urlscan.io logo urlscan.io
SecurityTrails logo

www.bambooloans.com Open in urlscan Pro
54.217.169.6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.bambooloans.co.uk/
Effective URL: https://www.bambooloans.com/
Submission: On June 09 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 3 countries across 12 domains to perform 65 HTTP transactions. The main IP is 54.217.169.6, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.bambooloans.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 10th 2023. Valid for: 10 months.
This is the only time www.bambooloans.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    52.218.90.108 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-website-eu-west-1.amazonaws.com
www.bambooloans.co.uk
1    3.248.5.44 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-5-44.eu-west-1.compute.amazonaws.com
bambooloans.com
32    54.217.169.6 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
bambooloans.com
www.bambooloans.com
2    2a02:26f0:3500:18::1724:a29a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consent.cookiebot.com
2    2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    13.32.99.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-9.fra60.r.cloudfront.net
cdn.rollbar.com
11    18.66.218.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-218-24.mxp63.r.cloudfront.net
widget.trustpilot.com
1    143.204.215.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-107.fra53.r.cloudfront.net
assets.flex.twilio.com
2    2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a02:6ea0:c700::19 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
web-sdk.smartlook.com
1    2a02:26f0:480:594::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
consentcdn.cookiebot.com
2    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
3    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
ade.googlesyndication.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
33 bambooloans.com
bambooloans.com
www.bambooloans.com
1 MB
11 trustpilot.com
widget.trustpilot.com — Cisco Umbrella Rank: 4699
66 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 57
region1.google-analytics.com — Cisco Umbrella Rank: 1892
21 KB
4 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 422
fonts.googleapis.com — Cisco Umbrella Rank: 67
39 KB
3 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 127
ade.googlesyndication.com — Cisco Umbrella Rank: 315
1 KB
3 gstatic.com
fonts.gstatic.com
102 KB
3 cookiebot.com
consent.cookiebot.com — Cisco Umbrella Rank: 4348
consentcdn.cookiebot.com — Cisco Umbrella Rank: 4798
84 KB
2 smartlook.com
web-sdk.smartlook.com — Cisco Umbrella Rank: 22837
19 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 75
168 KB
2 rollbar.com
cdn.rollbar.com — Cisco Umbrella Rank: 12969
47 KB
1 twilio.com
assets.flex.twilio.com — Cisco Umbrella Rank: 68797
413 KB
1 bambooloans.co.uk
www.bambooloans.co.uk
269 B
65 12
Domain Requested by
31 www.bambooloans.com www.bambooloans.com
11 widget.trustpilot.com www.bambooloans.com
widget.trustpilot.com
3 www.google-analytics.com www.googletagmanager.com
3 fonts.gstatic.com fonts.googleapis.com
2 ade.googlesyndication.com 1 redirects
2 fonts.googleapis.com ajax.googleapis.com
assets.flex.twilio.com
2 web-sdk.smartlook.com www.bambooloans.com
web-sdk.smartlook.com
2 www.googletagmanager.com www.bambooloans.com
www.googletagmanager.com
2 cdn.rollbar.com www.bambooloans.com
2 ajax.googleapis.com www.bambooloans.com
2 consent.cookiebot.com www.bambooloans.com
consent.cookiebot.com
2 bambooloans.com 2 redirects
1 region1.google-analytics.com www.googletagmanager.com
1 pagead2.googlesyndication.com www.googletagmanager.com
1 consentcdn.cookiebot.com consent.cookiebot.com
1 assets.flex.twilio.com www.bambooloans.com
1 www.bambooloans.co.uk 1 redirects
65 17
Subject Issuer Validity Valid
bambooloans.com
Amazon RSA 2048 M01		 2023-02-10 -
2023-12-23		 10 months crt.sh
consent.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-06 -
2024-04-06		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
cdn.rollbar.com
Amazon RSA 2048 M02		 2023-05-12 -
2024-06-09		 a year crt.sh
*.trustpilot.com
Amazon RSA 2048 M02		 2023-02-02 -
2024-03-02		 a year crt.sh
assets.flex.twilio.com
Amazon RSA 2048 M01		 2022-12-13 -
2024-01-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
1688964705.rsc.cdn77.org
R3		 2023-05-18 -
2023-08-16		 3 months crt.sh
*.cookiebot.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-17 -
2024-04-17		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.bambooloans.com/
Frame ID: F1880924E1182F96E30A1D7249C1114C
Requests: 61 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 6AADE21AE367DF4398569C9ABCFE04BC
Requests: 1 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
Frame ID: A73896BD623B909EFC36AAA9DAF15950
Requests: 5 HTTP requests in this frame

Frame: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=5714c3620000ff00058baca4
Frame ID: 19230B3AED5EF0B95D703FE21C35D3AC
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bamboo | Personal Unsecured Online Loans

Page URL History Show full URLs

  1. http://www.bambooloans.co.uk/ HTTP 301
    http://bambooloans.com/ HTTP 301
    https://bambooloans.com/ HTTP 301
    https://www.bambooloans.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 75%
Detected patterns
Overall confidence: 100%
Detected patterns
  • consent\.cookiebot\.com
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

65
Requests

98 %
HTTPS

59 %
IPv6

12
Domains

17
Subdomains

16
IPs

3
Countries

2081 kB
Transfer

5166 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bambooloans.co.uk/ HTTP 301
    http://bambooloans.com/ HTTP 301
    https://bambooloans.com/ HTTP 301
    https://www.bambooloans.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 66
  • https://ade.googlesyndication.com/ddm/activity/src=8103783;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.bambooloans.com HTTP 302
  • https://ade.googlesyndication.com/ddm/activity/src=8103783;dc_pre=CIr7zdvytf8CFTutmgodI6kDBg;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.bambooloans.com

65 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bambooloans.com/
Redirect Chain
  • http://www.bambooloans.co.uk/
  • http://bambooloans.com/
  • https://bambooloans.com/
  • https://www.bambooloans.com/
189 KB
72 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a8cb66ba9809f200affd8b85b4ae9063650403d475d6ec2fec2068b2c641a8af
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-length
70300
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
content-type
text/html; charset=utf-8
date
Fri, 09 Jun 2023 09:41:11 GMT
etag
W/"e99c325b8f3b9a841cf58c5b4fd818e8"
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
link
</assets/webpack-cookie_consent-b45ec32946e39fd8cd9f.css>; rel=preload; as=style; nopush,</assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css>; rel=preload; as=style; nopush,</assets/home-87e2edef07fb118462c36c23870718ba647e441d17683d31ff6a3c52c2416deb.js>; rel=preload; as=script; nopush,</assets/webpack-home-ced38bcc17caaeaff970.js>; rel=preload; as=script; nopush,</assets/webpack-vendors-add_card-adhoc_payments-app-application-cookie_consent-cookie_policy_table-home-quote_search-a95496f7-7a52cd4e62673840c18e.js>; rel=preload; as=script; nopush
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
vary
Accept-Encoding, Origin
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
5c000bac-5587-420f-937a-198df9b12825
x-runtime
0.145725
x-xss-protection
1; mode=block

