www.cartabcc.it Open in urlscan Pro
149.154.92.61 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.cartabcc.it/
Effective URL:
https://www.cartabcc.it/Pagine/default.aspx
Submission: On November 23 via api (November 23rd 2021, 1:05:44 am UTC) from IT — Scanned from IT

Summary HTTP 222 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 41 IPs in 10 countries across 34 domains to perform 222 HTTP transactions. The main IP is 149.154.92.61, located in Sesto San Giovanni, Italy and belongs to ICCREA-AS, IT. The main domain is www.cartabcc.it.
TLS certificate: Issued by Thawte EV RSA CA 2018 on June 22nd 2021. Valid for: a year.

This is the only time www.cartabcc.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 121	149.154.92.61 149.154.92.61	57144 (ICCREA-AS) (ICCREA-AS)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1 48	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
9	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c1b::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1 3	37.157.2.247 37.157.2.247	198622 (ADFORM) (ADFORM)
2 4	37.157.5.142 37.157.5.142	198622 (ADFORM) (ADFORM)
2	2a03:2880:f01... 2a03:2880:f01c:20e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1 2	216.58.212.166 216.58.212.166	15169 (GOOGLE) (GOOGLE)
1 2	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1	70.42.32.95 70.42.32.95	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1	185.86.137.110 185.86.137.110	201081 (SMARTADSE...) (SMARTADSERVER)
3 4	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
1 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
1 2	18.185.209.98 18.185.209.98	16509 (AMAZON-02) (AMAZON-02)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.93.151.69 54.93.151.69	16509 (AMAZON-02) (AMAZON-02)
1	185.255.84.152 185.255.84.152	200271 (IGUANE-) (IGUANE-)
1 1	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
3 3	35.157.241.218 35.157.241.218	16509 (AMAZON-02) (AMAZON-02)
1	35.186.243.160 35.186.243.160	15169 (GOOGLE) (GOOGLE)
1	104.19.133.78 104.19.133.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	212.82.100.181 212.82.100.181	34010 (YAHOO-IRD) (YAHOO-IRD)
1	34.200.184.86 34.200.184.86	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:223... 2600:9000:223f:f800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 2	54.84.15.237 54.84.15.237	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1f18:444... 2600:1f18:444a:4602:b51a:2bef:14:5241	14618 (AMAZON-AES) (AMAZON-AES)
222	41

121 149.154.92.61 (Sesto San Giovanni, Italy) 2 redirects

ASN57144 (ICCREA-AS, IT)

www.cartabcc.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

connect.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.2.247 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.5.142 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:20e:face:b00c:0:2 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net

5139589.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::1c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 70.42.32.95 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.110 (France)

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.172.123 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

criteo-sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.245.213 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.209.98 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-209-98.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.93.151.69 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-151-69.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.152 (Paris, France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.234.233 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

cdn.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.241.218 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-241-218.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.243.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.243.186.35.bc.googleusercontent.com

matching.ivitrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.133.78 (None, )

ASN13335 (CLOUDFLARENET, US)

cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.82.100.181 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spdc.pbp.vip.ir2.yahoo.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.200.184.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-184-86.compute-1.amazonaws.com

sync-criteo.ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:f800:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.84.15.237 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-15-237.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4602:b51a:2bef:14:5241 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
121	cartabcc.it 2 redirects www.cartabcc.it	3 MB
50	facebook.com 1 redirects connect.facebook.com graph.facebook.com www.facebook.com	28 KB
8	yahoo.com 1 redirects ads.yahoo.com ups.analytics.yahoo.com sp.analytics.yahoo.com	2 KB
7	adform.net 3 redirects s2.adform.net track.adform.net cm.adform.net	58 KB
6	criteo.com 1 redirects gum.criteo.com mug.criteo.com sslwidget.criteo.com dis.criteo.com	14 KB
5	facebook.net connect.facebook.net	199 KB
4	fbcdn.net static.xx.fbcdn.net	275 KB
4	adnxs.com 3 redirects secure.adnxs.com	4 KB
4	doubleclick.net 2 redirects stats.g.doubleclick.net 5139589.fls.doubleclick.net cm.g.doubleclick.net	2 KB
3	liadm.com 2 redirects i.liadm.com i6.liadm.com	2 KB
3	advertising.com 3 redirects pixel.advertising.com	1 KB
2	stickyadstv.com 1 redirects ads.stickyadstv.com cdn.stickyadstv.com	1 KB
2	bidswitch.net 1 redirects x.bidswitch.net	1 KB
2	3lift.com 1 redirects eb2.3lift.com	733 B
2	casalemedia.com 1 redirects r.casalemedia.com	2 KB
2	google.it www.google.it adservice.google.it	1 KB
2	google.com analytics.google.com adservice.google.com	1 KB
1	smaato.net s.ad.smaato.net	239 B
1	yieldmo.com sync-criteo.ads.yieldmo.com	457 B
1	mgid.com cm.mgid.com	812 B
1	ivitrack.com matching.ivitrack.com	242 B
1	omnitagjs.com visitor.omnitagjs.com	235 B
1	sharethrough.com match.sharethrough.com	263 B
1	media.net contextual.media.net	784 B
1	teads.tv criteo-sync.teads.tv	172 B
1	taboola.com sync-t1.taboola.com	231 B
1	pubmatic.com simage2.pubmatic.com	340 B
1	bing.com c.bing.com	595 B
1	smartadserver.com rtb-csync.smartadserver.com	163 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	outbrain.com sync.outbrain.com	476 B
1	googleadservices.com www.googleadservices.com	18 KB
1	criteo.net static.criteo.net	14 KB
1	googletagmanager.com www.googletagmanager.com	61 KB
222	34

	Domain	Requested by
121	www.cartabcc.it	2 redirects www.cartabcc.it
47	www.facebook.com	connect.facebook.net www.cartabcc.it
5	connect.facebook.net	www.cartabcc.it connect.facebook.com connect.facebook.net
4	static.xx.fbcdn.net	www.facebook.com
4	ups.analytics.yahoo.com	1 redirects
4	secure.adnxs.com	3 redirects
3	pixel.advertising.com	3 redirects
3	track.adform.net	2 redirects www.cartabcc.it
3	s2.adform.net	1 redirects www.cartabcc.it
2	i.liadm.com	2 redirects
2	sp.analytics.yahoo.com
2	x.bidswitch.net	1 redirects
2	eb2.3lift.com	1 redirects
2	r.casalemedia.com	1 redirects
2	ads.yahoo.com
2	dis.criteo.com
2	gum.criteo.com	1 redirects static.criteo.net
2	5139589.fls.doubleclick.net	1 redirects www.cartabcc.it
2	graph.facebook.com	www.cartabcc.it connect.facebook.net
1	i6.liadm.com
1	s.ad.smaato.net
1	sync-criteo.ads.yieldmo.com
1	cm.mgid.com
1	matching.ivitrack.com
1	cdn.stickyadstv.com
1	ads.stickyadstv.com	1 redirects
1	visitor.omnitagjs.com
1	match.sharethrough.com
1	contextual.media.net
1	criteo-sync.teads.tv
1	cm.adform.net
1	sync-t1.taboola.com
1	simage2.pubmatic.com
1	c.bing.com
1	rtb-csync.smartadserver.com
1	pixel.rubiconproject.com
1	sync.outbrain.com
1	cm.g.doubleclick.net	1 redirects
1	sslwidget.criteo.com	static.criteo.net
1	adservice.google.it	adservice.google.com
1	mug.criteo.com	www.cartabcc.it
1	adservice.google.com	5139589.fls.doubleclick.net
1	www.google.it	www.cartabcc.it
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	www.googleadservices.com	www.cartabcc.it
1	static.criteo.net	www.cartabcc.it
1	connect.facebook.com	1 redirects
1	www.googletagmanager.com	www.cartabcc.it
222	49

This site contains links to these domains. Also see Links.

