a0eb0d81b245448db3585cf7f7933755814d1268

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 382 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cca1717f080b29c4fdf49aaa58be8b1dea0182de5f7c2e1ac0b0dd296922fb83

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 158 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b12dcafa099963cebe0c7c8356a45e78886befccfa6a4c1645bbc0d3766ac9e3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 CircularXXWeb-Bold.woff2
www.gesa.com/wp-content/uploads/2022/06/ 73 KB
74 KB 390ms
389ms Font
font/woff2 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Bold.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d92ee9c3d13c54f11e88045a5f5ed45550cee1ce7c1b653a9da645d65400fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 748615
alt-svc: h3=":443"; ma=86400
content-length: 75010
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-12502"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320081d9c333d-MIA

GET
H3 200 CircularXXWeb-Book.woff2
www.gesa.com/wp-content/uploads/2022/06/ 67 KB
68 KB 352ms
351ms Font
font/woff2 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Book.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

884ec4af3e42aa326e687947185fce05ecdbd42e4a4481de91495ab423a5259c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2375224
alt-svc: h3=":443"; ma=86400
content-length: 69026
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-10da2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320081dee333d-MIA

GET
H3 200 CircularXXWeb-Medium.woff2
www.gesa.com/wp-content/uploads/2022/06/ 70 KB
70 KB 363ms
362ms Font
font/woff2 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Medium.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5ea45f8ad8b8df8cdebe87f18cfce232468b3e6a028880773a8d09e13789ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 196429
alt-svc: h3=":443"; ma=86400
content-length: 71779
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-11863"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320081df6333d-MIA

GET
H3 200 Sentinel-Medium_Web.woff2
www.gesa.com/wp-content/uploads/2022/05/ 58 KB
58 KB 364ms
364ms Font
font/woff2 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/Sentinel-Medium_Web.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d5b4ad97c4e3931210f9cb298663e8cdd2ba788b89d78292166b6341dcca51

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 30922
alt-svc: h3=":443"; ma=86400
content-length: 59136
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-e700"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320081dfb333d-MIA

GET
H3 200 fa-solid-900.woff
www.gesa.com/wp-content/themes/gesa/assets/fonts/ 96 KB
96 KB 365ms
364ms Font
font/woff 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/fonts/fa-solid-900.woff

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00bca6a9271b5e1cbb3965a74f48c1ce0b72bcbf08790aa2cab95f8dc5362153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 748615
alt-svc: h3=":443"; ma=86400
content-length: 98016
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-17ee0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320081e01333d-MIA

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54ed5da735268a39e1a50be7fb18914ad04bc46d4487fe933f5347bb23acdf45

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a1e56f3bcecd6570dc3382eecdce163821c8cfd1f0d7fab728b25ef7014428c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b354a0e73e811d7d49e6a34cff8a1ca999296498a411ace5efad1c5fc7f58bf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 numbers-bg-1-1.jpg
www.gesa.com/wp-content/uploads/2022/06/ 69 KB
69 KB 293ms
292ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/numbers-bg-1-1.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a6bcd4b92a238ece494d91ba838734ac5768625dcdbda4e8f994b3a54af2471

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 70219
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:11 GMT
server: cloudflare
etag: "63977dbf-1124b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320085e3b333d-MIA

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88bd92a6561a1c265ddd5add029ede12c5acbe96ff6c2d7f0b24c983758466b7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 fa-brands-400.woff
www.gesa.com/wp-content/themes/gesa/assets/fonts/ 85 KB
86 KB 251ms
249ms Font
font/woff 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/fonts/fa-brands-400.woff

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ad88e6a32db51a41cff1741970ca95b3e433fbfb8be269c72f881a42f2b88c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 748615
alt-svc: h3=":443"; ma=86400
content-length: 87520
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-155e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 827320088ebf333d-MIA

GET
H3 200 populate-rates-on-page-api.php Show response
www.gesa.com/wp-content/plugins/rates-widget-plugin/ 120 KB
6 KB 150ms
149ms XHR
text/html 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/rates-widget-plugin/populate-rates-on-page-api.php

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

38d80f3ac73e78e55531dfcd811e36a98708e1c593e8d3bc260293905387301d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
x-cache-group: normal
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cacheable: SHORT
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
x-cache: HIT: 130
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: max-age=600, must-revalidate
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 82732009f9e6333d-MIA

GET
H2 200 gesa_prod Show response
gesacu.us-1.evergage.com/api2/event/ 137 B
818 B 171ms
63ms XHR
application/json 3.211.123.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gesacu.us-1.evergage.com/api2/event/gesa_prod?event=eyJhY3Rpb24iOiJWaWV3IEhvbWVwYWdlIiwiaXRlbUFjdGlvbiI6bnVsbCwic291cmNlIjp7InBhZ2VUeXBlIjoiSG9tZXBhZ2UiLCJjb250ZW50Wm9uZXMiOlsiZ2xvYmFsX2luZm9iYXJfdG9wX29mX3BhZ2UiLCJnbG9iYWxfaW5mb2Jhcl9ib3R0b21fb2ZfcGFnZSIsImdsb2JhbF9wb3B1cCIsImluZm9iYXIiLCJob21lX2hlcm8iXSwidXJsIjoiaHR0cHM6Ly93d3cuZ2VzYS5jb20vIiwidXJsUmVmZXJyZXIiOiIiLCJjaGFubmVsIjoiV2ViIiwiYmVhY29uVmVyc2lvbiI6MTYsImNvbmZpZ1ZlcnNpb24iOiIxNzIifSwiZmxhZ3MiOnsicGFnZVZpZXciOnRydWV9LCJ1c2VyIjp7ImF0dHJpYnV0ZXMiOnt9LCJhbm9uSWQiOiIzOGU3NWU2MjEwMGI3ODQyIn0sInBlcmZvcm1hbmNlIjp7fSwiZGVidWciOnsiZXhwbGFuYXRpb25zIjp0cnVlfSwiY2F0YWxvZyI6e30sImNvbnNlbnRzIjpbXSwiYWNjb3VudCI6e30sIl90b29sc0V2ZW50TGlua0lkIjoiODEzNzY2NDk0MzQ5MDY1OSJ9

Requested by

Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.211.123.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-211-123-40.compute-1.amazonaws.com

Software

Resource Hash

4aead86dca038e98c7cfee632ca19778747a3ad9f53d74a1df67625a45210c16

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.gesa.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 293 KB
95 KB 74ms
73ms Script
application/javascript 2607:f8b0:4004:c06::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8480ba0fd7dd13ef2c897fd24f67bebcb22672f2e8ca6cfcb7d4da71e26a42b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97275
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 16 Nov 2023 22:21:07 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 167ms
57ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 22:21:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 7rcGShRn0/CnGFZ78UyLT0U4yZivvI437tjMnMJc9PrOhGKc4b5eXvB45Gq3NppH7ku/rRIsxl0H6zxKirjS0g==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/794148304/ 2 KB
1 KB 172ms
66ms Script
text/javascript 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/794148304/?random=1700173267611&cv=11&fst=1700173267611&bg=ffffff&guid=ON&async=1&gtm=45He3b81v79611690&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2F&hn=www.googleadservices.com&frm=0&tiba=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&auid=1160094104.1700173268&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe6a0a16c6567e5bf92554a13fd6a649f2d7bf2e51157c22b9e0f8e677635562

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 92ms
26ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 21:30:17 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3050
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 16 Nov 2023 23:30:17 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/783161191/ 2 KB
2 KB 168ms
65ms Script
text/javascript 2607:f8b0:4004:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/783161191/?random=1700173267617&cv=11&fst=1700173267617&bg=ffffff&guid=ON&async=1&gtm=45He3b81v79611690&gcd=11l1l1l1l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2F&hn=www.googleadservices.com&frm=0&tiba=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&auid=1160094104.1700173268&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c07::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d0a2fd86cf851d4adb5d2d95ab947626c85c0fe6684b1d293c8ffb4ca02ccd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1247
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 106ms
51ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 16 Nov 2023 22:21:06 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8871FD872D24404B88C17365C01D7C30 Ref B: MIAEDGE2514 Ref C: 2023-11-16T22:21:07Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2 200 hotjar-2399688.js Show response
static.hotjar.com/c/ 10 KB
4 KB 230ms
129ms Script
application/javascript 3.161.188.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2399688.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.161.188.46 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-3-161-188-46.atl59.r.cloudfront.net

Software

Resource Hash

e5948eb3ce2a0a16df67ed31b1ab7041253d4de7705ff968407e8ea5c4bb57b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 22:21:07 GMT
via: 1.1 1563e2cfc36a243f417da62b2f4b6436.cloudfront.net (CloudFront)
x-amz-cf-pop: ATL59-P7
etag: W/8c882d238d8727606dd4aa25f9040ddb
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: YBeSFPh7qtWIPmttTtnOtjdHr6t9PrR1jXZZpgFhDFzhsXxs4vFxFA==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 172ms
52ms Script
application/javascript 2600:1408:5400:1c::173d:b3d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:5400:1c::173d:b3d Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f88f89a0cead9c36ddbe19508f32f64bd91e94e92b6006dd575e8d0deb317d7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 15 Nov 2023 09:07:27 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=30078
accept-ranges: bytes
content-length: 3840

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 83ms
26ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 track.js Show response
app.marketplan.io/ 7 KB
2 KB 251ms
185ms Script
application/javascript 2606:4700:3030::ac43:a9a7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.marketplan.io/track.js?x=1700173267626
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:a9a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: 87e66c0bc9701dfffa33878396ddff5a28c77d7b3ed4ae66b69e4e3a425f49a4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 01 Nov 2023 11:02:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65423054-1d60"
x-powered-by: PleskLin
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Npi23p9bkhUHRHx%2Fe183eBre853kWHFqvrXRYtXipAzV7L%2FYYpisiONa155ifyqIMP7UzwRoL4JDEYdbKYzeT6grA6D8sWMqFS3d%2FSXi0ATzJI%2FPFF3molFczMAg%2FzSm3CRCaSWXyW08QBrjGGIAPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=14400
cf-ray: 8273200b2ec7da05-MIA
alt-svc: h3=":443"; ma=86400

GET
H2 200 trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/ 81 KB
31 KB 184ms
60ms Script
application/javascript 185.167.164.45
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.167.164.45 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 99c28ba77690124b83aea8cdbbb17ab1145ba247c791aeb4bad747b4248ac459

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-encoding: gzip
last-modified: Tue, 23 May 2023 09:56:34 GMT
server: nginx
x-amz-request-id: tx000002c3f35d322d138ac-00646c8ee1-32950a49-default
etag: W/"f937ab3eef01c118930b200e5087d00d"
x-cache-status: HIT, HIT, HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 205ms
94ms Script
application/javascript 54.239.153.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.239.153.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-239-153-200.iad50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 21:43:11 GMT
content-encoding: gzip
via: 1.1 ec809871438c11b540493503de981368.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
server: AmazonS3
x-amz-cf-pop: IAD50-C2
age: 2277
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: jfA8iCO0JMgmOyS0IQWcWl3XkpPVNzxNP_XX8XHMhTTH5RvBH0ntuw==

GET
H2 200 d9707.js Show response
app.truconversion.com/ti-js/19201/ 267 B
1 KB 328ms
102ms Script
application/javascript 44.226.76.195
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.truconversion.com/ti-js/19201/d9707.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.226.76.195 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-76-195.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

3ea0ae12147c76e3b4e6ad26bfb580121295c8aa91480dee7b7e579dd00eb23d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' .truconversion.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'self' 'unsafe-inline' http: https:; img-src http: https: data: blob:; connect-src wss://.truconversion.com wss://.intercom.io wss://.appcues.net wss://.wistia.com wss://.crisp.chat http: https: data: blob:; font-src http: https: data: blob:; object-src http: https:; media-src http: https: data: blob:; form-action 'self' http://.truconversion.com https://.truconversion.com;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
content-security-policy: default-src 'self'; frame-src 'self' *.truconversion.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'self' 'unsafe-inline' http: https:; img-src http: https: data: blob:; connect-src wss://*.truconversion.com wss://*.intercom.io wss://*.appcues.net wss://*.wistia.com wss://*.crisp.chat http: https: data: blob:; font-src http: https: data: blob:; object-src http: https:; media-src http: https: data: blob:; form-action 'self' http://*.truconversion.com https://*.truconversion.com;
content-length: 267
x-xss-protection: 1; mode=block
pragma: public
last-modified: Thu, 16 Nov 2023 22:20:20 GMT
server: nginx
etag: "655695a4-10b"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
cache-control: max-age=180, public, stale-while-revalidate=10, stale-if-error=10
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Thu, 16 Nov 2023 22:24:07 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 159ms
52ms Script
text/javascript 3.219.107.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.107.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-107-148.compute-1.amazonaws.com
Software: /
Resource Hash: 76a010aa083e3d2d617689f0decaefe33c97c51e29f72ab123e81e873351670a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Nov 2023 22:21:07 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 visitor.js Show response
app.leadsrx.com/ 18 KB
19 KB 330ms
104ms Script
application/javascript 35.164.239.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.leadsrx.com/visitor.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 35.164.239.32 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-164-239-32.us-west-2.compute.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: 6b5116bd2cb4809c6634b99a9b1ea0a0aeda596a94817682a0e4811e35eccc58

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
last-modified: Wed, 15 Nov 2023 18:42:32 GMT
server: nginx/1.20.1
etag: "65551118-492f"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
content-length: 18735

GET
H3 200 dialog.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/dialog/ 10 KB
4 KB 49ms
48ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2279627
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-29ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200aec03333d-MIA

GET
H3 200 ajax-loader.gif
www.gesa.com/wp-content/themes/gesa/assets/images/ 5 KB
5 KB 52ms
52ms Image
image/gif 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/images/ajax-loader.gif

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.22

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5f8dcddbce06b4db5870951026ef227ad3e09c20b74c61ddedc0f832eeedab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2283643
cf-polished: origSize=9477, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 4906
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-2505"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200afc32333d-MIA

GET
H3 200 high-yield-savings-min.jpg
www.gesa.com/wp-content/uploads/2022/12/ 175 KB
175 KB 89ms
87ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/12/high-yield-savings-min.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e2153f09a9755105eb03cfa9aafc634350bf12c398f155229a75ba3c98d494f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 179023
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Tue, 20 Dec 2022 01:05:08 GMT
server: cloudflare
etag: "63a10a44-2bb4f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bbdf7333d-MIA

GET
H3 200 auto-refinance.jpg
www.gesa.com/wp-content/uploads/2023/11/ 300 KB
301 KB 82ms
66ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/11/auto-refinance.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

850d1d6da4bf05fe6cabf9c5809b746e72ab650aae667a4112939096c736fb76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 277596
cf-polished: origSize=346829
alt-svc: h3=":443"; ma=86400
content-length: 307301
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 Nov 2023 23:48:13 GMT
server: cloudflare
etag: "6544353d-54acd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce3f333d-MIA

GET
H3 200 fixed-cd.jpg
www.gesa.com/wp-content/uploads/2023/10/ 297 KB
297 KB 109ms
93ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/10/fixed-cd.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d94ad86f10498bed99501c8f5941d3e844f2bedd32763d84c9bb5d3832a4bf4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1217814
cf-polished: origSize=338351
alt-svc: h3=":443"; ma=86400
content-length: 303621
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 02 Nov 2023 19:28:12 GMT
server: cloudflare
etag: "6543f84c-529af"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce44333d-MIA

GET
H3 200 refer-a-friend-sweepstakes-min.jpg
www.gesa.com/wp-content/uploads/2023/08/ 42 KB
42 KB 134ms
118ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/08/refer-a-friend-sweepstakes-min.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c6dff56285c242a4845a3ff3e182ef9abeb37b941095d88dc418f84b2e0aec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 42891
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 10 Aug 2023 16:45:01 GMT
server: cloudflare
etag: "64d5140d-a78b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce48333d-MIA

GET
H3 200 cougar-gold.png
www.gesa.com/wp-content/uploads/2023/08/ 360 KB
360 KB 135ms
119ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/08/cougar-gold.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

862f705ec170962bc38c9c107ebbeeb48586ed583be54a1a7ef5411bec0c8109

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=496072
content-disposition: inline; filename="cougar-gold.webp"
alt-svc: h3=":443"; ma=86400
content-length: 368360
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 31 Aug 2023 21:25:49 GMT
server: cloudflare
etag: "64f1055d-791c8"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce4c333d-MIA

GET
H3 200 forevergreen-card.png
www.gesa.com/wp-content/uploads/2023/04/ 64 KB
65 KB 164ms
148ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/04/forevergreen-card.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f779a4170605053c3e4592a74b0b5a6d6db4b453c7ce848c50a33ab671d76349

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2458209
cf-polished: origFmt=png, origSize=125284
content-disposition: inline; filename="forevergreen-card.webp"
alt-svc: h3=":443"; ma=86400
content-length: 65754
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 28 Apr 2023 14:00:23 GMT
server: cloudflare
etag: "644bd177-1e964"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce50333d-MIA