Redirect headers

content-length
134
content-type
text/html
date
Fri, 09 Jun 2023 09:41:11 GMT
location
https://www.bambooloans.com:443/
server
awselb/2.0
webpack-cookie_consent-b45ec32946e39fd8cd9f.css
www.bambooloans.com/assets/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-cookie_consent-b45ec32946e39fd8cd9f.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
277c9eddf77f354fc1ab9bacf2d333c8e2171e2859758440b9323cb9ce655817
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:11 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
58
vary
Accept-Encoding, Origin
content-type
text/css
x-varnish
2352432 3291512
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
831
application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
www.bambooloans.com/assets/ 		280 KB
53 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2227b5eab78fae544f3b9bc890f40407ceb8cff353c4b56ba7b21f3c3dd8b068
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:11 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:11:48 GMT
content-encoding
gzip
age
74
vary
Accept-Encoding, Origin
content-type
text/css
x-varnish
3611070 4260655
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
52009
home-87e2edef07fb118462c36c23870718ba647e441d17683d31ff6a3c52c2416deb.js
www.bambooloans.com/assets/ 		319 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/home-87e2edef07fb118462c36c23870718ba647e441d17683d31ff6a3c52c2416deb.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
87e2edef07fb118462c36c23870718ba647e441d17683d31ff6a3c52c2416deb
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:11 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:11:48 GMT
content-encoding
gzip
age
0
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
146395
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
85478
webpack-home-ced38bcc17caaeaff970.js
www.bambooloans.com/assets/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-home-ced38bcc17caaeaff970.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ffb47ce3f4d2c0cea5a56c4c678893ccc45eef9910d4e448fcf757cb58915bdb
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:11 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
17
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
3966971 3869384
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
1428
webpack-vendors-add_card-adhoc_payments-app-application-cookie_consent-cookie_policy_table-home-quote_search-a95496f7-7a52cd4e62673840c18e.js
www.bambooloans.com/assets/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-vendors-add_card-adhoc_payments-app-application-cookie_consent-cookie_policy_table-home-quote_search-a95496f7-7a52cd4e62673840c18e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
913f811a8384d2de7017c900927b31d535a9c44a366767537db93518e003116c
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:11 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
58
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
2016176 2708286
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
5760
uc.js
consent.cookiebot.com/ 		107 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/uc.js?cbid=d7e39255-7231-477e-aa18-7952bce5a632
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
445a40338fb4c488b9b8432ec3014e6fda1e95370e87f33fdc527c06d04dbaa5

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
gzip
last-modified
Wed, 07 Jun 2023 06:53:11 GMT
etag
"ed3f55b9c99d91:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-expose-headers
Request-Context
cache-control
public, max-age=680
cross-origin-resource-policy
cross-origin
server-timing
ak_p; desc="1686303672024_388276378_430396588_19_5427_52_58_219";dur=1
accept-ranges
bytes
content-length
33583
expires
Fri, 09 Jun 2023 09:52:32 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Thu, 08 Jun 2023 08:46:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
89703
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5437
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 07 Jun 2024 08:46:09 GMT
rollbar.min.js
cdn.rollbar.com/rollbarjs/refs/tags/v2.20.0/ 		75 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rollbar.com/rollbarjs/refs/tags/v2.20.0/rollbar.min.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-9.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e1df55dbade9723e534375a6ba415c6e849ad2d5263d8408e13964168771af6a