Domain
www.ventis.it
www.cartabccpos.it
titolari.cartabcc.it
www.premiati.gruppoiccrea.it
play.google.com
appsto.re
appgallery7.huawei.com

Subject Issuer	Validity	Valid
www.cartabcc.it Thawte EV RSA CA 2018	`2021-06-22` - `2022-07-13`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.google.it GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-01` - `2021-11-30`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-01` - `2022-01-24`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2021-10-24` - `2022-11-24`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-25` - `2021-12-15`	2 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-05-28` - `2022-06-15`	a year	crt.sh
teads.tv R3	`2021-11-03` - `2022-02-01`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-24` - `2022-06-23`	a year	crt.sh
itm.ivitrack.com R3	`2021-10-17` - `2022-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-11` - `2022-06-10`	a year	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.ads.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
s.ad.smaato.net Amazon	`2021-09-21` - `2022-10-20`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.cartabcc.it/Pagine/default.aspx
Frame ID: AF284BA0B95BA3C6E0F191508D92EC34
Requests: 139 HTTP requests in this frame

Frame: https://5139589.fls.doubleclick.net/activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457
Frame ID: D3946B9A2918E175B598BF1A2DD7178C
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.cartabcc.it&origin=onetag
Frame ID: EDBCC1890453E265C0FD8DA5A8B0C127
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/
Frame ID: 4AE75FDAA2C3D235383C8295F9BAF502
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.it/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/
Frame ID: F56361A6429689A4C24ECB0E9B49056D
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Frame ID: C00DDC1644BE5BF787E0A2C268E5033A
Requests: 24 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Frame ID: 141ADAE7D0D2E08AD3F8281D4417980C
Requests: 24 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Frame ID: DC41395839D05C7137258B204C72DF41
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CartaBCC

Page URL History Show full URLs

http://www.cartabcc.it/ HTTP 302
https://www.cartabcc.it/ HTTP 302
https://www.cartabcc.it/Pagine/default.aspx Page URL

Page Statistics

222
Requests

93 %
HTTPS

36 %
IPv6

34
Domains

49
Subdomains

41
IPs

10
Countries

4193 kB
Transfer

7859 kB
Size

51
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.ventis.it/
Title: Ventis

Search URL Search Domain Scan URL

URL: http://www.cartabccpos.it/
Title: BCCPOS

Search URL Search Domain Scan URL

URL: https://titolari.cartabcc.it/TITOLARI-CARTE/home

Search URL Search Domain Scan URL

URL: https://titolari.cartabcc.it/
Title: Area clienti

Search URL Search Domain Scan URL

URL: https://www.premiati.gruppoiccrea.it/
Title: PremiaTi RevolutionPiù valore ai tuoi desideri!

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.bcc.iccrea.mycartabcc&hl=it

Search URL Search Domain Scan URL

URL: https://appsto.re/it/ZFSW9.i

Search URL Search Domain Scan URL

URL: https://appgallery7.huawei.com/#/app/C101754521

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.cartabcc.it/ HTTP 302
https://www.cartabcc.it/ HTTP 302
https://www.cartabcc.it/Pagine/default.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://connect.facebook.com/it_IT/all.js HTTP 302
https://connect.facebook.net/it_IT/all.js

Request Chain 66

https://track.adform.net/serving/scripts/trackpoint/async/ HTTP 301
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

Request Chain 99

https://5139589.fls.doubleclick.net/activityi;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457 HTTP 302
https://5139589.fls.doubleclick.net/activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457

Request Chain 123

https://s2.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx HTTP 301
https://track.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx HTTP 302
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx

Request Chain 132

https://gum.criteo.com/sid/json?origin=onetag&domain=cartabcc.it&sn=ChromeSyncframe&so=0&topUrl=www.cartabcc.it&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=QK6aF3w5WlFaTSs3N0l2bWMxWlhLNzB5WnJtQWp1Z3Nsak5lTjhnQmpxTzN4UHVQaEFkQVoydUxNbEp0aThmWUYvcUExeFZHeTJIKzVqamFHUjFSMk85L25iSWdVaWxJSnF0Ym9jUjQ0bXBzQXJ2NFZnbldiQ2VCT3htSVpURHdqK1JBK3RleFYwUjRoeU9KZWY4TjlHSVRDR0ZieWdZSzZXa1JtVHlMeHhaS0ZEd3JBV3VRcitwcnNpVXoxVG0xeXFsamF1NDFpQVdWODdvKytHcWphY3NoWHowSzZoNEVPTVNuRlpvdGhQemtybU1XRXpGSWdDZlQ3M21JRERMdHRoNHR4cFM0Z0t0REVvcS9kSVQyaE9hQW0yUT09fA&cppv=2

Request Chain 141

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1ES2tlRFpxOFBhWW0xSmpHWFZCRmtDbjUzZ2QzY05xWXFpYzBuQQ HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

Request Chain 145

https://secure.adnxs.com/setuid?entity=52&code=k-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A&seg=130915 HTTP 307
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A%26seg%3D130915

Request Chain 148

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-DINf5Jq8PaYm1JjGXVBFkCn53gfgET8YX9dYUA HTTP 302
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-DINf5Jq8PaYm1JjGXVBFkCn53gfgET8YX9dYUA&verify=true

Request Chain 150

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA&C=1

Request Chain 154

https://eb2.3lift.com/xuid?mid=2711&xuid=k-4pnsc5q8PaYm1JjGXVBFkCn53gdl-Nd-vinzng&dongle=013b HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-4pnsc5q8PaYm1JjGXVBFkCn53gdl-Nd-vinzng&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

Request Chain 155

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-vsZXCpq8PaYm1JjGXVBFkCn53gdSns2Boq_EPw&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-vsZXCpq8PaYm1JjGXVBFkCn53gdSns2Boq_EPw&expires=30

Request Chain 159

https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-1ymhiZq8PaYm1JjGXVBFkCn53geyCGFLsoAPfg&redirectId=69 HTTP 302
https://cdn.stickyadstv.com/one-shot/empty.gif

Request Chain 160

https://pixel.advertising.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda

Request Chain 166

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w HTTP 303
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w&_li_chk=true&previous_uuid=7a41e4b6cd484880a54f39c0355e0f64 HTTP 303
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w

Request Chain 215

https://secure.adnxs.com/seg?add=130915&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=130324064635517086