GET
H3 200 SmartPlusSavings-min.jpg
www.gesa.com/wp-content/uploads/2022/06/ 175 KB
176 KB 166ms
150ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/SmartPlusSavings-min.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0fb395a717c723d1b8f3e3b03be323ba0dfa434db3c5828e760058037e0dd95

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2374479
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 179424
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Sun, 01 Jan 2023 02:45:06 GMT
server: cloudflare
etag: "63b0f3b2-2bce0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce54333d-MIA

GET
H3 200 dc-affinity-hs-kamiakin.png
www.gesa.com/wp-content/uploads/2022/06/ 30 KB
30 KB 167ms
151ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-kamiakin.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0afe04cfbce95f98b08ab24d6d787e27054a02c3c02c6bb7da44c86c8515e132

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117352
cf-polished: origFmt=png, origSize=64021
content-disposition: inline; filename="dc-affinity-hs-kamiakin.webp"
alt-svc: h3=":443"; ma=86400
content-length: 30314
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-fa15"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce56333d-MIA

GET
H3 200 dc-affinity-hs-hanford.png
www.gesa.com/wp-content/uploads/2022/06/ 26 KB
26 KB 168ms
153ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-hanford.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ef003c90c31f90a2abb3b6003fa3c8c463d1eb66eb3c2379b2bd2d7cac626e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=59872
content-disposition: inline; filename="dc-affinity-hs-hanford.webp"
alt-svc: h3=":443"; ma=86400
content-length: 26372
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-e9e0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce58333d-MIA

GET
H3 200 AFF-LH-Fire.png
www.gesa.com/wp-content/uploads/2022/06/ 109 KB
109 KB 169ms
153ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Fire.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fffd742919bedf3c6281c0f6b22c79d1d9c618255adedcda280cc1fdaf6b45c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=127363
content-disposition: inline; filename="AFF-LH-Fire.webp"
alt-svc: h3=":443"; ma=86400
content-length: 111310
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1f183"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce5b333d-MIA

GET
H3 200 AFF-Eisenhower-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 23 KB
23 KB 178ms
163ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Eisenhower-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

119c68cafab2592ca4b6c4c435cc38885313eefbaf9b6373f9ad20c37d172d63

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=26444
content-disposition: inline; filename="AFF-Eisenhower-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 23558
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-674c"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce5e333d-MIA

GET
H3 200 AFF-Edmonds-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 27 KB
28 KB 179ms
164ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Edmonds-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d2f6022504259884302bb439c2b3782b0fa686af2a040f3766119cc5a83d464

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=31194
content-disposition: inline; filename="AFF-Edmonds-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 27696
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-79da"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce60333d-MIA

GET
H3 200 AFF-Edmonds-Heights-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 45 KB
45 KB 179ms
164ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Edmonds-Heights-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5716bdd72281749566ea5f0b5961c0c3b9c9d7ac0ba04cf45e064f0cd8bada0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=51532
content-disposition: inline; filename="AFF-Edmonds-Heights-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 45584
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-c94c"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce62333d-MIA

GET
H3 200 AFF-Eastmont-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 54 KB
54 KB 185ms
170ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Eastmont-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

334d5e7f9a35f81aeabf466f3ee3c0c9522077a4f14c336998c7cb9827e7b21d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1028630
cf-polished: origFmt=png, origSize=60044
content-disposition: inline; filename="AFF-Eastmont-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 55142
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-ea8c"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce63333d-MIA

GET
H3 200 AFF-TCDD.png
www.gesa.com/wp-content/uploads/2022/06/ 22 KB
23 KB 191ms
176ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-TCDD.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2ba197eefdf3e395c59767820118e11190c70b206b99ac654f0155008cc62af

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117353
cf-polished: origFmt=png, origSize=26484
content-disposition: inline; filename="AFF-TCDD.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22924
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-6774"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce67333d-MIA

GET
H3 200 AFF-Delta-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 42 KB
43 KB 192ms
177ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Delta-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3026106731138872e882acce33910e82c9280990fa45317c9e900e1535e5039b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=47670
content-disposition: inline; filename="AFF-Delta-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 43112
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-ba36"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce6b333d-MIA

GET
H3 200 AFF-Davis-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 19 KB
20 KB 193ms
178ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Davis-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9796bc60fc921b490963396feaf198b84c0791bfdf574b230f75e451fb6368ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 781179
cf-polished: origFmt=png, origSize=22616
content-disposition: inline; filename="AFF-Davis-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 19544
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-5858"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce6f333d-MIA

GET
H3 200 AFF-LH-Veteran.webp
www.gesa.com/wp-content/uploads/2022/06/ 196 KB
196 KB 194ms
179ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Veteran.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bcce3372b7f8e6f3f73291a90fe22268c87fb0ba4c149f89e1463e8b7675ce42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34231
alt-svc: h3=":443"; ma=86400
content-length: 200436
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-30ef4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce71333d-MIA

GET
H3 200 dc-affinity-hs-kibe.png
www.gesa.com/wp-content/uploads/2022/06/ 84 KB
85 KB 216ms
201ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-kibe.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ae8d74f433ccc26f492867cb1964639892e27298c26e169bfc0777ccd1626b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740413
cf-polished: origFmt=png, origSize=133591
content-disposition: inline; filename="dc-affinity-hs-kibe.webp"
alt-svc: h3=":443"; ma=86400
content-length: 86124
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:10 GMT
server: cloudflare
etag: "63977dbe-209d7"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce74333d-MIA

GET
H3 200 AFF-Lynnwood-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 52 KB
52 KB 223ms
209ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Lynnwood-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e87f2df7792f0f76c391e34fb95c32c45c1eebc228f7eadfe6e7191997d4d18

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117358
cf-polished: origFmt=png, origSize=59030
content-disposition: inline; filename="AFF-Lynnwood-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 53118
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-e696"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce79333d-MIA

GET
H3 200 AFF-Meadowdale-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 46 KB
47 KB 223ms
210ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Meadowdale-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e779c3a7445c68e4334fbf89302ecb07ef48ba033e02ac0485ad8ca410be6d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2458213
cf-polished: origFmt=png, origSize=52525
content-disposition: inline; filename="AFF-Meadowdale-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 47248
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-cd2d"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce7b333d-MIA

GET
H3 200 AFF-Mountlake-Terrace-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 47 KB
48 KB 224ms
210ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Mountlake-Terrace-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f97ab3d97b58d92065b53294cd5fc2afd4215498de07727f585321cf01a0d6bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117358
cf-polished: origFmt=png, origSize=54344
content-disposition: inline; filename="AFF-Mountlake-Terrace-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 48622
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d448"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce80333d-MIA

GET
H3 200 AFF-New-Horizons-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 56 KB
56 KB 225ms
211ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-New-Horizons-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dbfeb7d4f8335eba017f0cbb0b779b34122d5e1f2b478e08afd0dd439bdf597

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34231
cf-polished: origFmt=png, origSize=62417
content-disposition: inline; filename="AFF-New-Horizons-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 57248
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-f3d1"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce81333d-MIA

GET
H3 200 AFF-Pasco-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 57 KB
57 KB 226ms
213ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Pasco-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22cb7afd879af42251168f826b48ee24fc02073275e079dbf9760af9d7e074e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740407
cf-polished: origFmt=png, origSize=64476
content-disposition: inline; filename="AFF-Pasco-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 58356
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-fbdc"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce83333d-MIA

GET
H3 200 AFF-Richland-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 48 KB
49 KB 226ms
213ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Richland-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c668b9785b8c2c0bb2479b6bd16f736385324a5a39870a92cf3d9e801080f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740407
cf-polished: origFmt=png, origSize=55744
content-disposition: inline; filename="AFF-Richland-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 49456
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d9c0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce85333d-MIA

GET
H3 200 AFF-LH-Law.png
www.gesa.com/wp-content/uploads/2022/06/ 78 KB
78 KB 227ms
215ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Law.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c0364839511190adcbff9a36a5e132148ceb13b68cbf9e15754731d674343d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117356
cf-polished: origFmt=png, origSize=91673
content-disposition: inline; filename="AFF-LH-Law.webp"
alt-svc: h3=":443"; ma=86400
content-length: 79582
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-16619"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce89333d-MIA

GET
H3 200 dc-affinity-hs-riverview.png
www.gesa.com/wp-content/uploads/2022/06/ 69 KB
70 KB 228ms
216ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-riverview.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e438b7cda01c633b5bac61a6af60b042244039708fed06ed9cbbab45dc4e4e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740407
cf-polished: origFmt=png, origSize=159013
content-disposition: inline; filename="dc-affinity-hs-riverview.webp"
alt-svc: h3=":443"; ma=86400
content-length: 70792
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 20 Sep 2023 23:12:01 GMT
server: cloudflare
etag: "650b7c41-26d25"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce8a333d-MIA

GET
H3 200 AFF-Scriber-Lake-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 49 KB
50 KB 234ms
221ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Scriber-Lake-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e657f7cbb9079a832a9376c1c8d207f573e432cf5be12a3d25edbac232ec9115

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117356
cf-polished: origFmt=png, origSize=55222
content-disposition: inline; filename="AFF-Scriber-Lake-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 50292
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d7b6"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce8e333d-MIA

GET
H3 200 AFF-Southridge-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 48 KB
48 KB 239ms
226ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Southridge-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06610fe2a43b1065a10fef2028f0e284be932e564723402722764bc7e9b4bee6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 128710
cf-polished: origFmt=png, origSize=54525
content-disposition: inline; filename="AFF-Southridge-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 49072
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d4fd"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce90333d-MIA

GET
H3 200 AFF-St-Patrick-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 25 KB
25 KB 240ms
228ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-St-Patrick-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

971c32a32a129e8bc0d7eed9d55e997308e4fb48d3af5c89f38f9af6ff1907f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740406
cf-polished: origFmt=png, origSize=28495
content-disposition: inline; filename="AFF-St-Patrick-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 25432
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-6f4f"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce91333d-MIA

GET
H3 200 AFF-LH-Teacher.webp
www.gesa.com/wp-content/uploads/2022/06/ 180 KB
181 KB 246ms
234ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Teacher.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

226898bfae2c40913fd46106a6634772385e08dddfd767474385770ebae28e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740403
alt-svc: h3=":443"; ma=86400
content-length: 184432
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-2d070"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce96333d-MIA

GET
H3 200 AFF-Kennewick-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 44 KB
45 KB 249ms
237ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Kennewick-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dfbd42ebc962e0689ff68829d89849ec773ce8dd88ba545355753384cca4ca58

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740403
cf-polished: origFmt=png, origSize=49732
content-disposition: inline; filename="AFF-Kennewick-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 45106
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-c244"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bce9c333d-MIA

GET
H3 200 AFF-Walla-Walla-Debit.webp
www.gesa.com/wp-content/uploads/2022/06/ 41 KB
41 KB 250ms
238ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Walla-Walla-Debit.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92a53ce94858393660decb26aa46fd5884ac7d407bd03081b624602e04dd0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2283648
alt-svc: h3=":443"; ma=86400
content-length: 42088
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-a468"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcea1333d-MIA

GET
H3 200 AFF-Wenatchee-Debit-1.webp
www.gesa.com/wp-content/uploads/2022/06/ 111 KB
112 KB 251ms
239ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Wenatchee-Debit-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fac441fc28156645fa152344532bfd8005e06c134980dd4112fbd0eaf4d7662f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1834523
alt-svc: h3=":443"; ma=86400
content-length: 114018
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1bd62"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcea5333d-MIA

GET
H3 200 AFF-Westside-Debit.webp
www.gesa.com/wp-content/uploads/2022/06/ 111 KB
111 KB 253ms
241ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Westside-Debit.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

241d5d37ce41bf5054b2a911827b9480f99e669dc2aa7982dca688028b35cb51

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740402
alt-svc: h3=":443"; ma=86400
content-length: 113498
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1bb5a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bceb0333d-MIA

GET
H3 200 dc-affinity-hs-edmonds-woodway.png
www.gesa.com/wp-content/uploads/2022/12/ 31 KB
31 KB 259ms
248ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/12/dc-affinity-hs-edmonds-woodway.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

137ce284058103233f12c23f00cb0ce873387bf0d46ce523b5fb1dfb22d8cb05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117354
cf-polished: origFmt=png, origSize=69435
content-disposition: inline; filename="dc-affinity-hs-edmonds-woodway.webp"
alt-svc: h3=":443"; ma=86400
content-length: 31420
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 22 Dec 2022 23:35:32 GMT
server: cloudflare
etag: "63a4e9c4-10f3b"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bceb5333d-MIA

GET
H3 200 dc-affinity-hs-talley.png
www.gesa.com/wp-content/uploads/2022/10/ 72 KB
72 KB 264ms
252ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-talley.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cc56655684dd02ce927521ac8435d2b35c0482a7153a2fadac60b4a91cd8f7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740401
cf-polished: origFmt=png, origSize=111681
content-disposition: inline; filename="dc-affinity-hs-talley.webp"
alt-svc: h3=":443"; ma=86400
content-length: 73642
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
server: cloudflare
etag: "63977dbb-1b441"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bceb8333d-MIA

GET
H3 200 dc-affinity-hs-renton.png
www.gesa.com/wp-content/uploads/2022/10/ 26 KB
26 KB 274ms
262ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-renton.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c42b88e1c62f40544d064489d9ec2ff8a1b3053bd12cb579a41ba6bfdcc2fb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117354
cf-polished: origFmt=png, origSize=56304
content-disposition: inline; filename="dc-affinity-hs-renton.webp"
alt-svc: h3=":443"; ma=86400
content-length: 26252
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:06 GMT
server: cloudflare
etag: "63977dba-dbf0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcebd333d-MIA

GET
H3 200 dc-affinity-hs-lindbergh.png
www.gesa.com/wp-content/uploads/2022/10/ 34 KB
35 KB 274ms
263ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-lindbergh.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f6593da5f5c0c28ddb6413992e1f3dcbbce263b0790eae02daf1ae8df812bac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740401
cf-polished: origFmt=png, origSize=70604
content-disposition: inline; filename="dc-affinity-hs-lindbergh.webp"
alt-svc: h3=":443"; ma=86400
content-length: 35128
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:06 GMT
server: cloudflare
etag: "63977dba-113cc"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcebf333d-MIA

GET
H3 200 dc-affinity-hs-hazen.png
www.gesa.com/wp-content/uploads/2022/10/ 41 KB
42 KB 275ms
265ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/dc-affinity-hs-hazen.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10bd18f098e5cef6e2a15898fe091a6b7821fb97f3f524349552bb3a4f3576d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34230
cf-polished: origFmt=png, origSize=85198
content-disposition: inline; filename="dc-affinity-hs-hazen.webp"
alt-svc: h3=":443"; ma=86400
content-length: 42412
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:06 GMT
server: cloudflare
etag: "63977dba-14cce"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcec2333d-MIA

GET
H3 200 dc-affinity-hs-westvalley.png
www.gesa.com/wp-content/uploads/2023/01/ 32 KB
32 KB 277ms
266ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/01/dc-affinity-hs-westvalley.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dba8bca52aa39a7625f4d95945248c572f6d15999b2f539effcafd17a3c61528

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34230
cf-polished: origFmt=png, origSize=72168
content-disposition: inline; filename="dc-affinity-hs-westvalley.webp"
alt-svc: h3=":443"; ma=86400
content-length: 32608
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 11 Jan 2023 20:38:41 GMT
server: cloudflare
etag: "63bf1e51-119e8"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcec5333d-MIA

GET
H3 200 dc-college-heritage.png
www.gesa.com/wp-content/uploads/2023/04/ 12 KB
13 KB 277ms
267ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/04/dc-college-heritage.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a71c1b9c1b84a8603ced9fcc3a73fc59521065a35fe045a03c3fcd6f6c01977

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1028633
cf-polished: origFmt=png, origSize=27560
content-disposition: inline; filename="dc-college-heritage.webp"
alt-svc: h3=":443"; ma=86400
content-length: 12654
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 14 Apr 2023 18:09:26 GMT
server: cloudflare
etag: "643996d6-6ba8"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcec8333d-MIA

GET
H3 200 forevergreen-min-1920x1210.png
www.gesa.com/wp-content/uploads/2023/04/ 110 KB
111 KB 278ms
268ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/04/forevergreen-min-1920x1210.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb5bb791c0aa0ded45801e3762ee1507cee4076d3ac4f3b155e3d25d68c15422

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291592
cf-polished: origFmt=png, origSize=235113
content-disposition: inline; filename="forevergreen-min-1920x1210.webp"
alt-svc: h3=":443"; ma=86400
content-length: 112662
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Tue, 25 Apr 2023 16:52:13 GMT
server: cloudflare
etag: "6448053d-39669"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcecc333d-MIA