Request headers

Referer
https://www.bambooloans.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Sat, 12 Nov 2022 02:43:40 GMT
Content-Encoding
gzip
Via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
18082653
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Fri, 29 Jan 2021 21:15:04 GMT
Server
AmazonS3
ETag
W/"6b4c72643d4084dfe201e0ce95cb54cb"
Vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=30672000,public
X-Amz-Cf-Id
KVVf6pglI-YXcubWjXXn3OaNc4foCvs1IByxFQo4LRmSrPTUqf-eNw==
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.1/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.bambooloans.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Mon, 05 Jun 2023 10:28:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
342764
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31100
x-xss-protection
0
last-modified
Thu, 08 Sep 2022 18:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 04 Jun 2024 10:28:28 GMT
webpack-cookie_consent-f983fac10c41dad81790.js
www.bambooloans.com/assets/ 		18 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-cookie_consent-f983fac10c41dad81790.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a2f37776c763c84304a3f156b88d8e6d2fb3a7d6966596ecc8cd8ffc9ff1f5e9
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
31
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
2016178 3966934
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
6202
webpack-vendors-add_card-adhoc_payments-app-cookie_consent-cookie_policy_table-quote_search_page-test_cards-8d5366a163925659153d.js
www.bambooloans.com/assets/ 		128 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-vendors-add_card-adhoc_payments-app-cookie_consent-cookie_policy_table-quote_search_page-test_cards-8d5366a163925659153d.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
dbeaa50ec1417c6c383d12404862b982886764815eb85a4678692c2c6b128777
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
73
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
2352434 2352401
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
42545
webpack-vendors-adhoc_payments-app-cookie_consent-cookie_policy_table-quote_search_page-1ac34b4c4b2c71fd9197.js
www.bambooloans.com/assets/ 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-vendors-adhoc_payments-app-cookie_consent-cookie_policy_table-quote_search_page-1ac34b4c4b2c71fd9197.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
49b0daf7573b9cb9df4f8d09c1bf5fe39646c57f0e4ee492aeea8aaf690cf16a
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
127
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
3966973 3772523
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
8054
tp.widget.sync.bootstrap.min.js
widget.trustpilot.com/bootstrap/v5/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/bootstrap/v5/tp.widget.sync.bootstrap.min.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
90745a0f257aa1424e5b997ec85544b52094e60b7187c09ec3f108303bfc2073
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 09 Jun 2023 08:19:30 GMT
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P2
age
43289
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
712
x-xss-protection
1; mode=block
last-modified
Wed, 03 May 2023 13:48:29 GMT
server
AmazonS3
etag
"a148992a7b15dc7e6a9fa9d5e18e4368"
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
6M2hOcRCtBLPCt34zmM3wf5_LFhaLyduYMqse1CCOmEJvWLKh5ptxA==
webpack-viewport_utils-dc5a613044ce34cec016.js
www.bambooloans.com/assets/ 		5 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-viewport_utils-dc5a613044ce34cec016.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2a2338eba864d46d82650650cc4783a71cdf2f3e0dffac8fade3d8743540ffb9
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
50
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
1758516 3610992
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
1929
twilio-flex-webchat.min.js
assets.flex.twilio.com/releases/flex-webchat-ui/2.6.0/ 		2 MB
413 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.flex.twilio.com/releases/flex-webchat-ui/2.6.0/twilio-flex-webchat.min.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-107.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1e82c652583fc77dad60a8ff716f38761aab6b8d36ae18dbd681054a665cc9e0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 04:23:26 GMT
content-encoding
gzip
via
1.1 c714e4f593454d65f62cf3fecf756a4c.cloudfront.net (CloudFront)
last-modified
Wed, 16 Sep 2020 17:22:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
age
19066
x-amz-server-side-encryption
AES256
etag
W/"a8fba411a1bff293e4ee09a44b83e291"
vary
Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
5KdJk0anCOGjjwcwCKaOJiQQPI2gigUcyDKZke-pIBbkZvByb1EPPQ==
webpack-default-add_card-adhoc_payments-app-quote_search_page-twilio-8e98809deb2356faf6a4.js
www.bambooloans.com/assets/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-default-add_card-adhoc_payments-app-quote_search_page-twilio-8e98809deb2356faf6a4.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b7497fcea3e13460f712f4e80bd5c50b7c549045dd2e8270ba3c4fc6c43e1c4d
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
77
vary
Origin
content-type
application/javascript
x-varnish
2939527 3361570
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
5789
webpack-twilio-66eff636dcf2cc79aaf0.js
www.bambooloans.com/assets/ 		20 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-twilio-66eff636dcf2cc79aaf0.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
42b4ff0c50929d136cd8835f6ae22990e2751180686c84f4a93afe5e88c1c0d0
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
49
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
146398 1327033
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
7725
webpack-vendors-adhoc_payments-app-quote_search_page-twilio-007e42d940a3380f7089.js
www.bambooloans.com/assets/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/webpack-vendors-adhoc_payments-app-quote_search_page-twilio-007e42d940a3380f7089.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
1b9ed0d101778ff3fd3ab344678255d3fdf7cc7ebd44ba2ac70dd42011e5c7f7
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:14:02 GMT
content-encoding
gzip
age
17
vary
Accept-Encoding, Origin
content-type
application/javascript
x-varnish
2352436 146382
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
16211
logo-sm-1acac597faa9154f9a181c5110346ee1d86852753800717e035a52659df7f8f3.svg
www.bambooloans.com/assets/sprite_svgs/ 		22 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/sprite_svgs/logo-sm-1acac597faa9154f9a181c5110346ee1d86852753800717e035a52659df7f8f3.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
1acac597faa9154f9a181c5110346ee1d86852753800717e035a52659df7f8f3
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
127
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-varnish
2939529 3361552
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
4662
flex-boo-c505979fef504f9a63217daf7c0f9f44bce7a4a9a37651fcf36c5d2420ba4023.png
www.bambooloans.com/assets/photos/ 		73 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/flex-boo-c505979fef504f9a63217daf7c0f9f44bce7a4a9a37651fcf36c5d2420ba4023.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c505979fef504f9a63217daf7c0f9f44bce7a4a9a37651fcf36c5d2420ba4023
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
0
vary
Origin
content-type
image/png
x-varnish
1758518
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
74745
step-1-3174f17daceb85ab02af533a5b995c94d67fee45849f96039f59de1ed7841df7.png
www.bambooloans.com/assets/photos/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/step-1-3174f17daceb85ab02af533a5b995c94d67fee45849f96039f59de1ed7841df7.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3174f17daceb85ab02af533a5b995c94d67fee45849f96039f59de1ed7841df7
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
116
vary
Origin
content-type
image/png
x-varnish
3772587 1332495
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
11082
step-2-2550166acd31328469de227fb0c499aea66b6299ed5fdc94940d88ad125a2f4c.png
www.bambooloans.com/assets/photos/ 		14 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/step-2-2550166acd31328469de227fb0c499aea66b6299ed5fdc94940d88ad125a2f4c.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2550166acd31328469de227fb0c499aea66b6299ed5fdc94940d88ad125a2f4c
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
0
vary
Origin
content-type
image/png
x-varnish
146400
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
14214
step-3-e69135e90f9f625cede6c10265e1fc104651d4ebbcea736e3c1b588873da0a03.png
www.bambooloans.com/assets/photos/ 		17 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/step-3-e69135e90f9f625cede6c10265e1fc104651d4ebbcea736e3c1b588873da0a03.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e69135e90f9f625cede6c10265e1fc104651d4ebbcea736e3c1b588873da0a03
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
0
vary
Origin
content-type
image/png
x-varnish
1332611
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
17863
step-4-a10bab7f93b62af5f8fc4393d03342072f291b44f137b0d1451eee1959169e01.png
www.bambooloans.com/assets/photos/ 		21 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/step-4-a10bab7f93b62af5f8fc4393d03342072f291b44f137b0d1451eee1959169e01.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a10bab7f93b62af5f8fc4393d03342072f291b44f137b0d1451eee1959169e01
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
6
vary
Origin
content-type
image/png
x-varnish
3772589 2016170
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
21235
boo-thumbs-up-0239d73c6c3de0ee7f1a8d575a0308e89ba5a19afd64a7c45381068fdcd39cfa.png
www.bambooloans.com/assets/photos/ 		187 KB
190 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/boo-thumbs-up-0239d73c6c3de0ee7f1a8d575a0308e89ba5a19afd64a7c45381068fdcd39cfa.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0239d73c6c3de0ee7f1a8d575a0308e89ba5a19afd64a7c45381068fdcd39cfa
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
5
vary
Origin
content-type
image/png
x-varnish
3805984 146390
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
191721
cc.js
consent.cookiebot.com/d7e39255-7231-477e-aa18-7952bce5a632/ 		214 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.cookiebot.com/d7e39255-7231-477e-aa18-7952bce5a632/cc.js?renew=false&referer=www.bambooloans.com&dnt=false&init=false
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=d7e39255-7231-477e-aa18-7952bce5a632
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:18::1724:a29a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
52eec88a9f3a5c8afa07afef100365dfb68036d27cdc67781e58a5aa4781a7e6