Request Chain 217

https://pixel.advertising.com/ups/55945/sync?uid=k-3WiXe5q8PaYm1JjGXVBFkCn53gcBv13E0mIwwg&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-3WiXe5q8PaYm1JjGXVBFkCn53gcBv13E0mIwwg&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda

222 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request default.aspx Show response
www.cartabcc.it/Pagine/
Redirect Chain

http://www.cartabcc.it/
https://www.cartabcc.it/
https://www.cartabcc.it/Pagine/default.aspx

479 KB
481 KB

1358ms
1358ms

Document
text/html

149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0489af80fe5de0da0ed7a1652cd4b14b7594472681eeb77bd1445954e09117ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9

Response headers

Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Mon, 08 Nov 2021 01:05:36 GMT
Last-Modified: Tue, 23 Nov 2021 01:05:36 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-SharePointHealthScore: 0
X-AspNet-Version: 4.0.30319
SPRequestGuid: 08c805a0-3b27-b098-3c3c-48f4b53412df
request-id: 08c805a0-3b27-b098-3c3c-48f4b53412df
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 1314
SPIisLatency: 0
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-XSS-Protection: 1
Date: Tue, 23 Nov 2021 01:05:38 GMT
Transfer-Encoding: chunked

Redirect headers

Location: https://www.cartabcc.it/Pagine/default.aspx
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/8.5
X-SharePointHealthScore: 0
SPRequestGuid: 08c805a0-4b24-b098-3c3c-434e83860aa7
request-id: 08c805a0-4b24-b098-3c3c-434e83860aa7
X-FRAME-OPTIONS: SAMEORIGIN
SPRequestDuration: 8
SPIisLatency: 1
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Content-Type-Options: nosniff
X-MS-InvokeApp: 1; RequireReadOnly
X-XSS-Protection: 1
Date: Tue, 23 Nov 2021 01:05:35 GMT
Content-Length: 166

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 163 KB
61 KB 106ms
43ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FE9QMZSP59

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

073cd0d839ebad694e5ac81b493613ea72b35ca9f91159e343974b442e38ccb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:38 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61732
x-xss-protection: 0
expires: Tue, 23 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK oslo.css
www.cartabcc.it/_layouts/15/1040/styles/Themable/ 320 KB
46 KB 102ms
43ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7bc15156bfd0c994eb416710df6402ae66bde703b16f0b494fbea7f4b6f9d5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Mar 2020 20:35:18 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 46672
ETag: "08713bb1b2d61:0"

GET
H/1.1 200
OK bootstrap.min.css
www.cartabcc.it/_catalogs/masterpage/css/ 115 KB
27 KB 108ms
49ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/css/bootstrap.min.css

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-0b81-b098-3c3c-42ed8ae38ec4
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:5DF8087F-0B0F-479B-B951-D4B7009C228A@00000000010
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 26864
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Last-Modified: Thu, 07 Jan 2016 09:21:43 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-0b81-b098-3c3c-42ed8ae38ec4
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{5DF8087F-0B0F-479B-B951-D4B7009C228A},10"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK flexslider.css
www.cartabcc.it/_catalogs/masterpage/css/ 7 KB
3 KB 108ms
49ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/css/flexslider.css

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

09023baefad81ce5066da12f63dbfd860f1321097977c6994d7862905f18da76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-0b81-b098-3c3c-4095f38f2b56
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:CBF85667-2FB6-40C2-A6A4-EA6B36F0FE8B@00000000010
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 1922
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 9
Last-Modified: Thu, 07 Jan 2016 09:21:43 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-0b81-b098-3c3c-4095f38f2b56
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{CBF85667-2FB6-40C2-A6A4-EA6B36F0FE8B},10"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK owl.carousel.css
www.cartabcc.it/_catalogs/masterpage/css/ 5 KB
2 KB 106ms
48ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/css/owl.carousel.css

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-0b81-b098-3c3c-41dc8f56cca0
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:EFC96715-741D-4F70-AE4E-3C6BE8D6EAE9@00000000010
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 1389
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Last-Modified: Thu, 07 Jan 2016 09:21:43 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-0b81-b098-3c3c-41dc8f56cca0
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{EFC96715-741D-4F70-AE4E-3C6BE8D6EAE9},10"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK style.css
www.cartabcc.it/_catalogs/masterpage/css/ 134 KB
37 KB 151ms
92ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0b2921dc3fdec737052a1ae4fc1b7c0308f7ba1fea6129b67cf07879d17810d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-0b81-b098-3c3c-42a6b3ef6c20
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:1DF266C3-DA5D-4938-991E-ACA878E83BA3@00000032818
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 37361
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 37
Last-Modified: Tue, 07 Sep 2021 10:31:21 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-0b81-b098-3c3c-42a6b3ef6c20
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{1DF266C3-DA5D-4938-991E-ACA878E83BA3},32818"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK font.css
www.cartabcc.it/_catalogs/masterpage/css/ 3 KB
1 KB 120ms
37ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/css/font.css

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

13d8206e6dcb19f6362581ec12b009524c1bd131d45722b61094436bca79445b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-0b82-b098-3c3c-4776ee9633c3
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:6C1F6A95-0F51-4B9F-840D-7F61A1381486@00000000010
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 576
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Last-Modified: Thu, 07 Jan 2016 09:21:43 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-0b82-b098-3c3c-4776ee9633c3
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{6C1F6A95-0F51-4B9F-840D-7F61A1381486},10"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK SharepointManagement.css
www.cartabcc.it/_catalogs/masterpage/css/ 1 KB
1 KB 152ms
44ms Stylesheet
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/css/SharepointManagement.css

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1b70ec41a84b82047cd2935f6ac76c0d0ded50ec6a65b725f2b2abaf5edbfb6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-fb83-b098-3c3c-4d723400a0df
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:86F8DEDA-7881-44D9-B99B-6AF78DC3C835@00000000010
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 575
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 9
Last-Modified: Thu, 07 Jan 2016 09:21:44 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-fb83-b098-3c3c-4d723400a0df
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{86F8DEDA-7881-44D9-B99B-6AF78DC3C835},10"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK init.js Show response
www.cartabcc.it/_layouts/15/ 158 KB
44 KB 152ms
43ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

14c7f3592be7d72bccb6c3e7d8ffaeffd31270c40885e109782fd46ba721d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Mar 2020 07:46:24 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 44598
ETag: "08a826e70d61:0"

GET
H/1.1 200
OK initstrings.js Show response
www.cartabcc.it/_layouts/15/1040/ 18 KB
6 KB 153ms
33ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/1040/initstrings.js?rev=UNKGJ%2F3jOeVzAonNhBreFw%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

ea229dc845952b01f28d60d13dfcce83fd0b3c1857e29ea610f699253151d08c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sun, 31 Oct 2021 04:08:13 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 5242
ETag: "80344beccced71:0"

GET
H/1.1 200
OK clienttemplates.js Show response
www.cartabcc.it/_layouts/15/ 147 KB
40 KB 169ms
34ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/clienttemplates.js?rev=0z4Tb4hOOcK5wjxH5p1xVg%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4f9b12ff6d6bcfe24b3908b5b4653b2769d650b5aafcaa9ad983a521dd9a4491