GET
H3 200 dc-affinity-hs-prosser-1920x1210.png
www.gesa.com/wp-content/uploads/2023/07/ 224 KB
225 KB 279ms
269ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/07/dc-affinity-hs-prosser-1920x1210.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe9c1f23cc3e0d87a3ed0094d41727945ab61b28651e45441f0f98f9ac309153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291592
cf-polished: origFmt=png, origSize=457633
content-disposition: inline; filename="dc-affinity-hs-prosser-1920x1210.webp"
alt-svc: h3=":443"; ma=86400
content-length: 229794
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Tue, 18 Jul 2023 23:15:30 GMT
server: cloudflare
etag: "64b71d12-6fba1"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcece333d-MIA

GET
H3 200 dc-affinity-hs-vanguard-academy.png
www.gesa.com/wp-content/uploads/2023/07/ 24 KB
24 KB 285ms
275ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2023/07/dc-affinity-hs-vanguard-academy.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55bf0bda5de576f5026effeddf372974746d1ed1309ad882b39e24fbc9eb6c0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 781179
cf-polished: origFmt=png, origSize=56203
content-disposition: inline; filename="dc-affinity-hs-vanguard-academy.webp"
alt-svc: h3=":443"; ma=86400
content-length: 24600
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 18 Aug 2023 23:47:08 GMT
server: cloudflare
etag: "64e002fc-db8b"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bced1333d-MIA

GET
H3 200 AFF-Chiawana-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 58 KB
58 KB 287ms
277ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Chiawana-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f28f5c6a226dcd2c3b80fca12f7ef0b43a0385bd27cb69c698c8443f050d66d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
cf-polished: origFmt=png, origSize=65059
content-disposition: inline; filename="AFF-Chiawana-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 59116
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-fe23"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bced2333d-MIA

GET
H3 200 AFF-LH-Healthcare.webp
www.gesa.com/wp-content/uploads/2022/06/ 112 KB
112 KB 291ms
282ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-LH-Healthcare.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

326b21d33a052c868180ff94d32409cdc689aa9ba9b68ca6787a2853100a1ff3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1015529
alt-svc: h3=":443"; ma=86400
content-length: 114426
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-1befa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bced5333d-MIA

GET
H3 200 AFF-WSU-Debit-2.webp
www.gesa.com/wp-content/uploads/2022/06/ 63 KB
64 KB 299ms
289ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-2.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dffbec59d2319c3236a3edfe56f55f12ada2d9023eed6f204fc7f83b32c0cb40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2283647
alt-svc: h3=":443"; ma=86400
content-length: 64664
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-fc98"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bced7333d-MIA

GET
H3 200 AFF-WSU-Debit-1.webp
www.gesa.com/wp-content/uploads/2022/06/ 93 KB
93 KB 301ms
292ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c26c8fee132cba88ff48de65daefb51c9972fab6d3d13136d54634033d0e9bac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2349901
alt-svc: h3=":443"; ma=86400
content-length: 94978
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-17302"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bceda333d-MIA

GET
H3 200 AFF-WSU-Credit.webp
www.gesa.com/wp-content/uploads/2022/06/ 29 KB
29 KB 305ms
295ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Credit.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c9ef83e9ca2f04a0a6ef605ecdc810c7ea0b36e7b9767bdcf6bdc38c6a8e831

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34230
alt-svc: h3=":443"; ma=86400
content-length: 29664
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-73e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcedc333d-MIA

GET
H3 200 AFF-WSU-Credit-1.webp
www.gesa.com/wp-content/uploads/2022/06/ 20 KB
20 KB 304ms
296ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Credit-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d428752937c011563195cd8738502cfbefb1f52d1ace608bf297eabda0e64e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
alt-svc: h3=":443"; ma=86400
content-length: 20314
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-4f5a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcee1333d-MIA

GET
H3 200 AFF-WSU-Debit-3.webp
www.gesa.com/wp-content/uploads/2022/06/ 46 KB
46 KB 304ms
297ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-3.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

251f896d186d1d27c03670e3ea1894bff902ba52479c5ae148fa28cd218e9625

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
alt-svc: h3=":443"; ma=86400
content-length: 47076
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-b7e4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcee6333d-MIA

GET
H3 200 AFF-Highline-Debit-2.png
www.gesa.com/wp-content/uploads/2022/06/ 36 KB
36 KB 306ms
298ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Highline-Debit-2.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3169045b619f079c09edc6c6dc04268c645697430b7f0ccdfe815b8735c199d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2185263
cf-polished: origFmt=png, origSize=41188
content-disposition: inline; filename="AFF-Highline-Debit-2.webp"
alt-svc: h3=":443"; ma=86400
content-length: 36530
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-a0e4"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcee8333d-MIA

GET
H3 200 AFF-Highline-Debit-1.png
www.gesa.com/wp-content/uploads/2022/06/ 34 KB
35 KB 307ms
300ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Highline-Debit-1.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d31b51d4ac3d588bbcc4a10aed1abafcf50fb626b656fa5309fedaed567645cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=40882
content-disposition: inline; filename="AFF-Highline-Debit-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 35172
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-9fb2"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcef1333d-MIA

GET
H3 200 AFF-CBC-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 27 KB
27 KB 308ms
301ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-CBC-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63046617ab9c0650fb173a815023797cbd872c48898e0f57b6ec8fca7bd1d390

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117353
cf-polished: origFmt=png, origSize=31577
content-disposition: inline; filename="AFF-CBC-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 27596
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-7b59"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcef3333d-MIA

GET
H3 200 AFF-Naches-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 50 KB
51 KB 308ms
301ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Naches-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92af5c3016059719e31e89d97c6c9a63cbeaa5e938ce63e2c16dc7e8bc6d54fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=55683
content-disposition: inline; filename="AFF-Naches-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 51314
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-d983"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcef7333d-MIA

GET
H3 200 dc-affinity-hs-moseslake.png
www.gesa.com/wp-content/uploads/2022/06/ 56 KB
57 KB 309ms
301ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/dc-affinity-hs-moseslake.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb82eb390a781039b7a17650eaf12f0d043c5df1a46e260977c0e5bb9c030b22

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 117353
cf-polished: origFmt=png, origSize=109428
content-disposition: inline; filename="dc-affinity-hs-moseslake.webp"
alt-svc: h3=":443"; ma=86400
content-length: 57848
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:10 GMT
server: cloudflare
etag: "63977dbe-1ab74"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcef9333d-MIA

GET
H3 200 AFF-Liberty-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 52 KB
52 KB 310ms
302ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Liberty-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef101c7141faba6cb722927ca4ec51fde7482befad59c13b9ecee64eba139060

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=58152
content-disposition: inline; filename="AFF-Liberty-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 52762
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-e328"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcefc333d-MIA

GET
H3 200 AFF-TCA-1.png
www.gesa.com/wp-content/uploads/2022/06/ 22 KB
23 KB 311ms
303ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-TCA-1.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aba30c4a7bbf09cdd029e920b0c2e78f1ab14cb99c78443c1a684c0270b15212

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
cf-polished: origFmt=png, origSize=26018
content-disposition: inline; filename="AFF-TCA-1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22590
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-65a2"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcefe333d-MIA

GET
H3 200 AFF-WSU-Debit-Retro.webp
www.gesa.com/wp-content/uploads/2022/06/ 29 KB
29 KB 312ms
304ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-WSU-Debit-Retro.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03875f5ffa03acb3b4e09691ae36cdb0f1a4d3af8da45b8f4d998ed175236f59

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 34229
alt-svc: h3=":443"; ma=86400
content-length: 29602
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-73a2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcf00333d-MIA

GET
H3 200 AFF-College-Place-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 50 KB
51 KB 318ms
310ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-College-Place-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b900014a85bda70cde617cdaae7a8a91727943c760cfc92b40760c29cef14312

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=56881
content-disposition: inline; filename="AFF-College-Place-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 51584
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-de31"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcf04333d-MIA

GET
H3 200 AFF-Columbia-Debit.png
www.gesa.com/wp-content/uploads/2022/06/ 53 KB
54 KB 319ms
311ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/AFF-Columbia-Debit.png

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79c2f8e000136ab8664c9c2f22cbc8aafbee419a1eac3fec7ec32822c925cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740394
cf-polished: origFmt=png, origSize=60576
content-disposition: inline; filename="AFF-Columbia-Debit.webp"
alt-svc: h3=":443"; ma=86400
content-length: 54748
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-eca0"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200bcf07333d-MIA

GET
H3 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 1 KB
1 KB 307ms
307ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a518bd1723da2b6011895ad68059361ebb4cb80de3eec9145eacee89ddd9745

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 752940
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:45 GMT
server: cloudflare
etag: W/"6480cc5d-54f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200bcf08333d-MIA

GET
H3 200 nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
2 KB 307ms
306ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f47116b10e3e156f70ab31279c1fa298e34f89ff75af6eea89c2dc092362fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2378950
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-ce9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200bcf0a333d-MIA

GET
H3 200 load-more.54ade3cc013f1f3322a6.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 290ms
290ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/load-more.54ade3cc013f1f3322a6.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bd83e73599f7353210a85df22ef8b07cecc1427bfdda6cd3b0138106dcee7d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 740390
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-1292"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200c0f2d333d-MIA

GET
H3 200 posts.397aa4bedda9268558a6.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
2 KB 291ms
290ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/posts.397aa4bedda9268558a6.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d93bc89f182c0e2b417835d5a60dc42fe31a0deac50aceb185fe5cb0243495b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2314416
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:38 GMT
server: cloudflare
etag: W/"6480cc56-d20"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200c0f31333d-MIA

GET
H3 200 image-carousel.e02695895b33b77d89de.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 3 KB
2 KB 288ms
288ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/image-carousel.e02695895b33b77d89de.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

327f9b2dcba094127adb8f8668fa6dce7bf30e14a9f9166cc7fa1f5f03aecbbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 740390
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-ad9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200c0f36333d-MIA

GET
H3 200 blue-logo.svg
www.gesa.com/wp-content/uploads/2022/05/ 14 KB
7 KB 207ms
206ms Image
image/svg+xml 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/blue-logo.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 2458212
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-38a2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200c8894333d-MIA

GET
H3 200 gesa-customer-banking.jpg
www.gesa.com/wp-content/uploads/2022/10/ 184 KB
185 KB 207ms
205ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/gesa-customer-banking.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62eae656d047defc6a444456fb8878aa962ccab6a6841a503fd275cbaeb0b59c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291591
cf-polished: origSize=210771
alt-svc: h3=":443"; ma=86400
content-length: 188772
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
server: cloudflare
etag: "63977dbb-33753"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200c8898333d-MIA

GET
H3 200 business-owner-min.jpg
www.gesa.com/wp-content/uploads/2022/10/ 71 KB
72 KB 210ms
208ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/business-owner-min.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9a4cb0cca43a12294c833b2d4953bc0ac830fef9d1c503bd8943846a7431bbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2283642
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 72833
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 20 Apr 2023 14:49:41 GMT
server: cloudflare
etag: "64415105-11c81"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200c889f333d-MIA

GET
H3 200 Cards-1.webp
www.gesa.com/wp-content/uploads/2022/05/ 73 KB
74 KB 212ms
210ms Image
image/webp 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/Cards-1.webp

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53d8923f74c6b3e4a21745f6edf891b2699aca8920c433dbbc4ff8a7c6e4df9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:07 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291591
alt-svc: h3=":443"; ma=86400
content-length: 75110
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: "63977dbd-12566"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200c88a3333d-MIA

POST
H2 204 pr
gesacu.us-1.evergage.com/ 0
529 B 60ms
54ms Ping
text/plain 3.211.123.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gesacu.us-1.evergage.com/pr?.top=1102&action=View%20Homepage&.tt=172&.dt=1314&.bv=16&_ak=gesacu&_ds=gesa_prod&.scv=172&channel=Web&_r=326921&.anonId=38e75e62100b7842&_anon=true

Requested by

Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.211.123.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-211-123-40.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.gesa.com
date: Thu, 16 Nov 2023 22:21:07 GMT
x-content-type-options: nosniff
timing-allow-origin: *

POST
H3 200 admin-ajax.php Show response
www.gesa.com/wp-admin/ 0
508 B 456ms
456ms XHR
text/html 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-admin/admin-ajax.php

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Cache-Control: no-cache
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, must-revalidate, max-age=0, no-store
access-control-allow-credentials: true
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
x-robots-tag: noindex
cf-ray: 8273200cf973333d-MIA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/783161191/ 42 B
108 B 169ms
65ms Image
image/gif 2607:f8b0:4004:c08::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/783161191/?random=1700173267617&cv=11&fst=1700172000000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v79611690&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2F&frm=0&tiba=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&fmt=3&is_vtc=1&cid=CAQSGwDICaaNkag5rDEy3Eq8UDUIgdFsP3TpCS0sSA&random=2873939060&rmt_tld=0&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::68 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/794148304/ 42 B
455 B 165ms
62ms Image
image/gif 2607:f8b0:4004:c08::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/794148304/?random=1700173267611&cv=11&fst=1700172000000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v79611690&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.gesa.com%2F&frm=0&tiba=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&fmt=3&is_vtc=1&cid=CAQSGwDICaaNYCSKJtGKGsVaaykabb65wD0suHQWmQ&random=2683956857&rmt_tld=0&ipr=y

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::68 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 55ms
52ms Script
application/x-javascript 2600:1408:5400:1c::173d:b3d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:5400:1c::173d:b3d Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 15 Oct 2023 08:32:45 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=78307
accept-ranges: bytes
content-length: 3272

GET
H2 200 modules.78e2d84033035343416f.js Show response
script.hotjar.com/ 225 KB
56 KB 178ms
61ms Script
application/javascript 18.164.96.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.78e2d84033035343416f.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2399688.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-77.jfk50.r.cloudfront.net

Software

Resource Hash

d41871d2894dc875d0dad73822efe7d3d43c459d53dde0e0d2006cd5c7427e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 13:20:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c50e3f7de0b772d07240015272b1aff6.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P5
age: 32462
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 57067
last-modified: Thu, 16 Nov 2023 13:19:14 GMT
etag: "7b69405e970c278e52f057627811a838"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: F7Lue3l0LMMm9GYyCZ-8QgNxUxkckk98L0BLJLIDSXmrzZvN2lZ8LQ==

GET
H2 200 309829729581526 Show response
connect.facebook.net/signals/config/ 125 KB
33 KB 142ms
141ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/309829729581526?v=2.9.138&r=stable&domain=www.gesa.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

569052c8c3cf8e9e68bb28e54be9bb8873a7b14cee460cdb9955057c2b110da0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 22:21:08 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: G8/UfZjdC6j/5VND19LDbxXPjbWcc9MNDyvry1BL/T/jcsBxoc/OC7Pr3tE7kEFW0meo7+c/9MBQVFt8ytmrSw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 track.php Show response
app.marketplan.io/ 7 B
514 B 1140ms
1079ms XHR
text/html 2606:4700:3030::ac43:a9a7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app.marketplan.io/track.php?pid=2&mpageid=undefined&user=marama&ref=&jsurl=https%3A%2F%2Fwww.gesa.com%2F
Requested by: Host: app.marketplan.io
URL: https://app.marketplan.io/track.js?x=1700173267626
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::ac43:a9a7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.23, PleskLin
Resource Hash: 348a538cfb216ee6c6f9a9b5306cf64df862e7c7dd587baa3d36583d19a440df

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:09 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.23, PleskLin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aeN%2FyWAAILSHomjrdyr9Ciep9f%2BzevzuQdy%2Fi4UC3MOrkuq2kdrcfd7fTjWro5GJFkLiKoQeJ5gr%2FULA0vcOvKowHueXf%2BNwxO%2F26aSzveW5JVW%2F2c%2F9Qb5SaViefqw1Lv4A%2BlCa0%2F%2BwCtlPZC42YA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 8273200dcbe95c77-MIA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de Show response
api.alpharank.io/api/pixel/script/ 495 B
848 B 331ms
104ms Script
text/javascript 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 013c037f68d07cd5a0a595f89995290aec3addca27079bc47ecd128440b06b3a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 22:21:08 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"1ef-dugMHzxjl0TnCCwJG+f12QIKVsA"
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: undefined
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 495

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 55ms
49ms Stylesheet
text/css 3.219.107.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.107.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-107-148.compute-1.amazonaws.com
Software: /
Resource Hash: fad5cd82d689e359eb54d64e296a875eeb0824a79f06366266f088a99236a132

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Nov 2023 22:21:08 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 152ms
50ms Fetch
image/jpeg 3.219.107.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.107.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-107-148.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Nov 2023 22:21:08 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2

200

/ Show response
a2.adform.net/Serving/TrackPoint/
Redirect Chain

https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

829 B
1 KB

65ms
64ms

Script
text/javascript

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

dc97e9dc6f6be806bf75cd81b0983149a1fc2b73d89fdc8d4dafb179af0a6c90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 674
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
content-type: text/html; charset=utf-8
location: https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H2 200 / Show response
settings.luckyorange.net/ 2 KB
1 KB 4252ms
4188ms Fetch
application/json 104.26.10.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.gesa.com%2F&s=287435