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
gzip
last-modified
Fri, 09 Jun 2023 09:41:12 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
private, max-age=1200
cross-origin-resource-policy
cross-origin
server-timing
ak_p; desc="1686303672237_388276378_430396992_3470_4961_54_0_146";dur=1
content-length
50792
request-context
appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
rollbar.min.js
cdn.rollbar.com/rollbarjs/refs/tags/v2.26.1/ 		78 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.rollbar.com/rollbarjs/refs/tags/v2.26.1/rollbar.min.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-9.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
41764f6cf1cfa99fad12f1ee265ea0bb292761f6b15d1f5432756524854cd77f

Request headers

Referer
https://www.bambooloans.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Mon, 27 Feb 2023 15:38:10 GMT
Content-Encoding
gzip
Via
1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
8791383
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Wed, 04 Jan 2023 20:16:53 GMT
Server
AmazonS3
ETag
W/"ddf66d492e77fc149633a129f1f09c40"
Vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=30672000,public
X-Amz-Cf-Id
vPor_yp868fnq-3vnyun2HfEx2CQFXM9GNGDi7mPi0QRb9zZ0k5H3g==
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7eb388ea38d607fa40ca61bf3cd275654dcb2c3f9318551d3c1d1dc66e22feec

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e41adec6422b7309109b409bb43074916f9fcc2a0c60e0337c00595a406dcbc8

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
img/png
truncated
/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
072cbffd0ad3e6caa35a28464d3b8df28a7347232f203373332366afe5ede0de

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
img/png
gtm.js
www.googletagmanager.com/ 		268 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MWH3S5
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
96b65d43890cdd138e53f91a80fa7e9e7d876f2886c8474312ec2b26c3aa4eb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88756
x-xss-protection
0
last-modified
Fri, 09 Jun 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 09 Jun 2023 09:41:12 GMT
recorder.js
web-sdk.smartlook.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-sdk.smartlook.com/recorder.js
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f6dc0b2941a63909a0d51302be2d22a0ebf8a08818fc6b213446a6ed58dc6018
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Fri, 09 Jun 2023 09:41:12 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-cache
HIT
x-77-cache
HIT
cross-origin-resource-policy
cross-origin
x-age
401
x-accel-date
1686303271
x-77-nzt
AcO1qhFfVFb/kQEAAA
x-accel-expires
@1686303871
last-modified
Mon, 05 Jun 2023 13:04:34 GMT
server
CDN77-Turbo
etag
W/"647ddd62-10f6"
x-77-nzt-ray
4c1562248136b8d8b8f38264bf43c41e
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=600
truncated
/ 		574 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab454bceac8d3c0c18c46a5189b0e15e2c8e067e754fd2e1eef1d8646fecdd2e

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/svg+xml
hero-banner-ce07d8ded3323aed3b24ab97161737468d7bb3534a2d2ef0c34bd7f41591410d.jpg
www.bambooloans.com/assets/photos/ 		119 KB
122 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/hero-banner-ce07d8ded3323aed3b24ab97161737468d7bb3534a2d2ef0c34bd7f41591410d.jpg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ce07d8ded3323aed3b24ab97161737468d7bb3534a2d2ef0c34bd7f41591410d
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
127
vary
Origin
content-type
image/jpeg
x-varnish
1758521 2484189
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
121976
truncated
/ 		574 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
81a81b9d9d5555fce178c4c9f9c41f3a0051b7ded8ca275419f6574646b4f3d9

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/svg+xml
percent-9d524b18fc9b30adc9ab1d984696732ef9b16e3bce1607037cb43064025489fd.svg
www.bambooloans.com/assets/svg/ 		10 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/svg/percent-9d524b18fc9b30adc9ab1d984696732ef9b16e3bce1607037cb43064025489fd.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
9d524b18fc9b30adc9ab1d984696732ef9b16e3bce1607037cb43064025489fd
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
127
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-varnish
3611072 3837895
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
2363
person-6d0619c03f14cc32e84ac7e55349c8b6a7d66d709bc7fd2427d2ae595427cc21.svg
www.bambooloans.com/assets/svg/ 		12 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/svg/person-6d0619c03f14cc32e84ac7e55349c8b6a7d66d709bc7fd2427d2ae595427cc21.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6d0619c03f14cc32e84ac7e55349c8b6a7d66d709bc7fd2427d2ae595427cc21
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
7
vary
Origin
content-type
image/svg+xml
x-varnish
3904795 3805978
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
5004
time-6674e7dd3673f5e0181e5d7827114f69cb137335da0f73d608cbc3a321a0d3f4.svg
www.bambooloans.com/assets/svg/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/svg/time-6674e7dd3673f5e0181e5d7827114f69cb137335da0f73d608cbc3a321a0d3f4.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6674e7dd3673f5e0181e5d7827114f69cb137335da0f73d608cbc3a321a0d3f4
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
127
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-varnish
2016180 2708274
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
1443
smile-3cde1f65bb83e1d4f7aeafbd82f43bbcb03575244de8252f6ae77e7b116c98fa.svg
www.bambooloans.com/assets/svg/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/svg/smile-3cde1f65bb83e1d4f7aeafbd82f43bbcb03575244de8252f6ae77e7b116c98fa.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3cde1f65bb83e1d4f7aeafbd82f43bbcb03575244de8252f6ae77e7b116c98fa
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
116
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-varnish
3837940 3482714
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
594
magnify-1af3b0140b3496fadcd54662a150119eacbe036c143925c7f2dba41679cd2320.svg
www.bambooloans.com/assets/svg/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/svg/magnify-1af3b0140b3496fadcd54662a150119eacbe036c143925c7f2dba41679cd2320.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
1af3b0140b3496fadcd54662a150119eacbe036c143925c7f2dba41679cd2320
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
116
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-varnish
3805986 3514778
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
849
tick-e5c00fe73865f5b382e7cbd6a79adb9d4f47cdb908188cf61fb7d8667d5debf0.svg
www.bambooloans.com/assets/svg/ 		512 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/svg/tick-e5c00fe73865f5b382e7cbd6a79adb9d4f47cdb908188cf61fb7d8667d5debf0.svg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e5c00fe73865f5b382e7cbd6a79adb9d4f47cdb908188cf61fb7d8667d5debf0
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
content-encoding
gzip
age
116
vary
Accept-Encoding, Origin
content-type
image/svg+xml
x-varnish
3772591 1332501
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
302
trustpilot-6c2e9d88479787fad7cd981f7cd4fb226914551643f4f3fd8df9c7374349a2d8.png
www.bambooloans.com/assets/photos/ 		117 KB
120 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/trustpilot-6c2e9d88479787fad7cd981f7cd4fb226914551643f4f3fd8df9c7374349a2d8.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6c2e9d88479787fad7cd981f7cd4fb226914551643f4f3fd8df9c7374349a2d8
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
0
vary
Origin
content-type
image/png
x-varnish
2939532
via
1.1 ip-10-0-4-86 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
120150
loan-types-ca2b01ced2999ff9f6d10ab2d5395ca5e65b15b9cbb6345b4842d90f3a4c0982.png
www.bambooloans.com/assets/photos/ 		72 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/photos/loan-types-ca2b01ced2999ff9f6d10ab2d5395ca5e65b15b9cbb6345b4842d90f3a4c0982.png
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ca2b01ced2999ff9f6d10ab2d5395ca5e65b15b9cbb6345b4842d90f3a4c0982
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:43 GMT
age
0
vary
Origin
content-type
image/png
x-varnish
3904797
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
73485
truncated
/ 		507 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b892e9b7214eb547edbe381cb32a50ead9073e93c1c6176a0e44bf915d4c2822