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14 Sep 2021 16:19:42 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 40123
ETag: "0e3c25284a9d71:0"

GET
H/1.1 200
OK jquery.min.js Show response
www.cartabcc.it/style%20library/js/ 82 KB
38 KB 197ms
43ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/js/jquery.min.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-eb86-b098-3c3c-469cc88ff35f
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:E3EAD1FE-7229-40B4-A624-68324D77ED68@00000000001
Content-Disposition: attachment; filename="jquery.min.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 37709
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 8
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:57 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-eb86-b098-3c3c-469cc88ff35f
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{E3EAD1FE-7229-40B4-A624-68324D77ED68},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK bootstrap.min.js Show response
www.cartabcc.it/style%20library/js/ 35 KB
13 KB 196ms
42ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/js/bootstrap.min.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-eb86-b098-3c3c-459fb10cf08a
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:370C4F4E-F45C-4771-B180-FA3C6FDDE037@00000000001
Content-Disposition: attachment; filename="bootstrap.min.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 12548
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:56 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-eb86-b098-3c3c-459fb10cf08a
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{370C4F4E-F45C-4771-B180-FA3C6FDDE037},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK jquery.flexslider-min.js Show response
www.cartabcc.it/style%20library/js/ 21 KB
9 KB 191ms
37ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/js/jquery.flexslider-min.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

af44c83f737c501b3862145a4a30d18f780168a429f94c9a6ef90b71f464c858

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-eb86-b098-3c3c-40a87613b7b7
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:3B564F50-CF7C-438B-B549-E4E3B79AEDB7@00000000001
Content-Disposition: attachment; filename="jquery.flexslider-min.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 8127
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:56 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-eb86-b098-3c3c-40a87613b7b7
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{3B564F50-CF7C-438B-B549-E4E3B79AEDB7},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK makefixed.min.js Show response
www.cartabcc.it/style%20library/js/ 2 KB
2 KB 230ms
47ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/js/makefixed.min.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

098c1d66ca6ac145edf6dc127803d5409064e1985e40a112fe52b36f2a130ae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-db88-b098-3c3c-4d808fc39f31
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:1E0BBC98-69B0-444C-BB68-34A0C71356AA@00000000001
Content-Disposition: attachment; filename="makefixed.min.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 895
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 12
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:57 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-db88-b098-3c3c-4d808fc39f31
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{1E0BBC98-69B0-444C-BB68-34A0C71356AA},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK owl.carousel.min.js Show response
www.cartabcc.it/style%20library/js/ 39 KB
14 KB 226ms
42ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/js/owl.carousel.min.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-db88-b098-3c3c-4c2cd896ad8a
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:F6DDF59E-98FA-452B-A0E0-142A64CB68C6@00000000001
Content-Disposition: attachment; filename="owl.carousel.min.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 13876
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 8
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:57 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-db88-b098-3c3c-4c2cd896ad8a
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{F6DDF59E-98FA-452B-A0E0-142A64CB68C6},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK script.js Show response
www.cartabcc.it/style%20library/js/ 16 KB
5 KB 246ms
54ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/js/script.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

87c0ba07e79ba24acaedb7c0ffb79aed84a0876dc99ea17b44d92898c1920636

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-db88-b098-3c3c-407dd149ed5d
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:7B5AED01-F6C2-46AA-8B4A-B7198F0ABC62@00000000012
Content-Disposition: attachment; filename="script.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 3989
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 24
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Fri, 26 May 2017 10:30:33 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-db88-b098-3c3c-407dd149ed5d
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{7B5AED01-F6C2-46AA-8B4A-B7198F0ABC62},12"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK cbcc_jslinkmanager.js Show response
www.cartabcc.it/style%20library/jslink/ 4 KB
2 KB 232ms
38ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/jslink/cbcc_jslinkmanager.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

42cb30500358c7f019ee93575e48d523d0931fa3b75de43868b03d66f3e0fb74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-db88-b098-3c3c-499bbe1aa3e9
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:7DB98EED-2666-45C8-B02D-80DB7AB21CB2@00000000001
Content-Disposition: attachment; filename="cbcc_jslinkmanager.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 1089
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:00 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-db88-b098-3c3c-499bbe1aa3e9
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{7DB98EED-2666-45C8-B02D-80DB7AB21CB2},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK ScriptResource.axd Show response
www.cartabcc.it/ 100 KB
25 KB 248ms
38ms Script
application/x-javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/ScriptResource.axd?d=qZWJRgx71waW1ndBbIkYZ_GiyumunogvatsHFRh8uI8n-XZ8GGbvGyURCIvXBVOHEYfmBLaLZ5EFbRwyguIRRaRsKME0baM-16H45ID0M3YGPKcFI7oM86Q9AJMSgoccV7C73w-U8e9FF9tXRvmfq0nPzAu1qHgY8zvLL_cgVEBmFY8ZV0MZp8imUc3UxBwY0&t=ffffffffce034dab

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 23 Nov 2021 00:33:46 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Cache-Control: public
Content-Length: 25609
X-XSS-Protection: 1
MicrosoftSharePointTeamServices: 15.0.0.4719
Expires: Wed, 23 Nov 2022 00:33:46 GMT

GET
H/1.1 200
OK blank.js Show response
www.cartabcc.it/_layouts/15/ 119 B
691 B 253ms
35ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/blank.js?rev=ZaOXZEobVwykPO9g8hq%2F8A%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

528d30b6dbe6422fa5cb80857cc760cc07156da2f76fdec99c5a86400d9e739e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jan 2014 06:06:04 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 217
ETag: "0ae9932118cf1:0"

GET
H/1.1 200
OK ScriptResource.axd Show response
www.cartabcc.it/ 39 KB
10 KB 263ms
33ms Script
application/x-javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/ScriptResource.axd?d=uz_9pZUGins3YmuWgJ4USWOzVsRjO4ojt54-OLdzn1nf56US9sFkcNYMR35XdI3B_eu4ys334kV3DZzApowa792vgzDpKBVVAIIko8VDpZA8EV-gVUUjIsW9Lp9LukC3zcc9ITom9wCJHN0CbwoclfiX5Jg4yXy-GpDyToiyJM-yMXK_q1m1KRxtvOtwGpJf0&t=ffffffffce034dab

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 23 Nov 2021 00:33:46 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Content-Type: application/x-javascript
Cache-Control: public
Content-Length: 9984
X-XSS-Protection: 1
MicrosoftSharePointTeamServices: 15.0.0.4719
Expires: Wed, 23 Nov 2022 00:33:46 GMT

GET
H/1.1 200
OK CBCC_PrivatiMenu_CarteDiCredito.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 499 B
1 KB 273ms
42ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_PrivatiMenu_CarteDiCredito.js?varTag=1637629536&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7588a3068e2520e236ee7708b08636bc587d79ee0c3e1ce13f31e860c5a00936