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

380879506b65ced27bca1f81fc102b704581996889216ce7d4200afcd67a9422

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:12 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.gesa.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrf9SRWVPaZN0%2FO8JOujdHlSYysKFnti%2B0%2FaSXF8eBajuY6aC1QpDQGdX5W8NRTDcZ0R7VGGJRdyy5BQ7cH8S7z1S4DjzwIgiOoNNMfDo2%2BB6jZZ8L5%2B%2BxjVLjj6WXzhSd%2FpIRO%2BrqVLDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 8273200debd04c1a-MIA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 82ms
26ms Image
image/gif 151.101.129.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1700173268075&id=a2_djb52evpvbtg&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=32b9a273-8014-4c9f-b04a-7c520a5df01b&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
206 B 41ms
38ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=9073257&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2F&ul=en-us&de=UTF-8&dt=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=1515941260&gjid=1316061589&cid=705573807.1700173268&tid=UA-32823301-1&_gid=504378271.1700173268&_slc=1&gtm=45He3b81n81MTFL685v79611690&gcd=11l1l1l1l1&dma=0&cd1=705573807.1700173268_1700173268090&z=1512038889

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
344 B 172ms
59ms XHR
text/plain 2607:f8b0:4004:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-32823301-1&cid=705573807.1700173268&jid=1515941260&gjid=1316061589&_gid=504378271.1700173268&_u=YGBAiEABBAAAAGAEK~&z=1273461439

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 16 Nov 2023 22:21:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 collect
google-analytics.bi.owox.com/ 14 B
14 B 285ms
134ms Image
text/plain 35.186.228.179
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://google-analytics.bi.owox.com/collect?v=1&_v=j101&a=9073257&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2F&ul=en-us&de=UTF-8&dt=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=1515941260&gjid=1316061589&cid=705573807.1700173268&tid=UA-32823301-1&_gid=504378271.1700173268&_slc=1&gtm=45He3b81n81MTFL685v79611690&gcd=11l1l1l1l1&dma=0&cd1=705573807.1700173268_1700173268090&z=1512038889
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.228.179 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.228.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: text/plain

POST
H2 204 collect
analytics.google.com/g/ 0
243 B 127ms
47ms Ping
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-H1S93VJW48&gtm=45je3b81v896984732z879611690&_p=1700173266799&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=705573807.1700173268&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700173268&sct=1&seg=0&dl=https%3A%2F%2Fwww.gesa.com%2F&dt=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&en=page_view&_fv=1&_ss=1&tfd=1870
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 132ms
60ms Ping
text/plain 2607:f8b0:4004:c08::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-H1S93VJW48&cid=705573807.1700173268&gtm=45je3b81v896984732z879611690&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9d Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 25145063.js Show response
bat.bing.com/p/action/ 0
115 B 50ms
50ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25145063.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 16 Nov 2023 22:21:07 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14821F29B1A64337996A933063ECE40A Ref B: MIAEDGE2514 Ref C: 2023-11-16T22:21:08Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
359 B 116ms
116ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25145063&tm=gtm002&Ver=2&mid=d0498eaa-1f4e-42ea-b126-3ad3331082cd&sid=708c725084ce11ee825c85242dbaf96d&vid=708ccf2084ce11eeb50da56fb2f1e0cf&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&p=https%3A%2F%2Fwww.gesa.com%2F&r=&lt=1314&evt=pageLoad&sv=1&rn=428321

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 16 Nov 2023 22:21:07 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F95F8E174FF488C9AAB44FAFAF45A01 Ref B: MIAEDGE2514 Ref C: 2023-11-16T22:21:08Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 swiper.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
36 KB 54ms
54ms Script
application/javascript 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 740355
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-21f91"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
cf-ray: 8273200e8cf4333d-MIA

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4860388%26time%3D1700173268232%26url%3Dhttps%253A%252F%252Fwww.gesa.com%252F%26tm...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKuneqrSUNGSwAAAYvaOUbmSnTkpp9RnLgwd7S...

0
705 B

189ms
129ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKuneqrSUNGSwAAAYvaOUbmSnTkpp9RnLgwd7SB3KbZpbVKoaV0Pjgg_cuNipQjIsrzXg
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8FE77E42FAD74563B6C7C5B4ABB54EE8 Ref B: MIAEDGE2116 Ref C: 2023-11-16T22:21:08Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-lor1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKTG/BEj9ebKwj4HGUiw==

Redirect headers

date: Thu, 16 Nov 2023 22:21:08 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8AC749EAC1B84EBF8EFA23C39B672FE2 Ref B: MIAEDGE1513 Ref C: 2023-11-16T22:21:08Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1700173268232&url=https%3A%2F%2Fwww.gesa.com%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQKuneqrSUNGSwAAAYvaOUbmSnTkpp9RnLgwd7SB3KbZpbVKoaV0Pjgg_cuNipQjIsrzXg
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYKTG+82Ptb9f31nodqkw==

GET
H2 200 visitor.php Show response
app.leadsrx.com/ 112 B
543 B 178ms
177ms XHR
text/html 35.164.239.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.leadsrx.com/visitor.php?acctTag=huzooe43734&tz=600&ref=&u=https%3A%2F%2Fwww.gesa.com%2F&t=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&lc=null&anon=0&vin=null

Requested by

Host: app.leadsrx.com
URL: https://app.leadsrx.com/visitor.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

35.164.239.32 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-164-239-32.us-west-2.compute.amazonaws.com

Software

nginx/1.20.1 / PHP/5.6.40

Resource Hash

99144ad2e79c49ffab117696ff8194e8509eaa67b7ec925eb4642bcd8800943c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.gesa.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
x-content-type-options: nosniff
server: nginx/1.20.1
x-powered-by: PHP/5.6.40
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.gesa.com
access-control-allow-credentials: true

GET
H3 200 802797680067475 Show response
connect.facebook.net/signals/config/ 116 KB
31 KB 139ms
138ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/802797680067475?v=2.9.138&r=stable&domain=www.gesa.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

149a076ecaad2e2df89632a51a3f67087ffc5b40b4b0a13adcc374c2e5e22905

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 22:21:08 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: EX5xxcWN7xVWIE09gXS/Qd6+MIt8YpZkhj9ryLiNgAS7SaFhHm+gZZT8JQVlSj924sj+cVR8uc1qlm+i2Ozhkw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 preact-incoming-feedback.05d48d7e0d0831bbda02.js Show response
script.hotjar.com/ 190 KB
42 KB 62ms
62ms Script
application/javascript 18.164.96.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/preact-incoming-feedback.05d48d7e0d0831bbda02.js

Requested by

Host: script.hotjar.com
URL: https://script.hotjar.com/modules.78e2d84033035343416f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-77.jfk50.r.cloudfront.net

Software

Resource Hash

f580c77a1640ff1372cd23e6e751195aa838ab411bce6ab371a3bc6bc15bf702

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 13:38:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 c50e3f7de0b772d07240015272b1aff6.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P5
age: 117781
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 42787
last-modified: Wed, 15 Nov 2023 13:37:16 GMT
etag: "5fd65dc91324debaf3888b9185f6671b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: kAz8LfOpTnZEzP-Zn3-VeIfdcYmqYtsZ_YdK2zXiZ-NUMCkjgifojQ==

GET
H3 200 Queensgate-Branch-070723_4.jpg
www.gesa.com/wp-content/uploads/2022/07/ 151 KB
151 KB 61ms
60ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/07/Queensgate-Branch-070723_4.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45ed254cccf40c2bd7537604bfe5bb11773fc73611c40a1061b2acc04af162f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291591
cf-polished: origSize=159741
alt-svc: h3=":443"; ma=86400
content-length: 154135
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 13 Jul 2023 21:54:52 GMT
server: cloudflare
etag: "64b072ac-26ffd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200f8f7d333d-MIA

GET
H3 200 Paradise-Way-Branch-100723_8-1.jpg
www.gesa.com/wp-content/uploads/2022/07/ 189 KB
189 KB 68ms
67ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/07/Paradise-Way-Branch-100723_8-1.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

580f189b1fa0b5d382ac4cf3c93965259e59bec2ad687d36e0f4678782de96a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 291591
cf-polished: origSize=202274
alt-svc: h3=":443"; ma=86400
content-length: 193183
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 13 Jul 2023 21:53:39 GMT
server: cloudflare
etag: "64b07263-31622"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200f8f84333d-MIA

GET
H3 200 Pasco-Sylvester-Branch-300623_11.jpg
www.gesa.com/wp-content/uploads/2022/07/ 206 KB
206 KB 51ms
50ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/07/Pasco-Sylvester-Branch-300623_11.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e5f88d5f3f0a3e98dbadd075c243738506d5c0b668447b08a23911c4723cd3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 740395
cf-polished: origSize=218913
alt-svc: h3=":443"; ma=86400
content-length: 210648
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 07 Jul 2023 17:45:38 GMT
server: cloudflare
etag: "64a84f42-35721"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273200f8f85333d-MIA

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 235 B
427 B 55ms
54ms XHR
text/plain 3.219.107.148
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=CHqG--Quapl1h0Ans2jxHw&is_js=true&landing_url=https%3A%2F%2Fwww.gesa.com%2F&t=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&tip=kxPtMDQago5LtFEuXHkPn7_qOPXgT8LJzXA-JY1p248&host=https%3A%2F%2Fwww.gesa.com&sa_conv_data_css_value=%270-35d1521b-f6b0-5fb7-7d95-65b5470920a1%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd935d1521bf6b05fb77d9565b5470920a126847643&sa-user-id-v3=s%253AAQAKIAglnDqoqNSVMcOT8pUWkn8WcZZEjkHedCR__vb3PH7QEHwYBCDTq9qqBjABOgRyABfNQgRQbumz.P%252FsoCiLW23rJf4VWUeVGfW%252FOV2ERUlmj0Nqxd5QRnbk&sa-user-id-v2=s%253ANdFSG_awX7d9lWW1RwkgoSaEdkM.yHf4PAncx22XeHFj7ki2eihMdqit4jSA3UDJckjpRRw&sa-user-id=s%253A0-35d1521b-f6b0-5fb7-7d95-65b5470920a1.HIRTD9gMs93M9a28vDFs9mEEgDOE7%252FR8YC0gtMHQy7U
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.107.148 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-107-148.compute-1.amazonaws.com
Software: /
Resource Hash: 04a89601c8f437b9ab3f74714d3374609a58b1079315f8dc5d440cc80d1ed589

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: https://www.gesa.com
date: Thu, 16 Nov 2023 22:21:08 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 235
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 pixels Show response
c1.adform.net/imatch/ Frame ED62 5 KB
2 KB 67ms
65ms Document
text/html 185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Requested by

Host: a2.adform.net
URL: https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=227731099376&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2F&Set1=en-US%7Cen-US%7C1600x1200%7C24

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4459255c9dcdc0841502a566ddfede0659b08f4ce2c08c26aac5be032af90548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 16 Nov 2023 22:21:08 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 /
a1.seadform.net/serving/cookie/sync/ 35 B
456 B 194ms
65ms Image
image/gif 185.167.164.43
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a1.seadform.net/serving/cookie/sync/?uid=284712521594400884&stamp=m33H8I7inHQDvP-67D9Y4w2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.43 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
content-type: image/gif
cache-control: private

GET
H/1.1 200
OK bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de Show response
api.alpharank.io/api/pixel/script/ 45 KB
45 KB 211ms
211ms Script
text/javascript 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de?c=n&t=1700179200000
Requested by: Host: api.alpharank.io
URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 4a25be1f0513a03c0595d7adc16dbd4402afaa9f00fdcb2564b53613eba2ad8b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 22:21:08 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"b34c-5l4RE/4mt4MMmx9MJ5iDiT4UXqA"
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: undefined
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 45900

GET
H2 200 font-hotjar_5.65042d.woff2
script.hotjar.com/ 2 KB
3 KB 163ms
54ms Font
font/woff2 18.164.96.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/font-hotjar_5.65042d.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-77.jfk50.r.cloudfront.net

Software

Resource Hash

fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 25 Sep 2023 06:30:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 f8debc28b6c73eb3dc7540e2ac2f0e18.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P5
age: 4549845
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
last-modified: Fri, 22 Sep 2023 10:38:44 GMT
etag: "c9fb9163f8b7be37023ebe649688bebf"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
x-robots-tag: none
x-amz-cf-id: Tva4zfzlSuuBQVl0mrgU1EKJ1W1XEJ9MeXIGJPAkWO9JRplA_2FnTg==

GET
H2 200 plf
c1.adform.net/imatch/ Frame ED62 0
384 B 66ms
65ms Image
text/plain 185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plff

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2

200

match
ad.360yield.com/ul_cb/ Frame ED62
Redirect Chain

https://ad.360yield.com/match?publisher_dsp_id=42&external_user_id=284712521594400884&Expiration=1701382862
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=284712521594400884&Expiration=1701382862

43 B
423 B

53ms
53ms

Image
image/gif

3.232.196.85
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=284712521594400884&Expiration=1701382862
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 3.232.196.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-196-85.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 16 Nov 2023 22:21:08 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location: https://ad.360yield.com/ul_cb/match?publisher_dsp_id=42&external_user_id=284712521594400884&Expiration=1701382862
access-control-allow-origin: *
date: Thu, 16 Nov 2023 22:21:08 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1 204
No Content m
ad.yieldlab.net/ Frame ED62 0
235 B 281ms
159ms Image
text/plain 23.206.252.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.yieldlab.net/m?dt_id=4879&ext_id=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.206.252.117 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-206-252-117.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 22:21:08 GMT
Cache-Control: no-store,no-cache,max-age=-3600,must-revalidate,post-check=0,pre-check=0
Connection: keep-alive
Expires: Wed, 15 Nov 2023 22:21:08 GMT

GET
H/1.1 204
No Content token
token.rubiconproject.com/ Frame ED62 0
655 B 215ms
54ms Image
text/plain 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=5232&puid=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 382e2818ca015d35b02cd449aa60881d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame ED62
Redirect Chain

https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=284712521594400884&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__
https://ih.adscale.de/adscale-ih/tpui?tpid=42&tpuid=284712521594400884&cburl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d9%26uid%3D__ADSCALE_USER_ID__&nut&uu=1a39335ad63f4898b7...
https://c1.adform.net/serving/cookie/match?party=9&uid=56bcfbdcf5ff6f2d2cbe3fcb2c6e03ec271c29f261a93b84c108c5d5f2930d2b

35 B
590 B

63ms
63ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=9&uid=56bcfbdcf5ff6f2d2cbe3fcb2c6e03ec271c29f261a93b84c108c5d5f2930d2b

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://c1.adform.net/serving/cookie/match?party=9&uid=56bcfbdcf5ff6f2d2cbe3fcb2c6e03ec271c29f261a93b84c108c5d5f2930d2b
date: Thu, 16 Nov 2023 22:21:09 GMT
content-length: 0
p3p: CP=NOI PSA OUR

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame ED62
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?partnerid=22&partneruserid=284712521594400884&redirurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d10%26cid%3DSMART_USER_ID
https://c1.adform.net/serving/cookie/match?party=10&cid=1662969534616477105

35 B
590 B

67ms
66ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=10&cid=1662969534616477105

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://c1.adform.net/serving/cookie/match?party=10&cid=1662969534616477105
pragma: no-cache
date: Thu, 16 Nov 2023 22:21:07 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55944/ Frame ED62
Redirect Chain

https://ups.analytics.yahoo.com/ups/55944/sync?uid=284712521594400884&_origin=1
https://ups.analytics.yahoo.com/ups/55944/sync?uid=284712521594400884&_origin=1&verify=true

0
121 B

74ms
74ms

Image
text/plain

34.200.65.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55944/sync?uid=284712521594400884&_origin=1&verify=true

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

34.200.65.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-200-65-202.compute-1.amazonaws.com

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55944/sync?uid=284712521594400884&_origin=1&verify=true
date: Thu, 16 Nov 2023 22:21:08 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200 user-registering
ads.stickyadstv.com/ Frame ED62 43 B
638 B 198ms
64ms Image
image/gif 63.251.28.234
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=189&userId=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 63.251.28.234 Secaucus, United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 22:21:08 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
x-sticky-vk: 1700173268677053-1156

GET
H2

200

v1
match.sharethrough.com/sync/ Frame ED62
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=70&user_id=284712521594400884
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=284712521594400884&seat_key=70&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=

68 B
279 B

155ms
51ms

Image
image/png

3.226.187.105
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=284712521594400884&seat_key=70&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 3.226.187.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-187-105.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:08 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=284712521594400884&seat_key=70&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy=
Date: Thu, 16 Nov 2023 22:21:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame ED62
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=284712521594400884&expiration=1701382862
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=284712521594400884&expiration=1701382862&C=1