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/svg+xml
footer-6792c1bfe86a4ca17224bbfbb8712e1770b2ca38e3dc32fccee78e3eb1f6de3f.jpg
www.bambooloans.com/assets/ 		6 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bambooloans.com/assets/footer-6792c1bfe86a4ca17224bbfbb8712e1770b2ca38e3dc32fccee78e3eb1f6de3f.jpg
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6792c1bfe86a4ca17224bbfbb8712e1770b2ca38e3dc32fccee78e3eb1f6de3f
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 07 Jun 2023 17:10:49 GMT
age
31
vary
Origin
content-type
image/jpeg
x-varnish
3869392 3966937
via
1.1 ip-10-0-3-146 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
6231
fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
www.bambooloans.com/assets/ 		75 KB
78 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bambooloans.com/assets/fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
Requested by
Host: www.bambooloans.com
URL: https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.169.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-169-6.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bambooloans.com/assets/application-7f80e7247ff38a6bdee299ac1fd46c78880a19f0de1e045e023a55ae3952ce8c.css
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-security-policy
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000
last-modified
Wed, 22 Mar 2023 19:04:36 GMT
content-encoding
gzip
age
127
vary
Origin, Accept-Encoding
content-type
application/font-woff2
x-varnish
2352438 3774806
via
1.1 ip-10-0-5-159 (Varnish/7.3)
feature-policy
accelerometer 'none'; geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'self'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none';
accept-ranges
bytes
content-length
77171
bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 6AAD 		627 B
809 B 		Document
General
Check archive.org
Download Go to
Full URL
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by
Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js?cbid=d7e39255-7231-477e-aa18-7952bce5a632
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:594::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer
https://www.bambooloans.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
gzip
content-length
392
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 09 Jun 2023 09:41:12 GMT
etag
"3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires
Sat, 08 Jun 2024 09:41:12 GMT
last-modified
Mon, 04 Apr 2022 07:23:49 GMT
server
AkamaiNetStorage
server-timing
cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1686303672505_35115158_7112863_19_637_54_57_255";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
css
fonts.googleapis.com/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400%7COpen+Sans:300,400,600%7CAsap:400,700
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b9165248810e984edfecd5eb4fb910590af748d7be5fffe92a3312dc51a45b18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 09 Jun 2023 09:41:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 09 Jun 2023 09:41:12 GMT
tp.widget.bootstrap.min.js
widget.trustpilot.com/bootstrap/v5/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.sync.bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b58109431c3adc92bccc460ac5dc394dc4f0979d24656f7a52503e6c77709d0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 09 Jun 2023 08:19:28 GMT
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P2
age
28484
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
6676
x-xss-protection
1; mode=block
last-modified
Wed, 03 May 2023 13:48:29 GMT
server
AmazonS3
etag
"befec09eb386fc68a0869c8d1b529dd6"
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
BTbaYlf3EeAljwNDAfdyaEK14IkWls9rQ_SkLHG0HipuUMAj-VF7bw==
index.html
widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/ Frame A738 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e7eed928596fc3d1c1180c26f81e1847c6aac858cca19c4a69fd9f1220ef5ff3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bambooloans.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=86400
content-encoding
gzip
content-length
2144
content-type
text/html
date
Fri, 09 Jun 2023 09:41:13 GMT
etag
"1307e3fd5846bacc989c2fd05996f010"
last-modified
Mon, 08 May 2023 11:44:09 GMT
server
AmazonS3
strict-transport-security
max-age=31536000
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
x-amz-cf-id
wPoe4CA-8xP0wP3-UIXJrm5YSqZDG9LMVWygSdxP0tNfkFaPHTG6GQ==
x-amz-cf-pop
MXP63-P2
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
index.html
widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/ Frame 1923 		15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=5714c3620000ff00058baca4
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5d7fffe3a5da465552713233f1edc0d2c323892be14e964cdc4b6423e12fbdba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bambooloans.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