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-cb8b-b098-3c3c-408b8a3ae3cb
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:E609A0E6-C042-4F58-B262-D1C83B5B9BAE@00000000001
Content-Disposition: attachment; filename="CBCC_PrivatiMenu_CarteDiCredito.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 388
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 11
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:01 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cb8b-b098-3c3c-408b8a3ae3cb
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{E609A0E6-C042-4F58-B262-D1C83B5B9BAE},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_PrivatiMenu_CarteDiDebito.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 493 B
1 KB 273ms
41ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_PrivatiMenu_CarteDiDebito.js?varTag=1637629536&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

ace45b46ac17a67385d5531e52dd00c52b17329a911ad2548954a11b2ad6f1d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-cb8b-b098-3c3c-4bff3485714c
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:904C6A6B-8999-4763-80A5-D394C90C2110@00000000001
Content-Disposition: attachment; filename="CBCC_PrivatiMenu_CarteDiDebito.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 387
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:02 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cb8b-b098-3c3c-4bff3485714c
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{904C6A6B-8999-4763-80A5-D394C90C2110},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_PrivatiMenu_CartePrepagate.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 500 B
1 KB 287ms
41ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_PrivatiMenu_CartePrepagate.js?varTag=1637629536&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a4ec6f94a0b8da689d7e44343539adbcd049e2aacb981a6cbc4891bbd051bae9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-cb8c-b098-3c3c-454a76b421d1
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:8ECA465A-8A63-4859-8669-6B4C5195FADA@00000000001
Content-Disposition: attachment; filename="CBCC_PrivatiMenu_CartePrepagate.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 385
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 10
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:02 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cb8c-b098-3c3c-454a76b421d1
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{8ECA465A-8A63-4859-8669-6B4C5195FADA},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_AziendeMenu_CarteDiCredito.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 510 B
1 KB 297ms
43ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_AziendeMenu_CarteDiCredito.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

3c8cca8f79a813ccbc3683de3169c70c385b8bec34e0b383d05ef904c8b020cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-cb8c-b098-3c3c-43c19b82058b
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:28107206-B640-44B1-80FF-7BBFC97CBBFF@00000000001
Content-Disposition: attachment; filename="CBCC_AziendeMenu_CarteDiCredito.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 396
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 11
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:58 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cb8c-b098-3c3c-43c19b82058b
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{28107206-B640-44B1-80FF-7BBFC97CBBFF},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_AziendeMenu_CartePrepagate.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 509 B
1 KB 333ms
69ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_AziendeMenu_CartePrepagate.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

284a56c4ba4ca9f30a494fcb4f75c23f5253547bad735ef51158df6dfc90c915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-bb8d-b098-3c3c-4b10147897e6
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:98934E96-DAE8-4441-8DE8-A5560DCA43C7@00000000001
Content-Disposition: attachment; filename="CBCC_AziendeMenu_CartePrepagate.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 389
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 31
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:59 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-bb8d-b098-3c3c-4b10147897e6
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{98934E96-DAE8-4441-8DE8-A5560DCA43C7},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_AziendeMenu_CarteBccPos.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 491 B
1 KB 331ms
66ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_AziendeMenu_CarteBccPos.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

2563ca062d2fb21da1ec427412b982b02799fdcb75db6522ef3a777d2235c0ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-ab8f-b098-3c3c-4e84fee7f0d3
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:5EF5CC53-BA12-4091-A33D-6B32C729E2FE@00000000001
Content-Disposition: attachment; filename="CBCC_AziendeMenu_CarteBccPos.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 386
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:58 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ab8f-b098-3c3c-4e84fee7f0d3
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{5EF5CC53-BA12-4091-A33D-6B32C729E2FE},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 21

GET
H/1.1 200
OK CBCC_VantaggiMenu.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 2 KB
2 KB 334ms
55ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_VantaggiMenu.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

80fb3e76ddde2313ad4c6b34b06b8d42d3a4d2fd628861fec955e70bf99e5eaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-ab8f-b098-3c3c-4f1893f812a2
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:C02F7470-3C63-48BA-AAE4-D42A70D8408B@00000000001
Content-Disposition: attachment; filename="CBCC_VantaggiMenu.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 627
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 10
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:04 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ab8f-b098-3c3c-4f1893f812a2
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{C02F7470-3C63-48BA-AAE4-D42A70D8408B},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 10

GET
H/1.1 200
OK cbcc_topsliderhomepage.js Show response
www.cartabcc.it/style%20library/jslink/ 3 KB
2 KB 336ms
57ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/style%20library/jslink/cbcc_topsliderhomepage.js?ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

663c4a5f602e171f5f8cfcd8002ea6a4a2e87b45ec771ad5e2bc5ff0866b46aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-ab8f-b098-3c3c-42ce72dbb017
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:F3BC8ED5-7FB7-499C-8D10-649DAD45C0CF@00000000003
Content-Disposition: attachment; filename="cbcc_topsliderhomepage.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 999
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 10
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Mon, 29 Aug 2016 09:16:05 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ab8f-b098-3c3c-42ce72dbb017
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{F3BC8ED5-7FB7-499C-8D10-649DAD45C0CF},3"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 11

GET
H/1.1 200
OK CBCC_VantaggiOverlay.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 4 KB
2 KB 332ms
42ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_VantaggiOverlay.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

083676345d3d4780868d7082af80b98cb33a9c28945dfdebb64b8859f62b8e15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-ab8f-b098-3c3c-424ba8400029
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:D694AA7F-0729-48FC-86D3-03CA55B0A2A0@00000000001
Content-Disposition: attachment; filename="CBCC_VantaggiOverlay.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 1337
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 10
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:04 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ab8f-b098-3c3c-424ba8400029
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{D694AA7F-0729-48FC-86D3-03CA55B0A2A0},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 1

GET
H/1.1 200
OK CBCC_ForYouPrivati.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 3 KB
2 KB 336ms
39ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_ForYouPrivati.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a5c277cb9c2bff3a7ebffc13f04997021c12a83c8b101e6e03330676bec5808d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-ab8f-b098-3c3c-4136096c2461
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:10E8E632-3CAF-45D2-B671-34A0F6FEB68C@00000000001
Content-Disposition: attachment; filename="CBCC_ForYouPrivati.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 1244
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:19:59 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ab8f-b098-3c3c-4136096c2461
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{10E8E632-3CAF-45D2-B671-34A0F6FEB68C},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_SubBannerProdotti.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 3 KB
2 KB 382ms
39ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_SubBannerProdotti.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

beaa74a3337db035766f890b60e7e5da285f1393b3565f09799e278e4e09b46c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-9b92-b098-3c3c-458c4bf05cbc
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:073F253A-F82E-4D6C-A5D6-1435642D1152@00000000001
Content-Disposition: attachment; filename="CBCC_SubBannerProdotti.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 999
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 07 Jan 2016 09:20:03 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-9b92-b098-3c3c-458c4bf05cbc
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{073F253A-F82E-4D6C-A5D6-1435642D1152},1"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H/1.1 200
OK CBCC_NewsHomePage.js Show response
www.cartabcc.it/Style%20Library/JSLink/ 921 B
1 KB 391ms
47ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/JSLink/CBCC_NewsHomePage.js?varTag=1637629537&ctag=7753$$15.0.5389.1000