43 B
334 B

83ms
82ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=111&external_user_id=284712521594400884&expiration=1701382862&C=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hnH5lO7K6hW6IJbOUWy16x0L7LgH1RQgIoacRRAoK3Z%2Bg6vgU0gOdhWLacxu8EuQaELrISCsbqeMYoYqlzDLppepChvvb2rUZ1Fm4ZUgZPKjqEIzcWQqUM5Yz75PWH6xXc3e8OAL47cHmw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8273201138f25c6c-MIA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EdGv4Y3kx7fpCqH%2FFlpQxjPRlXIqej7SKfncnxG7VPRLs6spBLd95Sdptw4mUFJME9ze%2B%2BcHU%2BFMM%2B%2Bmt6HSlYb5VGvSQkam6TZoqGo%2FDHNq5hJApXHi0%2Fr%2B2I94bqaC0oFUJ3eJEwyLFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=111&external_user_id=284712521594400884&expiration=1701382862&C=1
cache-control: no-cache
cf-ray: 82732010bfe45c6c-MIA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1

200
OK

12092831
se.semasio.net/sync/1/ Frame ED62
Redirect Chain

https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=284712521594400884&sInitiator=external
https://uip.semasio.net/adform/1/info?sType=sync&sExtCookieId=284712521594400884&sInitiator=external
https://uip.semasio.net/adform/1/info2?sType=sync&sExtCookieId=284712521594400884&sInitiator=external
https://se.semasio.net/sync/1/16266044?sExtCookieId=284712521594400884&gdpr=&sInitiator=external
https://synchroscript.deliveryengine.adswizz.com/getUID?curl=https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F5108661%3FsExtCookieId%3D%24%7BUID%7D%26sInitiator%3Dinternal
https://se.semasio.net/sync/1/5108661?sExtCookieId=fa5e80e4893d79cfc7d8b881a9974063&sInitiator=internal
https://ib.adnxs.com/getuid?https%3A%2F%2Fse.semasio.net%2Fsync%2F1%2F4354957%3FsExtCookieId%3D%24UID%26sInitiator%3Dinternal&gdpr=
https://se.semasio.net/sync/1/4354957?sExtCookieId=6092989962616973874&sInitiator=internal&gdpr=
https://cm.g.doubleclick.net/pixel?google_nid=semasio_ddp&google_cm&google_hm=MTlGRkUyREE2NDU1MjQ2Ng&gdpr=
https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=&google_cver=1
https://uip.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=&google_cver=1
https://se.semasio.net/sync/1/12092831?sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=

0
415 B

150ms
150ms

Image
text/plain

77.243.51.121
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://se.semasio.net/sync/1/12092831?sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Server: 77.243.51.121 , Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:14 GMT
uip-status: Ok
frontend-id: 13
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:14 GMT
frontend-id: 1
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: https://se.semasio.net/sync/1/12092831?sExtCookieId=CAESEPMO26ioHyQaZmk0ra0xWn0&sInitiator=internal&google_cver=1&gdpr=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

/
ps.eyeota.net/match/bounce/ Frame ED62
Redirect Chain

https://ps.eyeota.net/match?uid=284712521594400884&bid=9gdtmu1
https://ps.eyeota.net/match/bounce/?uid=284712521594400884&bid=9gdtmu1

70 B
440 B

54ms
54ms

Image
image/gif

34.197.192.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match/bounce/?uid=284712521594400884&bid=9gdtmu1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Server: 34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-197-192-192.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/gif
Date: Thu, 16 Nov 2023 22:21:08 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /match/bounce/?uid=284712521594400884&bid=9gdtmu1
Date: Thu, 16 Nov 2023 22:21:08 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

200

pixel.gif
load77.exelator.com/ Frame ED62
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=284712521594400884
https://loadm.exelator.com/load/?p=204&g=710&j=0&buid=284712521594400884&xl8blockcheck=1
https://load77.exelator.com/pixel.gif

43 B
385 B

167ms
56ms

Image
image/gif

2a02:6ea0:e200::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 2a02:6ea0:e200::2 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-77-pop: ashburnUSVA
date: Thu, 16 Nov 2023 22:21:09 GMT
x-age-lb: 401175
x-77-cache: HIT
x-accel-date: 1699772094
content-length: 43
x-77-nzt: ASUTzgQ3Nzf/Fx8GAA
x-accel-expires: @1700808894
x-77-age: 401175
x-cache-lb: HIT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: 8e305f1c875b039cd595566562ce3605
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes

Redirect headers

date: Thu, 16 Nov 2023 22:21:08 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2

200

362358.gif
idsync.rlcdn.com/ Frame ED62
Redirect Chain

https://idsync.rlcdn.com/398366.gif?partner_uid=284712521594400884
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMoPm8ni1d1X7jKh52d5Og&google_cver=1

42 B
192 B

68ms
68ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMoPm8ni1d1X7jKh52d5Og&google_cver=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:09 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEAMoPm8ni1d1X7jKh52d5Og&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 gdpr_consent=
sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=284712521594400884/gdpr=/ Frame ED62 49 B
266 B 156ms
50ms Image
image/gif 54.211.145.128
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=284712521594400884/gdpr=/gdpr_consent=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.145.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-211-145-128.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.11.207
content-length: 49
expires: 0

GET
H2 200 29729
tags.bluekai.com/site/ Frame ED62 62 B
431 B 216ms
115ms Image
image/gif 23.219.12.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/29729?id=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.219.12.236 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-219-12-236.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 16 Nov 2023 22:21:08 GMT
content-length: 62
content-type: image/gif

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame ED62
Redirect Chain

https://eu-u.openx.net/w/1.0/sd?id=537113484&val=284712521594400884
https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=284712521594400884

43 B
171 B

44ms
43ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://eu-u.openx.net/w/1.0/sd?cc=1&id=537113484&val=284712521594400884
date: Thu, 16 Nov 2023 22:21:08 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

pixel.gif
s3-eu-west-1.amazonaws.com/adality-cdn-content/ Frame ED62
Redirect Chain

https://api.adrtx.net/thirdparty/click?p=adfo
https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif

35 B
390 B

555ms
274ms

Image
image/gif

52.92.35.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Server: 52.92.35.48 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-eu-west-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 22:21:10 GMT
Last-Modified: Thu, 29 Oct 2015 16:41:57 GMT
Server: AmazonS3
x-amz-request-id: D0KE4FZJCNHHP8C6
ETag: "c2196de8ba412c60c22ab491af7b1409"
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 35
x-amz-id-2: UMsWtY3K732EamN8Kc55Zq0cXvK1pu6ZZGhMlyoGerJUjwdwz/jFjkM+IEi6AfHFp1MrNdD/uEk=

Redirect headers

X-Error-Reason: Missing UserId
Date: Thu, 16 Nov 2023 22:21:08 GMT
Server: akka-http/10.2.10
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://s3-eu-west-1.amazonaws.com/adality-cdn-content/pixel.gif
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 137

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame ED62
Redirect Chain

https://pixel.onaudience.com/?mapped=284712521594400884&partner=68
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=dadce82870a7f84a/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1

70 B
148 B

52ms
52ms

Image
image/gif

35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:09 GMT
server: Kestrel
content-length: 70
content-type: image/gif

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=1
content-length: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame ED62 0
337 B 159ms
50ms Image
text/plain 18.204.53.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=adform&partner_uid=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.204.53.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-204-53-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-served-by: beacon-n039-ash-prod.krxd.net
date: Thu, 16 Nov 2023 22:21:09 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1700173269
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
c1.adform.net/serving/cookie/match/ Frame ED62
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_cm&google_ula=1641347&party=1&google_hm=Mjg0NzEyNTIxNTk0NDAwODg0
https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKYFzG24WWM_8F8l43CqaDE&google_cver=1&google_ula=1641347,0

35 B
590 B

66ms
66ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKYFzG24WWM_8F8l43CqaDE&google_cver=1&google_ula=1641347,0

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:08 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKYFzG24WWM_8F8l43CqaDE&google_cver=1&google_ula=1641347,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
secure.adnxs.com/ Frame ED62
Redirect Chain

https://secure.adnxs.com/getuid?https://c1.adform.net/serving/cookie/match?party=3&id=$UID&redirect=1
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fc1.adform.net%2Fserving%2Fcookie%2Fmatch%3Fparty%3D3%26id%3D%24UID%26redirect%3D1
https://c1.adform.net/serving/cookie/match?party=3&id=6092989962616973874&redirect=1
https://secure.adnxs.com/setuid?entity=91&code=284712521594400884

43 B
836 B

66ms
66ms

Image
image/gif

68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/setuid?entity=91&code=284712521594400884

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

68.67.160.184 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
an-x-request-uuid: 59cf8510-fde8-4be2-9fae-b2b38f6b2b6d
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 38.132.118.67; 38.132.118.67; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://secure.adnxs.com/setuid?entity=91&code=284712521594400884
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 plf
c1.adform.net/imatch/ Frame ED62 0
384 B 85ms
85ms Image
text/plain 185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plfm

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame ED62 42 B
469 B 157ms
51ms Image
image/gif 8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Thu, 16 Nov 2023 22:21:09 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK cs
pdw-adf.userreport.com/ Frame ED62 43 B
444 B 164ms
53ms Image
image/gif 18.238.55.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pdw-adf.userreport.com/cs
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.238.55.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-238-55-14.jfk52.r.cloudfront.net
Software: nginx/1.22.0 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 03:40:12 GMT
Via: 1.1 1f1744cc287fbe3723d548ac02f36c6a.cloudfront.net (CloudFront)
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.22.0
X-Amz-Cf-Pop: JFK52-P4
Age: 67257
X-Cache: Hit from cloudfront
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-Amz-Cf-Id: ejJMs4jy_UJEttM9X0EHY2JTFmTBEHXpFTf43QMuyz8iWpR2rIsA6A==

GET
H/1.1

200

p
a.audrte.com/ Frame ED62
Redirect Chain

https://a.audrte.com/a?adform_uid=284712521594400884
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=aTUzYmVxemFOWUFSUUtWYjNoSDdUYjZuUQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/p

68 B
424 B

140ms
139ms

Image
image/png

34.246.239.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Server: 34.246.239.231 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-239-231.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: nginx/1.22.1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: nginx/1.22.1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame ED62
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1586&dpuuid=284712521594400884&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirect%3D1
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1586&dpuuid=284712521594400884&redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1007%26cid%3D%24%7BDD_UUID%7D%26noredirec...
https://c1.adform.net/serving/cookie/match?party=1007&cid=16498473886063855933135759732638122012&noredirect=1

35 B
590 B

92ms
92ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1007&cid=16498473886063855933135759732638122012&noredirect=1

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

dcs: dcs-prod-va6-1-v053-009e75f36.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: ottHwAA3Rj0=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://c1.adform.net/serving/cookie/match?party=1007&cid=16498473886063855933135759732638122012&noredirect=1
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame ED62
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212269628&_puid=284712521594400884
https://dmp.adform.net/serving/cookie/match/?party=1014&cid=214690604702012895007

35 B
590 B

68ms
67ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1014&cid=214690604702012895007

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
via: 1.1 7ac993fb3bf15971cbb8b39563ee70e0.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: EWR53-C1
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://dmp.adform.net/serving/cookie/match/?party=1014&cid=214690604702012895007
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
x-amz-cf-id: DHu5UGCz-RPEDfUTly9SiHE9j4PfJGLqFDaizRABry9uvsQ-h3ABRg==
expires: 0

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame ED62
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1049%26cid%3D%25%25COOKIE%25%25
https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7302188587898828954

35 B
590 B

64ms
64ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7302188587898828954

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Location: https://dmp.adform.net/serving/cookie/match/?party=1049&cid=7302188587898828954
Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 33302
tags.bluekai.com/site/ Frame ED62 62 B
360 B 119ms
118ms Image
image/gif 23.219.12.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/33302?id=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.219.12.236 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-219-12-236.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 16 Nov 2023 22:21:09 GMT
content-length: 62
content-type: image/gif

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame ED62
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1066%26cid%3D%5BMM_UUID%5D
https://c1.adform.net/serving/cookie/match?party=1066&cid=aad36556-95d5-4300-a3fe-96b412f38346

35 B
599 B

63ms
63ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1066&cid=aad36556-95d5-4300-a3fe-96b412f38346

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: MT3 1075 283b7e3 master iad iad-pixel-x11 config_version:"455"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Location: https://c1.adform.net/serving/cookie/match?party=1066&cid=aad36556-95d5-4300-a3fe-96b412f38346
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Expires: Thu, 16 Nov 2023 22:21:08 GMT

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame ED62
Redirect Chain

https://pm.w55c.net/ping_match.gif?st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&st=adform&rurl=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1084%26cid%3D_wfivefivec_
https://c1.adform.net/serving/cookie/match?party=1084&cid=dcMlTJhM1R3KJv5

35 B
590 B

63ms
62ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1084&cid=dcMlTJhM1R3KJv5

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 22:21:09 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0a902551db30178c0@us-east-1e@dxedge-app-us-east-1-prod-asg
Location: https://c1.adform.net/serving/cookie/match?party=1084&cid=dcMlTJhM1R3KJv5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame ED62
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=71ei9rr&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=71ei9rr&ttd_tpi=1
https://dmp.adform.net/serving/cookie/match/?party=1144&tdid=86376af5-9bfe-4d63-b60a-906658ef077a

35 B
590 B

63ms
62ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1144&tdid=86376af5-9bfe-4d63-b60a-906658ef077a

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

location: https://dmp.adform.net/serving/cookie/match/?party=1144&tdid=86376af5-9bfe-4d63-b60a-906658ef077a
date: Thu, 16 Nov 2023 22:21:09 GMT
server: Kestrel
content-length: 225

GET
H/1.1

200
OK

image.sbmx
ib.mookie1.com/ Frame ED62
Redirect Chain

https://global.ib-ibi.com/image.sbmx?go=302927&pid=567&xid=284712521594400884
https://ib.mookie1.com/image.sbmx?go=302927&pid=567&xid=284712521594400884

0
421 B

366ms
89ms

Image
image/png

64.58.232.180
ASN-FLEXENTIAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.mookie1.com/image.sbmx?go=302927&pid=567&xid=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: HTTP/1.1
Server: 64.58.232.180 Las Vegas, United States, ASN13649 (ASN-FLEXENTIAL, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/png
Access-Control-Allow-Origin: *
p3p: CP="DSP COR ADM DEV PSA PSD OUR"
Cache-Control: no-cache
X-Server: LAS15
Content-Length: 0
Expires: -1

Redirect headers

Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Location: https://ib.mookie1.com:443/image.sbmx?go=302927&pid=567&xid=284712521594400884
Access-Control-Allow-Origin: *
p3p: CP="DSP COR ADM DEV PSA PSD OUR"
Cache-Control: private
X-Server: NY01
Content-Length: 203

GET
H2

200

3.gif
id5-sync.com/cq/10/124/0/ Frame ED62
Redirect Chain

https://id5-sync.com/s/10/0.gif?puid=284712521594400884
https://id5-sync.com/c/10/10/2/1.gif?puid=284712521594400884&gdpr=0&gdpr_consent=&us_privacy=
https://ib.adnxs.com/getuid?https://id5-sync.com/c/10/2/1/2.gif?puid=$UID&gdpr=0&gdpr_consent=
https://id5-sync.com/c/10/2/1/2.gif?puid=6092989962616973874&gdpr=0&gdpr_consent=
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-5a55JsMx-RuctIZgM1K_XaH7d8XN3zi28X8x8OrPbQ&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F10%2F124%2F0%2F3.gif%3Fpuid%3D%...
https://id5-sync.com/cq/10/124/0/3.gif?puid=0b22f182-cc39-4bc0-8403-73e3bfbe3405&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

43 B
1 KB

150ms
150ms

Image
image/gif

141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/cq/10/124/0/3.gif?puid=0b22f182-cc39-4bc0-8403-73e3bfbe3405&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

Redirect headers

location: https://id5-sync.com/cq/10/124/0/3.gif?puid=0b22f182-cc39-4bc0-8403-73e3bfbe3405&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
access-control-allow-origin: *
date: Thu, 16 Nov 2023 22:21:10 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

/
dmp.adform.net/serving/cookie/match/ Frame ED62
Redirect Chain

https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D
https://redirect.frontend.weborama.fr/redirect/standard?url=https%3A%2F%2Fdmp.adform.net%2Fserving%2Fcookie%2Fmatch%2F%3Fparty%3D1145%26cid%3D%7BWEBO_CID%7D&bounce=1&random=419072084
https://dmp.adform.net/serving/cookie/match/?party=1145&cid=fTciQPOb7dhcNwE8wtJ3eu

35 B
590 B

65ms
65ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1145&cid=fTciQPOb7dhcNwE8wtJ3eu