accept-ranges
bytes
age
11533
cache-control
max-age=86400
content-encoding
gzip
content-length
3460
content-type
text/html
date
Fri, 09 Jun 2023 06:29:00 GMT
etag
"aa8b1a01ee0848aee02ab9c7adb7cbb7"
last-modified
Mon, 08 May 2023 11:44:28 GMT
server
AmazonS3
strict-transport-security
max-age=31536000
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
x-amz-cf-id
S0z0W_cMyMOQZg7gO47dvgjlZrsRo3C4omHOr7vMgSN5aMm-qsc-BA==
x-amz-cf-pop
MXP63-P2
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
init.afc0d1e41a72eb0fe52a.js
web-sdk.smartlook.com/es6/ 		60 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-sdk.smartlook.com/es6/init.afc0d1e41a72eb0fe52a.js
Requested by
Host: web-sdk.smartlook.com
URL: https://web-sdk.smartlook.com/recorder.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::19 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
c4fbaad57d5b46d661b92b08984012c44834e97d933da06a188864d2f20c9cb1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.bambooloans.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Fri, 09 Jun 2023 09:41:12 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
x-cache
HIT
x-77-cache
HIT
cross-origin-resource-policy
cross-origin
x-age
330137
x-accel-date
1685973535
x-77-nzt
AcO1qhGPR1n/mQkFAA
x-accel-expires
@1717509535
last-modified
Mon, 05 Jun 2023 13:04:34 GMT
server
CDN77-Turbo
etag
W/"647ddd62-ee8c"
x-77-nzt-ray
4c156224704812ddb8f38264f7a0cf29
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
main.js
widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/ Frame 1923 		110 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=5714c3620000ff00058baca4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
054b4907ab66e54705a08be7b98221ecee6ddb9ca32ed83427e11898d33fe18f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=5714c3620000ff00058baca4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 09 Jun 2023 05:55:17 GMT
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P2
age
13556
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
30555
x-xss-protection
1; mode=block
last-modified
Mon, 08 May 2023 11:44:30 GMT
server
AmazonS3
etag
"593d59ebf05fd63221df2ecd0882018e"
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
8aSiUr4mhJn5PZZPfJ5XsWyR2TMx7P6O2vVicUVLQbew1Cik0I9pdw==
css
fonts.googleapis.com/ 		11 KB
861 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Requested by
Host: assets.flex.twilio.com
URL: https://assets.flex.twilio.com/releases/flex-webchat-ui/2.6.0/twilio-flex-webchat.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1ba6e02aa649aea52d79959ec42d68b9275396417950a5034ff5ea51b18fc2c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 09 Jun 2023 08:44:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 09 Jun 2023 09:41:12 GMT
KFO9CniXp96a4Tc2DaTeuDAoKsE615hJW34.woff2
fonts.gstatic.com/s/asap/v30/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/asap/v30/KFO9CniXp96a4Tc2DaTeuDAoKsE615hJW34.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400%7COpen+Sans:300,400,600%7CAsap:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b1128adb79c7208d410630c04fe6e8ac8886aeb778aafb3f4195fe735acc1d89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 22:33:09 GMT
x-content-type-options
nosniff
age
212883
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42616
x-xss-protection
0
last-modified
Tue, 06 Jun 2023 20:38:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Jun 2024 22:33:09 GMT
main.js
widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/ Frame A738 		54 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/main.js
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
000cf4f67c9474f0eb6361bd3ab9f493e17f1873e4a36ef95c11bd685c89683d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 08 Jun 2023 21:18:30 GMT
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P2
age
44563
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
17136
x-xss-protection
1; mode=block
last-modified
Mon, 08 May 2023 11:44:11 GMT
server
AmazonS3
etag
"dc592904280a455012599b68215eae0f"
content-type
application/x-javascript
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
18omRs_iafgyBJQHf7bs_rkmZ_Zgj7zmDf1WSgXBKRuu7DNkMrCSeA==
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v25/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400%7COpen+Sans:300,400,600%7CAsap:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sat, 03 Jun 2023 16:44:44 GMT
x-content-type-options
nosniff
age
492988
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12708
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:55:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 02 Jun 2024 16:44:44 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v35/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400%7COpen+Sans:300,400,600%7CAsap:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.bambooloans.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sat, 03 Jun 2023 00:21:44 GMT
x-content-type-options
nosniff
age
551968
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48412
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:08:53 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 02 Jun 2024 00:21:44 GMT
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MWH3S5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 09 Jun 2023 09:04:48 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
2184
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Fri, 09 Jun 2023 11:04:48 GMT
js
www.googletagmanager.com/gtag/ 		228 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NY9JF3C1LW&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MWH3S5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dcae87a86849f85789c259c372e93c44f9ca2cfad565098dbbe162bbfee216b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
82625
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 09 Jun 2023 09:41:12 GMT
539ad0ffdec7e10e686debd7
widget.trustpilot.com/trustbox-data/ Frame 1923 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustbox-data/539ad0ffdec7e10e686debd7?businessUnitId=5714c3620000ff00058baca4&locale=en-GB&reviewStars=5&reviewTagValue=20points&reviewsPerPage=6
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
Kestrel /
Resource Hash
9305bf7b7605b4e97ed226cb7f07a22a98423d75a9c1d8c22ad6e5cb53c10275
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=5714c3620000ff00058baca4
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Fri, 09 Jun 2023 09:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
MXP63-P2
etag
"5912fda0e03f1b3dd2f4c1835a3a49c4"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
cache-control
public,max-age=1800
content-length
1691
x-xss-protection
1; mode=block
x-amz-cf-id
VzyWxOsEuc2WrEpqB_F3GfifEwzobJbHQzHBBdrdD28E4JFVqNoRsA==
TrustboxImpression
widget.trustpilot.com/stats/ Frame 1923 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=350px&styleWidth=100%25&theme=light&tags=20points&stars=5&url=https%3A%2F%2Fwww.bambooloans.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.106%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=5714c3620000ff00058baca4&widgetId=539ad0ffdec7e10e686debd7
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://widget.trustpilot.com/trustboxes/539ad0ffdec7e10e686debd7/index.html?templateId=539ad0ffdec7e10e686debd7&businessunitId=5714c3620000ff00058baca4
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:12 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
MXP63-P2
x-cache
Miss from cloudfront
cache-control
no-store,no-cache
x-amz-cf-id
2xPyxoMF-52Q5mYlb_5IpixpZDwQrqIRkcjwAkZA4hZT0ziDtKKUfA==
x-xss-protection
1; mode=block
5419b6ffb0d04a076446a9af
widget.trustpilot.com/trustbox-data/ Frame A738 		936 B