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

90866a1ecb4b2d71afa0657bbc4426ff1c65cd950bb7c7610420fdb25000bc94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-9b92-b098-3c3c-4685bc03aafa
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:AF51FAAB-DEB2-4CE8-92D1-64AFC61D3276@00000000003
Content-Disposition: attachment; filename="CBCC_NewsHomePage.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 553
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Expires: Wed, 23 Nov 2022 01:05:38 GMT
Last-Modified: Thu, 18 Aug 2016 13:15:54 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-9b92-b098-3c3c-4685bc03aafa
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{AF51FAAB-DEB2-4CE8-92D1-64AFC61D3276},3"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=31536000
SPIisLatency: 0

GET
H2

200

all.js Show response
connect.facebook.net/it_IT/
Redirect Chain

https://connect.facebook.com/it_IT/all.js
https://connect.facebook.net/it_IT/all.js

3 KB
2 KB

109ms
28ms

Script
application/x-javascript

2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/it_IT/all.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a719a73fe8edbe4230570b0a3fc59232c096a6983f79c0f5d3f5766061ad6e4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 4m7EMzqON/8dclqOjg9m6w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: ft1mkbugrwVmQLN8Fmp9isPXBKzD0MHiuU5xO4G5BefAVkmlt9FBlHTnlqIODzF2LUWfN41JHs0HAiEo2Ca9pg==
x-fb-trip-id: 686109401
x-fb-content-md5: 42fb291d179f17f8c58713e369ef7452
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:38 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "36f9aaabb56992b6009c27c1e464c2b3"
timing-allow-origin: *
expires: Tue, 23 Nov 2021 01:08:23 GMT

Redirect headers

location: https://connect.facebook.net/it_IT/all.js
x-fb-debug: bX1SG3BU5QttZUx7aiHuMjR8Kkg2LM53Wx+Z/M7GjxECjeG0+fCEJi7WZZJmzvPq1b7GZWLnO0cDzFfNE6oa5g==
date: Tue, 23 Nov 2021 01:05:38 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"

GET
H/1.1 200
OK bt.cookies.api.dyn.js Show response
www.cartabcc.it/SiteAssets/js/cookie_js/ 6 KB
3 KB 382ms
38ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/SiteAssets/js/cookie_js/bt.cookies.api.dyn.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1eaecb92e4a26d061539964caebb1ffcf87858a5db08eccdf2345b1a547e2019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-9b92-b098-3c3c-41e1e2485af2
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:436D3A6D-4C03-4A55-B7AA-BC24AB9DBE78@00000000704
Content-Disposition: attachment; filename="bt.cookies.api.dyn.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 2534
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Mon, 22 Nov 2021 14:01:37 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-9b92-b098-3c3c-41e1e2485af2
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{436D3A6D-4C03-4A55-B7AA-BC24AB9DBE78},704"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK cookies.dyn.js Show response
www.cartabcc.it/SiteAssets/js/cookie_js/ 9 KB
5 KB 391ms
46ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/SiteAssets/js/cookie_js/cookies.dyn.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

96ed2223d2d8f0ee570a2f28acd2fe7ff3c490a8e95726e178e025a2cd3b6d3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-9b92-b098-3c3c-419d8b8d1a43
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:8BA7D376-DE61-47F4-AD8A-465DE1952CA3@00000000708
Content-Disposition: attachment; filename="cookies.dyn.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 3823
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Mon, 22 Nov 2021 14:01:37 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-9b92-b098-3c3c-419d8b8d1a43
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{8BA7D376-DE61-47F4-AD8A-465DE1952CA3},708"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK spcommon.png
www.cartabcc.it/_layouts/15/images/ 19 KB
19 KB 36ms
32ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/_layouts/15/images/spcommon.png?rev=23

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

101cf54c0b669349a1fd5ab1935464a9a9645eb48fcae4cc2633a854444a501d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-MS-InvokeApp: 1; RequireReadOnly
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Apr 2015 18:45:08 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
ETag: "0525f9dac82d01:0"
Content-Type: image/png
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 19434
X-XSS-Protection: 1

GET
H/1.1 200
OK CartaBCC_Favicon.ico
www.cartabcc.it/_catalogs/masterpage/img/ 1 KB
2 KB 39ms
35ms Image
image/x-icon 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/_catalogs/masterpage/img/CartaBCC_Favicon.ico?rev=23

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fd64cd355a393eb0e75ffb097014deab7e585e38fb57348dcc3f6bd8998d3328

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8b96-b098-3c3c-4218abf2f2f3
Content-Length: 1150
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Thu, 24 Sep 2015 10:08:22 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8b96-b098-3c3c-4218abf2f2f3
ETag: "{6F57C8B5-F404-4EE0-9D38-DEE2AE2AE635},10pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/x-icon
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK WebResource.axd Show response
www.cartabcc.it/ 23 KB
6 KB 36ms
36ms Script
application/x-javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/WebResource.axd?d=4_fx27vfOwpZvzXwcPOPUWO9HsnGnd9QtgNuc8YZFif6iAuA6YmczyMxYW__ykzXfGMPBaTC0DvVtS7Mk049zRmH-0TLzW8Yu49g_Z9pBk81&t=637290829350350503

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Jun 2020 01:02:15 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public
Content-Length: 6007
X-XSS-Protection: 1
MicrosoftSharePointTeamServices: 15.0.0.4719
Expires: Wed, 23 Nov 2022 00:33:47 GMT

GET
H/1.1 200
OK logo-header.png
www.cartabcc.it/Style%20Library/img/ 3 KB
3 KB 40ms
37ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/logo-header.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

dcda9469e8f63a870df774bc9e46a0d53387e493fe43dd3724d024ae2d09f33a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8b96-b098-3c3c-49e5bbeffe2d
Content-Length: 2588
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Sun, 13 Sep 2015 11:41:19 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8b96-b098-3c3c-49e5bbeffe2d
ETag: "{DCF73FA2-935D-4A62-90FA-D8C79A6F5DED},949pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK logo.png
www.cartabcc.it/Style%20Library/img/ 4 KB
5 KB 44ms
41ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/logo.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4323f8ddb7c570311f9ccf5035c68d856bfe0cda1865097d8fe13826c02590c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8b96-b098-3c3c-4276b7afc180
Content-Length: 4527
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Thu, 15 Oct 2015 07:22:47 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8b96-b098-3c3c-4276b7afc180
ETag: "{A1EAD4EB-1BEC-4FE2-964C-A01E7B1E8A71},949pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK logo-mobile.png
www.cartabcc.it/Style%20Library/img/ 8 KB
8 KB 44ms
43ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/logo-mobile.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d36d9109275ca93d47589862c92e2ba34b58cc1a67541fe8ee3417ffd6b7c306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-7b98-b098-3c3c-487de8b4763e
Content-Length: 7696
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Sun, 13 Sep 2015 11:41:19 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-7b98-b098-3c3c-487de8b4763e
ETag: "{082F80C1-FCA5-4153-B60B-16EBEA56501D},949pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK 5_Sito_CartaBcc_Menu%c2%a6%c3%87_Lancio_SAMSUNGpay_ventis%20card_481x220.jpg
www.cartabcc.it/Style%20Library/img/Banner%20News/ 24 KB
25 KB 37ms
36ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Banner%20News/5_Sito_CartaBcc_Menu%c2%a6%c3%87_Lancio_SAMSUNGpay_ventis%20card_481x220.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