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
via: 1.1 google
last-modified: Thu, 16 Nov 2023 22:21:09 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
location: https://dmp.adform.net/serving/cookie/match/?party=1145&cid=fTciQPOb7dhcNwE8wtJ3eu
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame ED62 23 B
278 B 214ms
63ms Image
image/gif 23.220.125.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=119&uid=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.125.47 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-125-47.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Thu, 16 Nov 2023 22:21:09 GMT
pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H2

200

ads-user-sync
www.tumblr.com/ Frame ED62
Redirect Chain

https://s.ad.smaato.net/c/?dspInit=1001213&dspCookie=284712521594400884
https://www.tumblr.com/ads-user-sync?partner=smaato&uid=d7fbb2f820&gdpr=0&gdpr_consent=

70 B
1 KB

134ms
74ms

Image
image/png

192.0.77.40
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tumblr.com/ads-user-sync?partner=smaato&uid=d7fbb2f820&gdpr=0&gdpr_consent=

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

assets.tumblr.com

Software

nginx /

Resource Hash

a73237a07cec4d81b7cb7995220839f554e2e8936e5d5ae25cc47753f9737c07

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-oP9WhxaTXH8g4ukpkHELvU9pgc'; object-src 'none'; worker-src blob:; base-uri 'self';
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-nc: mia 1
date: Thu, 16 Nov 2023 22:21:09 GMT
content-security-policy: script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-oP9WhxaTXH8g4ukpkHELvU9pgc'; object-src 'none'; worker-src blob:; base-uri 'self';
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; preload
x-frame-options: deny
p3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
content-type: image/png
x-rid: bf059897da63134114bae5a9634ad50d
content-length: 70
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1

Redirect headers

date: Thu, 16 Nov 2023 22:21:09 GMT
via: 1.1 e633246cea8190d010825a2ed2aaa320.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: ORD51-C2
x-cache: Miss from cloudfront
location: https://www.tumblr.com/ads-user-sync?partner=smaato&uid=d7fbb2f820&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: T-mLAsSAmN6eOG1YR3KgHBhHh_c4IgvjfLOihaLZ9k_mjz0PFxs8fA==

GET
H2

200

match
c1.adform.net/serving/cookie/ Frame ED62
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=2032&partner_device_id=284712521594400884&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7BTA_DEV...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2032&partner_device_id=284712521594400884&partner_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d2007%26cid%3D%24%7B...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=07844c2f-0e80-4452-aa67-af2d0e199c1f%252Chttps%25253A%25252F%25252Fc1.adform.net%25252Fserving%25252Fcookie%25252Fmatch%2...
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=86376af5-9bfe-4d63-b60a-906658ef077a&ttd_puid=07844c2f-0e80-4452-aa67-af2d0e199c1f%2Chttps%253A%252F%252Fc1.adform.net%25...
https://c1.adform.net/serving/cookie/match?party=2007&cid=07844c2f-0e80-4452-aa67-af2d0e199c1f

35 B
590 B

67ms
66ms

Image
image/gif

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=2007&cid=07844c2f-0e80-4452-aa67-af2d0e199c1f

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

Redirect headers

date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://c1.adform.net/serving/cookie/match?party=2007&cid=07844c2f-0e80-4452-aa67-af2d0e199c1f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 284712521594400884
match.contentexchange.me/adform/ Frame ED62 0
49 B 469ms
159ms Image
text/plain 46.19.11.36
SIEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.contentexchange.me/adform/284712521594400884?redirect_url=https%3a%2f%2fc1.adform.net%2fserving%2fcookie%2fmatch%3fparty%3d1219
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 46.19.11.36 , Slovenia, ASN51790 (SIEL, SI),
Reverse DNS: ilog.vsn.si
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:10 GMT
content-length: 0
server: nginx/1.16.1

GET
H2 200 /
bpi.rtactivate.com/tag/ Frame ED62 43 B
109 B 181ms
77ms Image
image/gif 3.230.136.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=16974&user_id=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.136.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-136-68.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:09 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H2

200

xuid
eb2.3lift.com/ Frame ED62
Redirect Chain

https://eb2.3lift.com/xuid?mid=7354&xuid=284712521594400884&dongle=AD20
https://eb2.3lift.com/xuid?ld=1&mid=7354&xuid=284712521594400884&dongle=AD20&gdpr=0&cmp_cs=&us_privacy=

37 B
354 B

54ms
54ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=7354&xuid=284712521594400884&dongle=AD20&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 16 Nov 2023 22:21:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=7354&xuid=284712521594400884&dongle=AD20&gdpr=0&cmp_cs=&us_privacy=
date: Thu, 16 Nov 2023 22:21:10 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET 296800c6dbd7f8eb22cf034b9927d719.gif
sync.e-volution.ai/ Frame ED62 0
0

GET
H2 200 put
e1.emxdgt.com/ Frame ED62 43 B
120 B 219ms
50ms Image
image/gif 34.235.210.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://e1.emxdgt.com/put?d=d52&uid=284712521594400884
Requested by: Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.235.210.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-210-13.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:10 GMT
content-length: 43
x-nosync: emp
content-type: image/gif

GET
H2 200 plf
c1.adform.net/imatch/ Frame ED62 0
384 B 66ms
66ms Image
text/plain 185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/imatch/plf?name=plfl

Requested by

Host: c1.adform.net
URL: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://c1.adform.net/imatch/pixels?uid=284712521594400884&agencyId=7028&advertiserId=2079361&src=tp&rnd=115005
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H3 200 649860135726018 Show response
connect.facebook.net/signals/config/ 143 KB
37 KB 142ms
141ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649860135726018?v=2.9.138&r=stable&domain=www.gesa.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7fed3f9dfb72bf6044a623fe66ee3c9ba3411d95dde201db2c6d2e3aa027249a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 16 Nov 2023 22:21:08 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: dp++3xzPmT8lRpNcm22IkFksq9BjeytjN2oFAaoOBi4pJEDp0Bb5ezhMD0eqEzWCczZWuW9zf4TXZdfL8VT1SQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 163ms
54ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=309829729581526&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com&rl=&if=false&ts=1700173268691&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1700173267634.5916564774&cs_est=true&pm=1&hrl=8862d9&ler=empty&it=1700173268047&coo=false&cs_cc=1&cas=2051438564888032%2C2582691048423790&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 16 Nov 2023 22:21:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 162ms
53ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=802797680067475&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com&rl=&if=false&ts=1700173268694&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1700173267634.5916564774&pm=1&hrl=368891&ler=empty&it=1700173268047&coo=false&cs_cc=1&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 16 Nov 2023 22:21:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 163ms
54ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=649860135726018&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2F&rl=&if=false&ts=1700173268697&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1700173267634.5916564774&cs_est=true&ler=empty&it=1700173268047&coo=false&rqm=GET

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 16 Nov 2023 22:21:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H/1.1 200
OK pixel.gif
pixel.alpharank.io/ 35 B
543 B 312ms
102ms Ping
application/octet-stream 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.alpharank.io/pixel.gif?id=bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de&duid=4.32.4-y85s3sp5-lp1r9m7n&fp=a3db17c261e098fb852ecd1cf6440306&ev=pageload&v=4.32.4&dl=https%3A%2F%2Fwww.gesa.com%2F&ts=1700173268402&de=UTF-8&sr=1600x1200&vp=1600x1200&cd=24&dt=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&bn=Chrome%20119&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36&tz=600
Requested by: Host: api.alpharank.io
URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de?c=n&t=1700179200000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Thu, 16 Nov 2023 22:21:09 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://www.gesa.com
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 35

GET
H2 200 clickstream.js Show response
d10lpsik1i8c69.cloudfront.net/js/ Frame 9827 287 KB
92 KB 145ms
48ms Script
application/javascript 54.239.153.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Requested by: Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.239.153.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-239-153-200.iad50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb

Request headers

Referer
Origin: https://www.gesa.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 01:02:52 GMT
content-encoding: gzip
via: 1.1 a2da30f5dacfbd28d77cf4c9702318f8.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
age: 2409501
x-cache: Hit from cloudfront
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
etag: W/"6a7ba000cc0f3518baa46608eb12410c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: 2BjQGB6omJ_qLef0qAdJwa-XEj3Ts0e9QTSbgbRTGcORM8a2uUQRkg==

GET
H3 200 Goethals-Branch-100723_2.jpg
www.gesa.com/wp-content/uploads/2022/07/ 132 KB
132 KB 48ms
47ms Image
image/jpeg 2606:4700:10::6816:1055
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/07/Goethals-Branch-100723_2.jpg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:1055 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70d5e6c1d9df9766872d0d029b0c9620358f2412a08a7f9d37a1f7f24f43a2f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 22:21:15 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 606028
cf-polished: origSize=138490
alt-svc: h3=":443"; ma=86400
content-length: 134721
x-xss-protection: 1; mode=block
referrer-policy: origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 13 Jul 2023 21:52:31 GMT
server: cloudflare
etag: "64b0721f-21cfa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(), push=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8273203b9b21333d-MIA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.e-volution.ai
URL: https://sync.e-volution.ai/296800c6dbd7f8eb22cf034b9927d719.gif?puid=284712521594400884