858 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/trustbox-data/5419b6ffb0d04a076446a9af?businessUnitId=5714c3620000ff00058baca4&locale=en-GB
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
Kestrel /
Resource Hash
994283318f62d51d74793993bd08c9dd8559b66f65201d8fa00093cac8fd831b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 09 Jun 2023 09:41:12 GMT
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
MXP63-P2
etag
"d5311c2d9b7969d42adedea6a50fbdd4"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/json; charset=utf-8
cache-control
public,max-age=1800
content-length
430
x-xss-protection
1; mode=block
x-amz-cf-id
XwKOTS9B-A5vYFG4D2zXyphhK5iQSGfRZLO3efIPgE5sN1waIt3KXA==
TrustboxImpression
widget.trustpilot.com/stats/ Frame A738 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/stats/TrustboxImpression?locale=en-GB&styleHeight=40px&styleWidth=300px&theme=light&url=https%3A%2F%2Fwww.bambooloans.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.106%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=5714c3620000ff00058baca4&widgetId=5419b6ffb0d04a076446a9af
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:12 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
MXP63-P2
x-cache
Miss from cloudfront
cache-control
no-store,no-cache
x-amz-cf-id
deyXJbSay3GNstsCboHjuf6CKDlk8uwVj5-BKUafPMrWLHYaLREoQA==
x-xss-protection
1; mode=block
TrustboxView
widget.trustpilot.com/stats/ Frame A738 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget.trustpilot.com/stats/TrustboxView?locale=en-GB&styleHeight=40px&styleWidth=300px&theme=light&url=https%3A%2F%2Fwww.bambooloans.com%2F&referrer=&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.106%20Safari%2F537.36&language=en-US&platform=Win32&nosettings=1&businessUnitId=5714c3620000ff00058baca4&widgetId=5419b6ffb0d04a076446a9af
Requested by
Host: widget.trustpilot.com
URL: https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.218.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-218-24.mxp63.r.cloudfront.net
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://widget.trustpilot.com/trustboxes/5419b6ffb0d04a076446a9af/index.html?templateId=5419b6ffb0d04a076446a9af&businessunitId=5714c3620000ff00058baca4
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:12 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
via
1.1 bd4e114ece87e9cf66a7eccfeb6c9c4a.cloudfront.net (CloudFront)
server
Kestrel
x-amz-cf-pop
MXP63-P2
x-cache
Miss from cloudfront
cache-control
no-store,no-cache
x-amz-cf-id
z8tURMl7pOT5zlIciOMl1KU_hV47Yhr9mf2zs1O6-V5JzfWAZCY5GQ==
x-xss-protection
1; mode=block
landing
pagead2.googlesyndication.com/pagead/ 		42 B
455 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=822158901.1686303673&url=https%3A%2F%2Fwww.bambooloans.com%2F&gtm=45He3671n71MWH3S5
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MWH3S5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:13 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
src=8103783;dc_pre=CIr7zdvytf8CFTutmgodI6kDBg;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.bambooloans.com
ade.googlesyndication.com/ddm/activity/
Redirect Chain
  • https://ade.googlesyndication.com/ddm/activity/src=8103783;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww...
  • https://ade.googlesyndication.com/ddm/activity/src=8103783;dc_pre=CIr7zdvytf8CFTutmgodI6kDBg;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;u...
42 B
118 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ade.googlesyndication.com/ddm/activity/src=8103783;dc_pre=CIr7zdvytf8CFTutmgodI6kDBg;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.bambooloans.com?
Protocol
H2
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:13 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:13 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://ade.googlesyndication.com/ddm/activity/src=8103783;dc_pre=CIr7zdvytf8CFTutmgodI6kDBg;type=allpa;cat=allpa00;ord=1;num=1160449822576;gtm=45He3671;gcs=G100;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.bambooloans.com?
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
follow-only-when-prerender-shown
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-NY9JF3C1LW&gtm=45je3671&_p=1662539586&gcs=G100&gdid=dMWZhNz&cid=1767601259.1686303673&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686303672&sct=1&seg=0&dl=https%3A%2F%2Fwww.bambooloans.com%2F&dt=Bamboo%20%7C%20Personal%20Unsecured%20Online%20Loans&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NY9JF3C1LW&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Jun 2023 09:41:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.bambooloans.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=1662539586&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bambooloans.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Bamboo%20%7C%20Personal%20Unsecured%20Online%20Loans&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aFAAAAABEAAAAAAAAk~&cid=1767601259.1686303673&tid=UA-22143604-2&_gid=725093414.1686303673&gtm=45He3671n71MWH3S5&cd2=1686303672844.4e41a0rr&cd4=2023-06-09T09%3A41%3A12.844%2B00%3A00&gcs=G100&z=768052506
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jun 2023 18:21:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
55169
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=1662539586&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bambooloans.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Bamboo%20%7C%20Personal%20Unsecured%20Online%20Loans&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aFgAAAABEAAAAAAAAk~&cid=1767601259.1686303673&tid=UA-22143604-7&_gid=412356394.1686303673&gtm=45He3671n71MWH3S5&cd2=1686303672848.yhr14txn&cd4=2023-06-09T09%3A41%3A12.848%2B00%3A00&gcs=G100&z=1096761187
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www.bambooloans.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Jun 2023 18:21:44 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
55169
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 boolean| credentialless object| onbeforetoggle object| onscrollend object| _rollbarConfig object| _rollbarShims object| _rollbarWrappedError object| Rollbar function| rollbar object| dataLayer object| CookieControl function| __uspapi function| addUspapiLocatorFrame function| __handleUspapiMessage function| propagateIABStub object| Cookiebot object| CookieConsent string| env object| WebFontConfig function| $ function| jQuery object| fb_regex object| static_data object| banco function| _classCallCheck object| fbtemplate object| UTF8Base64 object| fb function| log function| getExceptionInCookie object| ps function| publish object| current_principal object| Product object| Calculations function| formatMoneyImpl object| TermsBounds object| Terms object| TermsCookie object| PurposeCookie object| Purpose undefined| HomeBanner function| _createClass function| Typewriter function| Query function| Uri function| jsUri object| FBExceptions object| Navbar object| ko object| Util object| utf8 function| Modal object| bootbox object| LucidJS function| _ function| Collapse function| Dropdown function| Carousel object| webpackJsonp object| __core-js_shared__ object| core function| SmartlookSupport object| SessionCheck function| gtag object| knockout_assets function| smartlook function| filterCSS function| filterXSS object| CookiebotDialog object| CookieConsentDialog object| WebFont number| _rollbarStartTime boolean| _rollbarDidLoad boolean| _rollbarInitialized object| Trustpilot object| Twilio object| regeneratorRuntime object| __SECRET_EMOTION__ number| 2f1acc6c3a606b082e5eef5e54414ffb object| __MUI_STYLES__ object| platform object| Handlebars object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| webpackChunk_smartlook_recorder function| onYouTubeIframeAPIReady object| gaplugins object| gaGlobal object| gaData