3d393fb4fa5aed6c21023b8981fb1bc69c5e566d0d3807cde55a8484fee9407d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-7b99-b098-3c3c-4008b7ced45f
Content-Length: 24796
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 27 Jun 2018 09:08:21 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-7b99-b098-3c3c-4008b7ced45f
ETag: "{CFE058F7-A79E-4B3B-8B16-5542ABF2B6AC},35pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H2 200 ld.js Show response
static.criteo.net/js/ld/ 41 KB
14 KB 130ms
34ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/ld.js
Requested by: Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: a1fddf4d5fec5f577b977db5c16c6582c1768324262382650fce903a37d73ab6

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:38 GMT
content-encoding: gzip
last-modified: Tue, 05 Oct 2021 08:29:00 GMT
server: nginx
etag: W/"615c0ccc-a373"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 24 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK CARTA-BCC-DEBIT-SITO-CARTA-BCC_484x508.png
www.cartabcc.it/Style%20Library/img/ 194 KB
195 KB 43ms
42ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/CARTA-BCC-DEBIT-SITO-CARTA-BCC_484x508.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0415736d61407b163bfdccf8d5564e10e515abf89cb0c4bc72e3a9a975967335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-7b99-b098-3c3c-440cce842efe
Content-Length: 199109
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 01 Oct 2021 09:27:24 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-7b99-b098-3c3c-440cce842efe
ETag: "{C8369AA9-72E8-4021-BC84-144AA7F94D62},4pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK google_Store.png
www.cartabcc.it/Style%20Library/img/ 3 KB
4 KB 37ms
35ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/google_Store.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

09ade0062ce21dde03dec21e9dcdddfacc765a4e22d800cc5bf06a363a49681a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-7b99-b098-3c3c-43ee1b5808a9
Content-Length: 3216
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Mon, 06 Jul 2020 12:43:14 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-7b99-b098-3c3c-43ee1b5808a9
ETag: "{9A533359-58F9-47B1-A402-2E4B5D9111B1},291pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK app_store.png
www.cartabcc.it/Style%20Library/img/ 2 KB
2 KB 37ms
36ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/app_store.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

b4ff860133d8c85a28926a7e93aa7f45f374ae6277b16c79f37356b81b18b602

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-7b99-b098-3c3c-486acd7de891
Content-Length: 1778
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Mon, 06 Jul 2020 12:46:44 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-7b99-b098-3c3c-486acd7de891
ETag: "{C72589A3-5473-43B7-AD5C-2B2FBBA44E73},291pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK huawei_store.png
www.cartabcc.it/Style%20Library/img/ 2 KB
3 KB 35ms
33ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/huawei_store.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

5d9862c186718bb6f766954530b787379a6ef8a9fdc50d913d4342843e1ee43b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6b9c-b098-3c3c-4c3c99d8a12b
Content-Length: 2515
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Mon, 06 Jul 2020 12:49:36 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6b9c-b098-3c3c-4c3c99d8a12b
ETag: "{EC1DD827-5345-4092-BB00-80A99CC9DBC6},291pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
18 KB 133ms
42ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17627
x-xss-protection: 0
server: cafe
etag: 16294007831590153160
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 23 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK VentisBanner.js Show response
www.cartabcc.it/Style%20Library/js/ 1 KB
2 KB 46ms
42ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/Style%20Library/js/VentisBanner.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

6fec58a48598613c8a4d19fb461f024ba975d146fc0426514c1b4a4637ccdbed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
request-id: 08c805a0-8b96-b098-3c3c-456bf4b7561e
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:4AC2DBF7-CD30-46A5-AB50-59DAA1510A40@00000000728
Content-Disposition: attachment; filename="VentisBanner.js"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 607
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Expires: Mon, 08 Nov 2021 01:05:38 GMT
Last-Modified: Mon, 22 Nov 2021 14:01:26 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8b96-b098-3c3c-456bf4b7561e
X-FRAME-OPTIONS: SAMEORIGIN
ETag: "{4AC2DBF7-CD30-46A5-AB50-59DAA1510A40},728"
X-Download-Options: noopen
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: private,max-age=0
SPIisLatency: 0

GET
H/1.1 200
OK chiudi.png
www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/ 15 KB
15 KB 47ms
47ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/chiudi.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

31cccd6f55aa480629657cb5458f989c9f5361b1b45bab9047fe21f1375370a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6b9c-b098-3c3c-4d34ff05c080
Content-Length: 15152
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 04 Jul 2017 12:54:39 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6b9c-b098-3c3c-4d34ff05c080
ETag: "{5375383F-2CD2-41B2-9055-1A405DF83549},718pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK 13_Sito_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_980x195.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/ 73 KB
74 KB 45ms
42ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/13_Sito_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_980x195.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

5ae0cd8647ce25c3caa7cf5155b4b3e7120f537004f5f34569b261f4dc792fb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4b9f-b098-3c3c-4ec85cfe30ca
Content-Length: 74987
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 27 Jun 2018 09:25:11 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4b9f-b098-3c3c-4ec85cfe30ca
ETag: "{EC765E20-5F82-4522-BA41-FC822BFF3BA8},624pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK 15_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_800x310px.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/ 112 KB
113 KB 45ms
44ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/15_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_800x310px.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

318d7b10f08b02ff518c5c74e6fcc8fc075ae5023d27e6c9859a6ba2519950f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4b9f-b098-3c3c-4d9273b1c924
Content-Length: 114931
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 27 Jun 2018 09:25:11 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4b9f-b098-3c3c-4d9273b1c924
ETag: "{D1194AF0-0A9A-4F5E-80AA-F31039734703},624pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK phone.png
www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/ 9 KB
9 KB 44ms
38ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/phone.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d9ad820e147680f85136b0af7b33d79e9d2cbcf4d259fd010e4b8f9b4c1e5d31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4ba1-b098-3c3c-4a4308934da0
Content-Length: 8885
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Thu, 04 May 2017 12:58:46 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4ba1-b098-3c3c-4a4308934da0
ETag: "{8537370E-1C34-4A3E-BC9D-5B8BA139D457},720pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK 11_Sito_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_1348x48.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/ 23 KB
23 KB 49ms
43ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/11_Sito_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_1348x48.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7ae33ab34c0cc4321f009d234844837244b763b76b3a1769621f9619f849cfe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4ba1-b098-3c3c-445bac047baa
Content-Length: 23124
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 27 Jun 2018 09:25:11 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4ba1-b098-3c3c-445bac047baa
ETag: "{291989F8-4478-46FA-B3B6-476B84F0B7CE},624pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK 14_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_800x153px.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/ 53 KB
54 KB 43ms
38ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/14_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_800x153px.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

55a490329010041abb0982e8fb65d384ea8307e3849deaf5792e071b71496806

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4ba1-b098-3c3c-4d7082ef08df
Content-Length: 54654
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 27 Jun 2018 09:25:11 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4ba1-b098-3c3c-4d7082ef08df
ETag: "{4AE84A81-A83B-4917-8F66-E445C5178112},624pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