Verdicts & Comments Add Verdict or Comment

146 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

116 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.gesa.com/	1970-01-20 20:35:25	Name: pbid Value: 0a83365887689044fd1cdd552c27f0124000e79ab8fac688386c0c2e413d43e1
.www.gesa.com/	1970-01-20 16:16:15	Name: __cf_bm Value: JSIvsI3cUbJMvis_2122CjVZSlqQgS1dReqpEAykIYY-1700173266-0-AcXnw0ojpdKuSYYpqC2Cl3zZwBTnFzKjS9OmCTMvm9A3JYlSt1+VxK77+1HKvJOkWJi0JyATuhNjMTxtpnIoTEg=
www.gesa.com/	1970-01-20 16:16:16	Name: pys_session_limit Value: true
www.gesa.com/	1969-12-31 23:59:59	Name: pys_start_session Value: true
.gesa.com/	1970-01-21 01:52:13	Name: _evga_6d54 Value: {%22uuid%22:%2238e75e62100b7842%22}
.gesa.com/	1970-01-21 01:52:13	Name: _sfid_0e63 Value: {%22anonymousId%22:%2238e75e62100b7842%22%2C%22consents%22:[]}
.gesa.com/	1970-01-20 18:25:49	Name: _gcl_au Value: 1.1.1160094104.1700173268
www.gesa.com/	1970-01-20 16:26:18	Name: pys_first_visit Value: true
www.gesa.com/	1970-01-20 16:26:18	Name: pysTrafficSource Value: direct
www.gesa.com/	1970-01-20 16:26:18	Name: pys_landing_page Value: https://www.gesa.com/
www.gesa.com/	1970-01-20 16:26:18	Name: last_pysTrafficSource Value: direct
www.gesa.com/	1970-01-20 16:26:18	Name: last_pys_landing_page Value: https://www.gesa.com/
tags.srv.stackadapt.com/	1970-01-21 01:01:49	Name: sa-user-id Value: s%3A0-35d1521b-f6b0-5fb7-7d95-65b5470920a1.HIRTD9gMs93M9a28vDFs9mEEgDOE7%2FR8YC0gtMHQy7U
.srv.stackadapt.com/	1970-01-21 01:01:49	Name: sa-user-id Value: s%3A0-35d1521b-f6b0-5fb7-7d95-65b5470920a1.HIRTD9gMs93M9a28vDFs9mEEgDOE7%2FR8YC0gtMHQy7U
tags.srv.stackadapt.com/	1970-01-21 01:01:49	Name: sa-user-id-v2 Value: s%3ANdFSG_awX7d9lWW1RwkgoSaEdkM.yHf4PAncx22XeHFj7ki2eihMdqit4jSA3UDJckjpRRw
.srv.stackadapt.com/	1970-01-21 01:01:49	Name: sa-user-id-v2 Value: s%3ANdFSG_awX7d9lWW1RwkgoSaEdkM.yHf4PAncx22XeHFj7ki2eihMdqit4jSA3UDJckjpRRw
tags.srv.stackadapt.com/	1970-01-21 01:01:49	Name: sa-user-id-v3 Value: s%3AAQAKIAglnDqoqNSVMcOT8pUWkn8WcZZEjkHedCR__vb3PH7QEHwYBCDTq9qqBjABOgRyABfNQgRQbumz.P%2FsoCiLW23rJf4VWUeVGfW%2FOV2ERUlmj0Nqxd5QRnbk
.srv.stackadapt.com/	1970-01-21 01:01:49	Name: sa-user-id-v3 Value: s%3AAQAKIAglnDqoqNSVMcOT8pUWkn8WcZZEjkHedCR__vb3PH7QEHwYBCDTq9qqBjABOgRyABfNQgRQbumz.P%2FsoCiLW23rJf4VWUeVGfW%2FOV2ERUlmj0Nqxd5QRnbk
www.gesa.com/	1970-01-20 16:26:18	Name: _fbp Value: fb.1.1700173267634.5916564774
gesacu.us-1.evergage.com/	1970-01-20 16:26:18	Name: AWSALBTGCORS Value: eY6p6z8RY4cn1f5MQvHFMdO7oXniRbpMt7no/7rD52gcwg6Zr73b0Ld9aoqC7TvlyonJQl+Hs7LnxwsRTPYSTV9XZQZ7egSccrtLJso3AIt5+BAHjD593E4bdniiYjQk0xsHNP4gGZhzDnmL5NqB8yTrCi1F933IUEDkchht9j+gAG0dq1s=
www.gesa.com/	1970-01-21 01:01:49	Name: sa-user-id Value: s%253A0-35d1521b-f6b0-5fb7-7d95-65b5470920a1.HIRTD9gMs93M9a28vDFs9mEEgDOE7%252FR8YC0gtMHQy7U
www.gesa.com/	1970-01-21 01:01:49	Name: sa-user-id-v2 Value: s%253ANdFSG_awX7d9lWW1RwkgoSaEdkM.yHf4PAncx22XeHFj7ki2eihMdqit4jSA3UDJckjpRRw
www.gesa.com/	1970-01-21 01:01:49	Name: sa-user-id-v3 Value: s%253AAQAKIAglnDqoqNSVMcOT8pUWkn8WcZZEjkHedCR__vb3PH7QEHwYBCDTq9qqBjABOgRyABfNQgRQbumz.P%252FsoCiLW23rJf4VWUeVGfW%252FOV2ERUlmj0Nqxd5QRnbk
.gesa.com/	1970-01-20 18:25:49	Name: _rdt_uuid Value: 1700173268075.32b9a273-8014-4c9f-b04a-7c520a5df01b
.gesa.com/	1970-01-20 16:17:39	Name: _gid Value: GA1.2.504378271.1700173268
.gesa.com/	1970-01-20 16:16:13	Name: _dc_gtm_UA-32823301-1 Value: 1
.gesa.com/	1970-01-21 01:52:13	Name: _ga_H1S93VJW48 Value: GS1.1.1700173268.1.0.1700173268.60.0.0
.gesa.com/	1970-01-21 01:52:13	Name: _ga Value: GA1.1.705573807.1700173268
.gesa.com/	1970-01-20 16:17:39	Name: _uetsid Value: 708c725084ce11ee825c85242dbaf96d
.gesa.com/	1970-01-21 01:37:49	Name: _uetvid Value: 708ccf2084ce11eeb50da56fb2f1e0cf
.adform.net/	1970-01-20 16:59:25	Name: C Value: 1
.bing.com/	1970-01-21 01:37:49	Name: MUID Value: 2132AAAF5546663A1E8EB964545A67E4
.bat.bing.com/	1970-01-20 16:26:18	Name: MR Value: 0
.adform.net/	1970-01-20 17:42:37	Name: uid Value: 284712521594400884
.adform.net/	1970-01-20 16:17:39	Name: CM Value: 1\|1
.gesa.com/	1970-01-21 01:01:49	Name: _hjSessionUser_2399688 Value: eyJpZCI6ImJmNzFiYjA3LTdhZDEtNTllYy1iNDQ1LTg4MjlmMThkYjlkOSIsImNyZWF0ZWQiOjE3MDAxNzMyNjgzNzEsImV4aXN0aW5nIjpmYWxzZX0=
.gesa.com/	1970-01-20 16:16:15	Name: _hjFirstSeen Value: 1
.gesa.com/	1970-01-20 16:16:15	Name: _hjIncludedInSessionSample_2399688 Value: 0
.gesa.com/	1970-01-20 16:16:15	Name: _hjSession_2399688 Value: eyJpZCI6IjE4ZGNhNzQxLThhOGYtNGY3OS1iOTQxLWFmMjVjYzAyNjc3ZCIsImNyZWF0ZWQiOjE3MDAxNzMyNjgzNzIsImluU2FtcGxlIjpmYWxzZSwic2Vzc2lvbml6ZXJCZXRhRW5hYmxlZCI6dHJ1ZX0=
.gesa.com/	1970-01-20 16:16:15	Name: _hjAbsoluteSessionInProgress Value: 0
.linkedin.com/	1970-01-20 18:25:49	Name: li_sugr Value: c06396a5-bf8e-4298-8d0b-bf26dfc4a0aa
.linkedin.com/	1970-01-21 01:01:49	Name: bcookie Value: "v=2&855b390f-2ef8-4832-8c53-53a5e3b67f9f"
.linkedin.com/	1970-01-20 16:17:39	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3101:u=1:x=1:i=1700173268:t=1700259668:v=2:sig=AQEbzy20G2_74jAHexQNESRoFNUqxHDD"
.leadsrx.com/	1970-01-21 01:01:49	Name: _lab Value: 3377700517387202
.leadsrx.com/	1970-01-21 01:01:49	Name: _lab_lastTouch Value: direct
.adform.net/	1970-01-20 16:36:22	Name: CM14 Value: 1700259662_1700173262_1_Hu7u4e4e4R7u7u4REREeERERERHhEQ
.gesa.com/	1970-01-21 01:01:49	Name: _lab Value: 3377700517387202
.linkedin.com/	1970-01-20 16:59:25	Name: UserMatchHistory Value: AQJf0NPeiQvS5QAAAYvaOUX50Tni5daENLa3G1Py2JGxS81fNncjQ1UggA-sGxBnPIzpo7gHH86MuQ
.linkedin.com/	1970-01-20 16:59:25	Name: AnalyticsSyncHistory Value: AQJtx_B3cvMuIwAAAYvaOUX5skeYkhjfqmq68cXkkb5nwThApKNy76U8kpNULjXEu90syIAiIw00__pVVLkXug
.seadform.net/	1970-01-20 17:42:37	Name: uid Value: 284712521594400884
.www.linkedin.com/	1970-01-21 01:01:49	Name: bscookie Value: "v=1&202311162221082dd0c8bf-4fb2-4888-8efa-16f27cd4ff74AQFPjqJj50U3yt3QXrTD_K_R9pFnFK_a"
.casalemedia.com/	1970-01-21 01:01:49	Name: CMID Value: ZVaV1N23pB03drXQesHJcgAA
.casalemedia.com/	1970-01-20 18:25:49	Name: CMPS Value: 2913
.casalemedia.com/	1970-01-20 18:25:49	Name: CMPRO Value: 2913
.360yield.com/	1970-01-20 18:25:49	Name: tuuid Value: 0b22f182-cc39-4bc0-8403-73e3bfbe3405
.360yield.com/	1970-01-20 18:25:49	Name: tuuid_lu Value: 1700173268
.smartadserver.com/	1970-01-21 01:46:27	Name: pid Value: 1662969534616477105
.smartadserver.com/	1970-01-21 01:46:27	Name: TestIfCookieP Value: ok
.smartadserver.com/	1970-01-21 01:03:15	Name: csync Value: 22:284712521594400884
.yahoo.com/	1970-01-21 01:02:10	Name: A3 Value: d=AQABBNSVVmUCEAFExbBnlAkMSNi-qR8o1fIFEgEBAQHnV2VgZdxH0iMA_eMAAA&S=AQAAAt8xzYw0OEA1F_kddELuuss
.gesa.com/	1970-01-20 18:25:49	Name: _fbp Value: fb.1.1700173267634.5916564774
.ads.stickyadstv.com/	1970-01-20 17:42:37	Name: uid-bp-617 Value: 284712521594400884
.ads.stickyadstv.com/	1970-01-20 16:59:25	Name: UID Value: 4b17731eabbfad3bea36a4062ae067
.rubiconproject.com/	1970-01-21 01:01:49	Name: khaos Value: LP1R9M20-N-5X53
.rubiconproject.com/	1970-01-21 01:01:49	Name: audit Value: 1\|eUlFbT1WF7qrgdyJpz6ytZNBRTuLqrmcJtdJEaWZVhw8fCYmOTvXg4Kq7Kzb51st7FTW9H5lMilCbuL7wqM7W8iEQX1ma3kM0vAdIYlFLYnXGoY3aaWB3en545NqLFGzOh53Xe+wW0M82OBi87/ISg==
.analytics.yahoo.com/	1970-01-21 01:01:49	Name: IDSYNC Value: 1760~2f3a
.sharethrough.com/	1970-01-20 16:59:25	Name: stx_user_id Value: 8ca724b6-908b-4904-bf8c-7d20742ac050
.rlcdn.com/	1970-01-20 17:42:37	Name: pxrc Value: CNSr2qoGEgYIuuoBEAA=
.openx.net/	1970-01-21 01:01:49	Name: i Value: 955d53a3-659d-4c8b-ab39-9f852affb830\|1700173268
.exelator.com/	1970-01-20 19:09:01	Name: EE Value: "3e9bef276e5f8f8c9118dac6435f3b1c"
www.gesa.com/	1970-01-21 01:52:13	Name: __arank_duid Value: 4.32.4-y85s3sp5-lp1r9m7n
.eyeota.net/	1970-01-21 01:03:15	Name: mako_uid Value: 18bda3947a9-51680000010a5fdd
.eyeota.net/	1970-01-20 16:16:13	Name: SERVERID Value: 24541~DM
.exelator.com/	1970-01-20 19:09:01	Name: ud Value: "eJxrXxzq6XKLQcE41TIpNc3I3CzVNM0izSLZ0tDQIiUx2czE2DTNOMkweXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQckl%252BUWb6otDgxUUpaQyLSopPBR99KwsAzVMq%252BA%253D%253D"
.adscale.de/	1970-01-21 00:58:29	Name: uu Value: 1a39335ad63f4898b748a3eefabc9da1
.adscale.de/	1970-01-21 00:58:29	Name: cct Value: 1700173268874
.bluekai.com/	1970-01-20 20:38:18	Name: bku Value: /Ux99BuPPZUSvGzP
.doubleclick.net/	1970-01-21 01:52:13	Name: IDE Value: AHWqTUkLim0v6LTs44VfNfbIBXqa2s4pMAu9Djy6Db3munz3aFogfMGnAU7EXtMrdrs
.krxd.net/	1970-01-20 20:35:25	Name: _kuid_ Value: P64t5fF-
.ih.adscale.de/	1970-01-21 00:58:29	Name: tu Value: 4#2457482151#42~284712521594400884~472270~0~0
.adnxs.com/	1970-01-20 18:25:49	Name: uuid2 Value: 6092989962616973874
.pubmatic.com/	1970-01-20 16:59:25	Name: KRTBCOOKIE_391 Value: 22924-284712521594400884&KRTB&23263-284712521594400884&KRTB&23481-284712521594400884
.pubmatic.com/	1970-01-20 16:59:25	Name: PugT Value: 1700173269
pixel.alpharank.io/	1970-01-21 01:52:13	Name: __arank.uid__ Value: a70910da-4956-4744-b056-c39b0b72d154
.demdex.net/	1970-01-20 20:35:25	Name: demdex Value: 16498473886063855933135759732638122012
.onaudience.com/	1970-01-21 01:01:49	Name: cookie Value: dadce82870a7f84a
.onaudience.com/	1970-01-20 16:17:39	Name: done_redirects104 Value: 1
.agkn.com/	1970-01-21 01:01:49	Name: ab Value: 0001%3A3BfNtFm6%2F%2B%2FbQElLTNmKq%2B%2Bypal9VuEz
.dpm.demdex.net/	1970-01-20 20:35:25	Name: dpm Value: 16498473886063855933135759732638122012
.semasio.net/	1970-01-21 01:01:49	Name: SEUNCY Value: 19FFE2DA64552466
.adnxs.com/	1970-01-20 18:25:49	Name: anj Value: dTM7k!M4/YErk#WF']wIg2GVQvRj3I!]tbPl1MO?+q([.UbVBeQ:OAF[OIrVZ5>'`NZEk:cy%zI@oB7Q#BI7y)N[UD!!$`G(Szl%
.w55c.net/	1970-01-21 01:46:27	Name: wfivefivec Value: dcMlTJhM1R3KJv5
.mathtag.com/	1970-01-21 01:42:08	Name: uuid Value: aad36556-95d5-4300-a3fe-96b412f38346
.onaudience.com/	1970-01-20 16:17:39	Name: done_redirects147 Value: 1
.w55c.net/	1970-01-20 16:59:25	Name: matchadform Value: 5
.adsrvr.org/	1970-01-21 01:03:15	Name: TDID Value: 86376af5-9bfe-4d63-b60a-906658ef077a
.adfarm1.adition.com/	1970-01-20 18:25:49	Name: UserID1 Value: 7302188587898828954
global.ib-ibi.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: 514pjfnz2wapnov5vrbfpkoz
.audrte.com/	1970-01-20 16:37:49	Name: arcki2 Value: i53beqzaNYARQKVb3hH7Tb6nQ!20220908!1700173269583!ip#38.132.118.67
.audrte.com/	1970-01-20 16:37:49	Name: arcki2_adform Value: 284712521594400884!20220908!1700173269583
.weborama.fr/	1970-01-21 01:42:08	Name: AFFICHE_W Value: HQE7u9xTU2Ed96
.teads.tv/	1970-01-21 01:00:22	Name: tt_viewer Value: 1e7ec402-b733-4e23-a58e-290d060bde4d
.tapad.com/	1970-01-20 17:42:37	Name: TapAd_TS Value: 1700173269726
.tapad.com/	1970-01-20 17:42:37	Name: TapAd_DID Value: 07844c2f-0e80-4452-aa67-af2d0e199c1f
.smaato.net/	1970-01-20 16:46:27	Name: SCM Value: d7fbb2f820
.smaato.net/	1970-01-20 16:46:27	Name: SCMtu Value: d7fbb2f820
.smaato.net/	1970-01-20 16:46:27	Name: SCM1001213 Value: d7fbb2f820
.audrte.com/	1970-01-20 16:37:49	Name: arcki2_ddp2 Value: i53beqzaNYARQKVb3hH7Tb6nQ!20220908!1700173269784
.adsrvr.org/	1970-01-21 01:03:15	Name: TDCPM Value: CAESFAoFdGFwYWQSCwiepOPgi7-zPBAFGAEgASgCMgsI3JnmjaK_szwQBTgBWgV0YXBhZGAC
.tapad.com/	1970-01-20 17:42:37	Name: TapAd_3WAY_SYNCS Value: 1!7702
ib.mookie1.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: reyi3crztorktjplynsrqnf0
.id5-sync.com/	1970-01-20 18:25:49	Name: id5 Value: e1245605-186a-7cd4-bed5-2aa1a4d599b5#1700173269776#2
.3lift.com/	1970-01-20 18:25:49	Name: tluid Value: 2205528855458612133798
.360yield.com/	1970-01-20 18:25:49	Name: um Value: !42,MmARdXuVnFpZzMvyCNfZxYi6PNkFskQNtKiBXvPAJks,1701382862!79,XzTSV90dRHuGwK6puPYDmEdH2uxi6fLEXvh1Ybn5l16vGq0-rvnLb0a7NG3fstUB5SZq2q0cwLfCW3ac,1707949270
.360yield.com/	1970-01-20 18:25:49	Name: umeh Value: !42,0,1762381268,-1!79,0,1762381270,-1
.id5-sync.com/	1970-01-20 18:25:49	Name: 3pi Value: 2#1700173270164#1371958765#6092989962616973874\|10#1700173269933#1451253510#284712521594400884\|124#1700173270369#-1336506524