1 Cookies

Domain/Path Name / Value
www.bambooloans.com/ Name: _session_id
Value: 4200861f3a50bdcda286be90b6a98112

4 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'notifications'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'push'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vibrate'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ images.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ firstbanco-production-cms-uploads.s3.eu-west-1.amazonaws.com;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
ajax.googleapis.com
assets.flex.twilio.com
bambooloans.com
cdn.rollbar.com
consent.cookiebot.com
consentcdn.cookiebot.com
fonts.googleapis.com
fonts.gstatic.com
pagead2.googlesyndication.com
region1.google-analytics.com
web-sdk.smartlook.com
widget.trustpilot.com
www.bambooloans.co.uk
www.bambooloans.com
www.google-analytics.com
www.googletagmanager.com
13.32.99.9
142.250.186.162
143.204.215.107
18.66.218.24
2001:4860:4802:34::36
2a00:1450:4001:809::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:811::2002
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2008
2a00:1450:4001:831::200a
2a02:26f0:3500:18::1724:a29a
2a02:26f0:480:594::f09
2a02:6ea0:c700::19
3.248.5.44
52.218.90.108
54.217.169.6
000cf4f67c9474f0eb6361bd3ab9f493e17f1873e4a36ef95c11bd685c89683d
0239d73c6c3de0ee7f1a8d575a0308e89ba5a19afd64a7c45381068fdcd39cfa
054b4907ab66e54705a08be7b98221ecee6ddb9ca32ed83427e11898d33fe18f
072cbffd0ad3e6caa35a28464d3b8df28a7347232f203373332366afe5ede0de
1acac597faa9154f9a181c5110346ee1d86852753800717e035a52659df7f8f3
1af3b0140b3496fadcd54662a150119eacbe036c143925c7f2dba41679cd2320
1b9ed0d101778ff3fd3ab344678255d3fdf7cc7ebd44ba2ac70dd42011e5c7f7
1ba6e02aa649aea52d79959ec42d68b9275396417950a5034ff5ea51b18fc2c8
1e82c652583fc77dad60a8ff716f38761aab6b8d36ae18dbd681054a665cc9e0
2227b5eab78fae544f3b9bc890f40407ceb8cff353c4b56ba7b21f3c3dd8b068
2550166acd31328469de227fb0c499aea66b6299ed5fdc94940d88ad125a2f4c
277c9eddf77f354fc1ab9bacf2d333c8e2171e2859758440b9323cb9ce655817
2a2338eba864d46d82650650cc4783a71cdf2f3e0dffac8fade3d8743540ffb9
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3174f17daceb85ab02af533a5b995c94d67fee45849f96039f59de1ed7841df7
3cde1f65bb83e1d4f7aeafbd82f43bbcb03575244de8252f6ae77e7b116c98fa
41764f6cf1cfa99fad12f1ee265ea0bb292761f6b15d1f5432756524854cd77f
42b4ff0c50929d136cd8835f6ae22990e2751180686c84f4a93afe5e88c1c0d0
445a40338fb4c488b9b8432ec3014e6fda1e95370e87f33fdc527c06d04dbaa5
49b0daf7573b9cb9df4f8d09c1bf5fe39646c57f0e4ee492aeea8aaf690cf16a
52eec88a9f3a5c8afa07afef100365dfb68036d27cdc67781e58a5aa4781a7e6
5d7fffe3a5da465552713233f1edc0d2c323892be14e964cdc4b6423e12fbdba
6674e7dd3673f5e0181e5d7827114f69cb137335da0f73d608cbc3a321a0d3f4
6792c1bfe86a4ca17224bbfbb8712e1770b2ca38e3dc32fccee78e3eb1f6de3f
6c2e9d88479787fad7cd981f7cd4fb226914551643f4f3fd8df9c7374349a2d8
6d0619c03f14cc32e84ac7e55349c8b6a7d66d709bc7fd2427d2ae595427cc21
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
7eb388ea38d607fa40ca61bf3cd275654dcb2c3f9318551d3c1d1dc66e22feec
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
81a81b9d9d5555fce178c4c9f9c41f3a0051b7ded8ca275419f6574646b4f3d9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87e2edef07fb118462c36c23870718ba647e441d17683d31ff6a3c52c2416deb
90745a0f257aa1424e5b997ec85544b52094e60b7187c09ec3f108303bfc2073
913f811a8384d2de7017c900927b31d535a9c44a366767537db93518e003116c
9305bf7b7605b4e97ed226cb7f07a22a98423d75a9c1d8c22ad6e5cb53c10275
96b65d43890cdd138e53f91a80fa7e9e7d876f2886c8474312ec2b26c3aa4eb1
994283318f62d51d74793993bd08c9dd8559b66f65201d8fa00093cac8fd831b
9d524b18fc9b30adc9ab1d984696732ef9b16e3bce1607037cb43064025489fd
a10bab7f93b62af5f8fc4393d03342072f291b44f137b0d1451eee1959169e01
a2f37776c763c84304a3f156b88d8e6d2fb3a7d6966596ecc8cd8ffc9ff1f5e9
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
a8cb66ba9809f200affd8b85b4ae9063650403d475d6ec2fec2068b2c641a8af
ab454bceac8d3c0c18c46a5189b0e15e2c8e067e754fd2e1eef1d8646fecdd2e
b1128adb79c7208d410630c04fe6e8ac8886aeb778aafb3f4195fe735acc1d89
b58109431c3adc92bccc460ac5dc394dc4f0979d24656f7a52503e6c77709d0b
b7497fcea3e13460f712f4e80bd5c50b7c549045dd2e8270ba3c4fc6c43e1c4d
b892e9b7214eb547edbe381cb32a50ead9073e93c1c6176a0e44bf915d4c2822
b9165248810e984edfecd5eb4fb910590af748d7be5fffe92a3312dc51a45b18
c4fbaad57d5b46d661b92b08984012c44834e97d933da06a188864d2f20c9cb1
c505979fef504f9a63217daf7c0f9f44bce7a4a9a37651fcf36c5d2420ba4023
ca2b01ced2999ff9f6d10ab2d5395ca5e65b15b9cbb6345b4842d90f3a4c0982
ce07d8ded3323aed3b24ab97161737468d7bb3534a2d2ef0c34bd7f41591410d
dbeaa50ec1417c6c383d12404862b982886764815eb85a4678692c2c6b128777
dcae87a86849f85789c259c372e93c44f9ca2cfad565098dbbe162bbfee216b6
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
e1df55dbade9723e534375a6ba415c6e849ad2d5263d8408e13964168771af6a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41adec6422b7309109b409bb43074916f9fcc2a0c60e0337c00595a406dcbc8
e5c00fe73865f5b382e7cbd6a79adb9d4f47cdb908188cf61fb7d8667d5debf0
e69135e90f9f625cede6c10265e1fc104651d4ebbcea736e3c1b588873da0a03
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e7eed928596fc3d1c1180c26f81e1847c6aac858cca19c4a69fd9f1220ef5ff3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6dc0b2941a63909a0d51302be2d22a0ebf8a08818fc6b213446a6ed58dc6018
ffb47ce3f4d2c0cea5a56c4c678893ccc45eef9910d4e448fcf757cb58915bdb