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'notifications'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'push'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'speaker'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vibrate'.
network	error	URL: https://google-analytics.bi.owox.com/collect?v=1&_v=j101&a=9073257&t=pageview&_s=1&dl=https%3A%2F%2Fwww.gesa.com%2F&ul=en-us&de=UTF-8&dt=Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAACAEK~&jid=1515941260&gjid=1316061589&cid=705573807.1700173268&tid=UA-32823301-1&_gid=504378271.1700173268&_slc=1&gtm=45He3b81n81MTFL685v79611690&gcd=11l1l1l1l1&dma=0&cd1=705573807.1700173268_1700173268090&z=1512038889 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sync.crwdcntrl.net/map/c=6466/tp=ADFM/tpid=284712521594400884/gdpr=/gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.audrte.com
a1.seadform.net
a2.adform.net
aa.agkn.com
ad.360yield.com
ad.yieldlab.net
ads.stickyadstv.com
alb.reddit.com
analytics.google.com
api.adrtx.net
api.alpharank.io
app.leadsrx.com
app.marketplan.io
app.truconversion.com
bat.bing.com
beacon.krxd.net
bpi.rtactivate.com
c1.adform.net
cdn.evgnet.com
cm.g.doubleclick.net
connect.facebook.net
d10lpsik1i8c69.cloudfront.net
dmp.adform.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e1.emxdgt.com
eb2.3lift.com
eu-u.openx.net
gesacu.us-1.evergage.com
global.ib-ibi.com
google-analytics.bi.owox.com
googleads.g.doubleclick.net
ib.adnxs.com
ib.mookie1.com
ice.360yield.com
id5-sync.com
idsync.rlcdn.com
ih.adscale.de
load77.exelator.com
loadm.exelator.com
match.adsrvr.org
match.contentexchange.me
match.sharethrough.com
pdw-adf.userreport.com
pixel.alpharank.io
pixel.mathtag.com
pixel.onaudience.com
pixel.tapad.com
pm.w55c.net
ps.eyeota.net
px.ads.linkedin.com
px4.ads.linkedin.com
redirect.frontend.weborama.fr
rtb-csync.smartadserver.com
s.ad.smaato.net
s2.adform.net
s3-eu-west-1.amazonaws.com
script.hotjar.com
se.semasio.net
secure.adnxs.com
secure.node7seat.com
settings.luckyorange.net
simage2.pubmatic.com
snap.licdn.com
static.hotjar.com
stats.g.doubleclick.net
sync.crwdcntrl.net
sync.e-volution.ai
sync.teads.tv
synchroscript.deliveryengine.adswizz.com
tags.bluekai.com
tags.srv.stackadapt.com
token.rubiconproject.com
uip.semasio.net
uipglob.semasio.net
ups.analytics.yahoo.com
www.facebook.com
www.gesa.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.tumblr.com
x.bidswitch.net
sync.e-volution.ai
104.18.36.155
104.26.10.16
13.107.42.14
13.225.63.83
141.94.171.213
141.95.98.65
151.101.128.114
151.101.129.140
172.253.62.157
18.164.96.77
18.203.15.21
18.204.53.13
18.238.55.14
185.167.164.43
185.167.164.45
185.167.164.49
192.0.77.40
2001:4860:4802:34::178
2001:4860:4802:34::181
23.105.12.172
23.206.252.117
23.219.12.236
23.220.117.26
23.220.125.47
2600:1408:5400:1c::173d:b3d
2600:9000:21d5:6800:1b:5138:8a40:93a1
2606:4700:10::6816:1055
2606:4700:3030::ac43:a9a7
2607:f8b0:4004:c06::61
2607:f8b0:4004:c07::9b
2607:f8b0:4004:c08::68
2607:f8b0:4004:c08::9d
2620:1ec:21::14
2620:1ec:c11::200
2a02:6ea0:e200::2
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
2a04:4e42::396
3.120.47.64
3.161.188.46
3.211.123.40
3.219.107.148
3.226.187.105
3.230.136.68
3.232.196.85
34.111.113.62
34.197.192.192
34.200.65.202
34.229.3.43
34.235.210.13
34.246.239.231
34.255.135.5
35.164.239.32
35.186.228.179
35.190.24.218
35.190.60.146
35.211.178.172
35.244.159.8
35.71.131.137
35.71.139.29
44.226.76.195
46.19.11.36
50.57.31.206
52.146.86.174
52.88.183.153
52.92.35.48
54.172.84.140
54.211.145.128
54.239.153.200
54.80.30.57
63.251.28.234
64.58.232.180
68.67.160.184
69.169.85.6
69.173.151.100
77.243.51.121
8.28.7.83
85.114.159.93
0020646d32da84bf3e786d16ad939d610e989ba3bc2304fb68072f3537c60ee0
00bca6a9271b5e1cbb3965a74f48c1ce0b72bcbf08790aa2cab95f8dc5362153
013c037f68d07cd5a0a595f89995290aec3addca27079bc47ecd128440b06b3a
01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c
03875f5ffa03acb3b4e09691ae36cdb0f1a4d3af8da45b8f4d998ed175236f59
049998472f24fe69a2a5d946806e7d7772f733953c2e8947dfee3c925becf9ba
04a89601c8f437b9ab3f74714d3374609a58b1079315f8dc5d440cc80d1ed589
06610fe2a43b1065a10fef2028f0e284be932e564723402722764bc7e9b4bee6
08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb
09bb15f21c30116957d4917230f723fd982a18e323b9728dee8825ee409b5715
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0afe04cfbce95f98b08ab24d6d787e27054a02c3c02c6bb7da44c86c8515e132
0bc396bf8a3b9e6cd2c8275599ba07f84ae64a6833d38ae8739e44ca553daf0a
0bd83e73599f7353210a85df22ef8b07cecc1427bfdda6cd3b0138106dcee7d9
0c9ef83e9ca2f04a0a6ef605ecdc810c7ea0b36e7b9767bdcf6bdc38c6a8e831
0cc9b6262b97ecc400e496047cf0c01b47da5196e01952a7a413a9e6f964607f
0db80e4ae35fcf307507f9ced66fe9ccb3147c1ea12a60ea034092e6aa3ebf40
0e5f88d5f3f0a3e98dbadd075c243738506d5c0b668447b08a23911c4723cd3d
0ef003c90c31f90a2abb3b6003fa3c8c463d1eb66eb3c2379b2bd2d7cac626e2
10bd18f098e5cef6e2a15898fe091a6b7821fb97f3f524349552bb3a4f3576d9
119c68cafab2592ca4b6c4c435cc38885313eefbaf9b6373f9ad20c37d172d63
137ce284058103233f12c23f00cb0ce873387bf0d46ce523b5fb1dfb22d8cb05
149a076ecaad2e2df89632a51a3f67087ffc5b40b4b0a13adcc374c2e5e22905
14ab9d038257f517c4e1b485d7a9228fe500c0ebfa571350232f73f2c1c8e991
1c6dff56285c242a4845a3ff3e182ef9abeb37b941095d88dc418f84b2e0aec1
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d2f6022504259884302bb439c2b3782b0fa686af2a040f3766119cc5a83d464
1dbfeb7d4f8335eba017f0cbb0b779b34122d5e1f2b478e08afd0dd439bdf597
213e952d847772a3a51ca5c0931cdd084efd1010c737928c5a0b1c6a0d5be0a1
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
226898bfae2c40913fd46106a6634772385e08dddfd767474385770ebae28e0d
22cb7afd879af42251168f826b48ee24fc02073275e079dbf9760af9d7e074e9
241d5d37ce41bf5054b2a911827b9480f99e669dc2aa7982dca688028b35cb51
246faa0aca51a7be47ae13827bffdec1f0e69699d291c727646b56e83ee1fd0e
251f896d186d1d27c03670e3ea1894bff902ba52479c5ae148fa28cd218e9625
27c3bae726c78894582c23e5b507dda2dacd2c5c8aa9afe17ae179519e4ba3e0
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2d849984aadfbd799da2ee8e12277ac18a70d5e5a2166f73418ba4b46d382432
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e7347641bb77cc5caa5334f0548be059a490e20ea1082da3d4209e5c4f3fa02
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3026106731138872e882acce33910e82c9280990fa45317c9e900e1535e5039b
3169045b619f079c09edc6c6dc04268c645697430b7f0ccdfe815b8735c199d5
326b21d33a052c868180ff94d32409cdc689aa9ba9b68ca6787a2853100a1ff3
327f9b2dcba094127adb8f8668fa6dce7bf30e14a9f9166cc7fa1f5f03aecbbf
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
334d5e7f9a35f81aeabf466f3ee3c0c9522077a4f14c336998c7cb9827e7b21d
348a538cfb216ee6c6f9a9b5306cf64df862e7c7dd587baa3d36583d19a440df
34b57f0562e1b835d9472015a0eb0d81b245448db3585cf7f7933755814d1268
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
37045bf0d243623db4f2e99567c986944957b336dafa6368f4f75bcbad6fc4fa
380879506b65ced27bca1f81fc102b704581996889216ce7d4200afcd67a9422
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
38d80f3ac73e78e55531dfcd811e36a98708e1c593e8d3bc260293905387301d
3ae8d74f433ccc26f492867cb1964639892e27298c26e169bfc0777ccd1626b1
3d0a2fd86cf851d4adb5d2d95ab947626c85c0fe6684b1d293c8ffb4ca02ccd1
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3e77dafe902b5371d42c7e236b778a91874bfb8bdb2dc82b3ee3d4803d20fd9d
3ea0ae12147c76e3b4e6ad26bfb580121295c8aa91480dee7b7e579dd00eb23d
402c047e48c28bd9d49d6a18a3dc1a38d37fbb0cfb7a5fc9112cb284d84dd93b
4459255c9dcdc0841502a566ddfede0659b08f4ce2c08c26aac5be032af90548
4543785910eab419295691033691a60ec304e11afe3927e18e2442445bea2f84
45ed254cccf40c2bd7537604bfe5bb11773fc73611c40a1061b2acc04af162f8
4a25be1f0513a03c0595d7adc16dbd4402afaa9f00fdcb2564b53613eba2ad8b
4a518bd1723da2b6011895ad68059361ebb4cb80de3eec9145eacee89ddd9745
4a7fdd491f449c314d884b9b9b6d11cfe037179d84e567a62e1e19584881e3e9
4ad88e6a32db51a41cff1741970ca95b3e433fbfb8be269c72f881a42f2b88c6
4aead86dca038e98c7cfee632ca19778747a3ad9f53d74a1df67625a45210c16
4af105297c5b49ca668eaa0774c0eb479e907175f12ccc30e9c038dd7b6fcaf0
4af9a2e261fb48aca31900045f77d2a6d7dbd55df0c5967c40743f94dd8de0c6
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4c668b9785b8c2c0bb2479b6bd16f736385324a5a39870a92cf3d9e801080f01
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e438b7cda01c633b5bac61a6af60b042244039708fed06ed9cbbab45dc4e4e2
533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020
53d8923f74c6b3e4a21745f6edf891b2699aca8920c433dbbc4ff8a7c6e4df9f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54ed5da735268a39e1a50be7fb18914ad04bc46d4487fe933f5347bb23acdf45
55bf0bda5de576f5026effeddf372974746d1ed1309ad882b39e24fbc9eb6c0a
569052c8c3cf8e9e68bb28e54be9bb8873a7b14cee460cdb9955057c2b110da0
580f189b1fa0b5d382ac4cf3c93965259e59bec2ad687d36e0f4678782de96a6
58a752f5a1298d0757f7953670951352ab722958e4332e1f1f20a315f836e6e5
5a1e56f3bcecd6570dc3382eecdce163821c8cfd1f0d7fab728b25ef7014428c
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d
5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
62eae656d047defc6a444456fb8878aa962ccab6a6841a503fd275cbaeb0b59c
63046617ab9c0650fb173a815023797cbd872c48898e0f57b6ec8fca7bd1d390
641611b58754d802f2a7672c62a4d15ee0950f47c28f1bb9b2c1f38d9f7bca50
6816ba59d3757e525880fbf568b3faf808ffc743411d46ebfb33a543247ad628
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
698e93fe491cc7bbf07a470579a33dbd0db53c19142b7be41ebfd39a23aef11f
69bba50b17d75423288fd69eb23a6bf3a4ad2b63e762f64bd01c973228204e28
6a71c1b9c1b84a8603ced9fcc3a73fc59521065a35fe045a03c3fcd6f6c01977
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b5116bd2cb4809c6634b99a9b1ea0a0aeda596a94817682a0e4811e35eccc58
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e72cd55c905f3b710316c822d2dcfc305b17460b58d73639294b9b5867ec7d5
6f28f5c6a226dcd2c3b80fca12f7ef0b43a0385bd27cb69c698c8443f050d66d
6f47116b10e3e156f70ab31279c1fa298e34f89ff75af6eea89c2dc092362fa2
70d5e6c1d9df9766872d0d029b0c9620358f2412a08a7f9d37a1f7f24f43a2f2
73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213
76a010aa083e3d2d617689f0decaefe33c97c51e29f72ab123e81e873351670a
7866661e9747c63d27963b389bd0bbc19c29dc5255cf7393b727368927e9b06c
7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596
78c917da7996aab5334be848b0a45fb0adfea9cf6ca5650fffa0e6bb0c073c04
79c2f8e000136ab8664c9c2f22cbc8aafbee419a1eac3fec7ec32822c925cf7e
7a2adf4c1187ff44afb6596a750c078a97b07717364daade11a8c337771832e0
7a6bcd4b92a238ece494d91ba838734ac5768625dcdbda4e8f994b3a54af2471
7b354a0e73e811d7d49e6a34cff8a1ca999296498a411ace5efad1c5fc7f58bf
7e2153f09a9755105eb03cfa9aafc634350bf12c398f155229a75ba3c98d494f
7e6c39ab37a92035619ffbf66dd293f6d6980fc1bebdaeb9a0b922775abc32eb
7fed3f9dfb72bf6044a623fe66ee3c9ba3411d95dde201db2c6d2e3aa027249a
83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8480ba0fd7dd13ef2c897fd24f67bebcb22672f2e8ca6cfcb7d4da71e26a42b8
850d1d6da4bf05fe6cabf9c5809b746e72ab650aae667a4112939096c736fb76
862f705ec170962bc38c9c107ebbeeb48586ed583be54a1a7ef5411bec0c8109
8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf
87e66c0bc9701dfffa33878396ddff5a28c77d7b3ed4ae66b69e4e3a425f49a4
884ec4af3e42aa326e687947185fce05ecdbd42e4a4481de91495ab423a5259c
88bd92a6561a1c265ddd5add029ede12c5acbe96ff6c2d7f0b24c983758466b7
8c0364839511190adcbff9a36a5e132148ceb13b68cbf9e15754731d674343d1
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e87f2df7792f0f76c391e34fb95c32c45c1eebc228f7eadfe6e7191997d4d18
92af5c3016059719e31e89d97c6c9a63cbeaa5e938ce63e2c16dc7e8bc6d54fe
94e3c0e2c4567cd2d986d5637fe036e3bacb468296246074e4c62196d520733d
971c32a32a129e8bc0d7eed9d55e997308e4fb48d3af5c89f38f9af6ff1907f5
9796bc60fc921b490963396feaf198b84c0791bfdf574b230f75e451fb6368ad
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
99144ad2e79c49ffab117696ff8194e8509eaa67b7ec925eb4642bcd8800943c
99ae31397cc4d7d17099739f75a952c286250fb6cef2b1481a04480d36c64271
99c28ba77690124b83aea8cdbbb17ab1145ba247c791aeb4bad747b4248ac459
9cc56655684dd02ce927521ac8435d2b35c0482a7153a2fadac60b4a91cd8f7d
9f6593da5f5c0c28ddb6413992e1f3dcbbce263b0790eae02daf1ae8df812bac
9f708c31ba347c4b2bd756b4d2fd4d371f250182b241c0306268d3a0ec340b6f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a496ca0aa2b9981aef70474b2219472dcf25db655779c48e3ab018e268857558
a5f8dcddbce06b4db5870951026ef227ad3e09c20b74c61ddedc0f832eeedab4
a73237a07cec4d81b7cb7995220839f554e2e8936e5d5ae25cc47753f9737c07
aa40111e30b48fba40d8a719f9102bcf3bab3faedce696673fd4e13998e16e0a
aba30c4a7bbf09cdd029e920b0c2e78f1ab14cb99c78443c1a684c0270b15212
b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8
b10604af435fcda6674878212b06d1b8d557aee0f5c877dc5befab22ebf71c9a
b12dcafa099963cebe0c7c8356a45e78886befccfa6a4c1645bbc0d3766ac9e3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
b900014a85bda70cde617cdaae7a8a91727943c760cfc92b40760c29cef14312
b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bcce3372b7f8e6f3f73291a90fe22268c87fb0ba4c149f89e1463e8b7675ce42
c0fb395a717c723d1b8f3e3b03be323ba0dfa434db3c5828e760058037e0dd95
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c26c8fee132cba88ff48de65daefb51c9972fab6d3d13136d54634033d0e9bac
c42b88e1c62f40544d064489d9ec2ff8a1b3053bd12cb579a41ba6bfdcc2fb5c
c9a4cb0cca43a12294c833b2d4953bc0ac830fef9d1c503bd8943846a7431bbe
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
cc65806adf6c251323693c9b7adb6b97e19879aa2f5428f2f05c0f08fca18404
cca1717f080b29c4fdf49aaa58be8b1dea0182de5f7c2e1ac0b0dd296922fb83
cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2d5b4ad97c4e3931210f9cb298663e8cdd2ba788b89d78292166b6341dcca51
d2d92ee9c3d13c54f11e88045a5f5ed45550cee1ce7c1b653a9da645d65400fb
d31b51d4ac3d588bbcc4a10aed1abafcf50fb626b656fa5309fedaed567645cb
d41871d2894dc875d0dad73822efe7d3d43c459d53dde0e0d2006cd5c7427e75
d428752937c011563195cd8738502cfbefb1f52d1ace608bf297eabda0e64e5c
d5ea45f8ad8b8df8cdebe87f18cfce232468b3e6a028880773a8d09e13789ac8
d6fa6a7c8f92bfe1fe10d8700f08cfcca04d16558cc130fdf78643b66986a998
d93bc89f182c0e2b417835d5a60dc42fe31a0deac50aceb185fe5cb0243495b7
d94ad86f10498bed99501c8f5941d3e844f2bedd32763d84c9bb5d3832a4bf4c
dba8bca52aa39a7625f4d95945248c572f6d15999b2f539effcafd17a3c61528
dc50c28f1db50dbce579d4738a0e55001a5f954df3307ca5d502f42202d1d05c
dc97e9dc6f6be806bf75cd81b0983149a1fc2b73d89fdc8d4dafb179af0a6c90
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
dfbd42ebc962e0689ff68829d89849ec773ce8dd88ba545355753384cca4ca58
dffbec59d2319c3236a3edfe56f55f12ada2d9023eed6f204fc7f83b32c0cb40
e18b9694e50520d13ba30b0825d6d47dd3eff828d49e4f9485e484ca502f188d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5948eb3ce2a0a16df67ed31b1ab7041253d4de7705ff968407e8ea5c4bb57b4
e657f7cbb9079a832a9376c1c8d207f573e432cf5be12a3d25edbac232ec9115
e779c3a7445c68e4334fbf89302ecb07ef48ba033e02ac0485ad8ca410be6d04
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e92a53ce94858393660decb26aa46fd5884ac7d407bd03081b624602e04dd0c9
ec335d354b53a8fd44ef06fddfb6663dea667f2da5631d8526df515db8d9d3e2
ef101c7141faba6cb722927ca4ec51fde7482befad59c13b9ecee64eba139060
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f085b0387d391f11026a10c6ea821ebbe9e2b7f7e065a4368ef5ff6589a79737
f2ba197eefdf3e395c59767820118e11190c70b206b99ac654f0155008cc62af
f30381d45f347ae210ebd73a518a8747d5d5a0cb1e0d855b7bca3e2459853dca
f5716bdd72281749566ea5f0b5961c0c3b9c9d7ac0ba04cf45e064f0cd8bada0
f580c77a1640ff1372cd23e6e751195aa838ab411bce6ab371a3bc6bc15bf702
f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb
f779a4170605053c3e4592a74b0b5a6d6db4b453c7ce848c50a33ab671d76349
f88f89a0cead9c36ddbe19508f32f64bd91e94e92b6006dd575e8d0deb317d7f
f8aa916be8ee9babafc0055de42bd64e344202fe3223d463d0cc35e1637f1ea1
f97ab3d97b58d92065b53294cd5fc2afd4215498de07727f585321cf01a0d6bc
fab4fef6bbfa8d6464403a14be7de1be5e3e63637a96d994fab10266e1eaf6da
fac441fc28156645fa152344532bfd8005e06c134980dd4112fbd0eaf4d7662f
fad5cd82d689e359eb54d64e296a875eeb0824a79f06366266f088a99236a132
fb5bb791c0aa0ded45801e3762ee1507cee4076d3ac4f3b155e3d25d68c15422
fb82eb390a781039b7a17650eaf12f0d043c5df1a46e260977c0e5bb9c030b22
fcdf290b43a70854a24110a5a9a189fb31c321110313269e8a5601e869f0c862
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
fe6a0a16c6567e5bf92554a13fd6a649f2d7bf2e51157c22b9e0f8e677635562
fe9c1f23cc3e0d87a3ed0094d41727945ab61b28651e45441f0f98f9ac309153
ff0a79ec21356d69477f2e854838c684d1a18f82c8c384dc8530efd60392f18b
ff4961dda4383b1a3727e5aa981024c40cb07005f89e3264a3ab423eb356380f
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
fffd742919bedf3c6281c0f6b22c79d1d9c618255adedcda280cc1fdaf6b45c0

www.gesa.com Open in urlscan Pro 2606:4700:10::6816:1055 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

296 Requests

90 %HTTPS

21 %IPv6

71 Domains

86 Subdomains

60 IPs

7 Countries

10790 kBTransfer

15225 kBSize

116 Cookies

9 Outgoing links

Redirected requests

296 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 20 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.gesa.com Open in urlscan Pro
2606:4700:10::6816:1055 Public Scan

Screenshot
Live screenshot

Full Image

296
Requests

90 %
HTTPS

21 %
IPv6

71
Domains

86
Subdomains

60
IPs

7
Countries

10790 kB
Transfer

15225 kB
Size

116
Cookies

296 HTTP transactions
20 data transactions