POST
H2 204 collect
analytics.google.com/g/ 0
347 B 101ms
34ms Ping
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-FE9QMZSP59&gtm=2oeba1&_p=798341029&sr=1600x1200&_gaz=1&ul=en-us&cid=1105178230.1637629539&_s=1&dl=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&dt=CartaBCC&sid=1637629538&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FE9QMZSP59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cartabcc.it/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cartabcc.it
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
347 B 125ms
35ms Ping
text/plain 2a00:1450:400c:c1b::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FE9QMZSP59&cid=1105178230.1637629539&gtm=2oeba1&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FE9QMZSP59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c1b::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.cartabcc.it/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cartabcc.it
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.it/ads/ 42 B
501 B 151ms
56ms Image
image/gif 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.it/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FE9QMZSP59&cid=1105178230.1637629539&gtm=2oeba1&aip=1&z=343796724

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 all.js Show response
connect.facebook.net/it_IT/ 291 KB
82 KB 84ms
40ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/it_IT/all.js?hash=36bf60109ba1fbd22d837dd4fc1dec16

Requested by

Host: connect.facebook.com
URL: https://connect.facebook.com/it_IT/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

18ca475184946aceb47fcd1ec8e2dfa3da40826a365e97844b5fb79f74d8524c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.cartabcc.it/
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 7ojDBFF4DDfXLQsfbkEiOw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84372
x-fb-rlafr: 0
x-fb-debug: X5Jmo48Wie+Zg08bmdGc65UBsPgykz2UkT8fdipWv3Yi5SUfD6gtYhrpMJoES7c3QYnN1sc+au10WasjsJuJIw==
x-fb-content-md5: 308fd3a05208553b07aa146c76c9ff8d
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:38 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "94ca3f644b8342e4a2f0151077157dd3"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 23 Nov 2022 00:48:23 GMT

GET
H/1.1 200
OK _Incapsula_Resource
www.cartabcc.it/ 0
172 B 37ms
31ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cartabcc.it/_Incapsula_Resource?SWKMTFSR=1&e=0.2584616829022517
Requested by: Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: -1
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: Keep-Alive
Content-Length: 0
Content-Type: image/jpeg

GET
H2 200 trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/ 79 KB
28 KB 149ms
53ms Script
application/x-javascript 37.157.2.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:38 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 09:57:08 GMT
server: nginx
etag: W/"613888f4-13bd1"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H/1.1 200
OK Open_Sans.woff
www.cartabcc.it/_catalogs/masterpage/fonts/ 20 KB
21 KB 55ms
46ms Font
application/font-woff 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/Open_Sans.woff

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-7b98-b098-3c3c-487129a9cc2a
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:5CDDA722-1F2E-4CF1-84BD-8B3B3386E018@00000000010
Content-Disposition: attachment; filename="Open_Sans.woff"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 20216
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 5
Last-Modified: Thu, 07 Jan 2016 09:22:49 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-7b98-b098-3c3c-487129a9cc2a
ETag: "{5CDDA722-1F2E-4CF1-84BD-8B3B3386E018},10"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/font-woff
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK Open_Sans_Bold.woff
www.cartabcc.it/_catalogs/masterpage/fonts/ 20 KB
21 KB 79ms
54ms Font
application/font-woff 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/Open_Sans_Bold.woff

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-6b9c-b098-3c3c-4956a0cdcda4
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:8659A53B-F3EE-4450-BB06-FCD9DC0FA670@00000000010
Content-Disposition: attachment; filename="Open_Sans_Bold.woff"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 20964
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 7
Last-Modified: Thu, 07 Jan 2016 09:22:50 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6b9c-b098-3c3c-4956a0cdcda4
ETag: "{8659A53B-F3EE-4450-BB06-FCD9DC0FA670},10"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/font-woff
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK Lovelo-Black-webfont.woff2
www.cartabcc.it/_catalogs/masterpage/fonts/ 9 KB
10 KB 80ms
55ms Font
application/octet-stream 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/Lovelo-Black-webfont.woff2

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

9eeec5a5fe940a31de261545439b0d349056e859045dc8c0a60e849b2bfcdaea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-6b9c-b098-3c3c-44a0bbb83aef
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:81BB23DE-B3DC-41A3-86E9-70280409098D@00000000222
Content-Disposition: attachment; filename="Lovelo-Black-webfont.woff2"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 9404
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 9
Last-Modified: Thu, 07 Jan 2016 09:22:45 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6b9c-b098-3c3c-44a0bbb83aef
ETag: "{81BB23DE-B3DC-41A3-86E9-70280409098D},222"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK icomoon.woff
www.cartabcc.it/_catalogs/masterpage/fonts/ 14 KB
15 KB 66ms
41ms Font
application/font-woff 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/icomoon.woff?m7luf8

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

6b29e3ddb09886db2f0ba25d3842c850d302cefb75705eac51488be724e59837

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-6b9c-b098-3c3c-4ba3434b8645
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:124E5F12-B1C4-4627-9C54-088E328B9E51@00000000222
Content-Disposition: attachment; filename="icomoon.woff"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 14548
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 10
Last-Modified: Thu, 07 Jan 2016 09:22:44 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6b9c-b098-3c3c-4ba3434b8645
ETag: "{124E5F12-B1C4-4627-9C54-088E328B9E51},222"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/font-woff
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H2

200

trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/
Redirect Chain

https://track.adform.net/serving/scripts/trackpoint/async/
https://s2.adform.net/banners/scripts/st/trackpoint-async.js

79 KB
28 KB

63ms
52ms

Script
application/x-javascript

37.157.2.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol: H2
Server: 37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:39 GMT
content-encoding: gzip
last-modified: Wed, 08 Sep 2021 09:57:08 GMT
server: nginx
etag: W/"613888f4-13bd1"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

Redirect headers

location: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
date: Tue, 23 Nov 2021 01:05:39 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/html

GET
H3 200 sdk.js Show response
connect.facebook.net/it_IT/ 3 KB
2 KB 116ms
44ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/it_IT/sdk.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0012acabfeb2a46ff3224dcf3189ed930fe0ef0247d70024c631e76b5d3f02c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 8W5qacJ+GlXNBAova0YRrg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: jqerWcoN2br1AI/oZiaNPQ7jlQycxj8tsgDrBmAQu4qnwE+mDxHsmad9gFfGyrtQeQHbnAhZ1bDGG1fjkv5WPg==
x-fb-content-md5: 2a03443773c54ee78d749ab9b61223d5
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:38 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "0776360e37b22b4c10835c351a22270d"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 23 Nov 2021 01:16:51 GMT

GET
H2 200 access_token Show response
graph.facebook.com/oauth/ 85 B
485 B 215ms
63ms XHR
application/json 2a03:2880:f01c:20e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/oauth/access_token?client_id=1416719458657646&client_secret=52f7e55046dbcb39e9e4a22517befde0&grant_type=client_credentials

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/style%20library/js/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

368988b8aad8a0bbecd67db9a0a16a7760af07094e5613d7e0a8bda650b22b2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Accept: */*
Referer: https://www.cartabcc.it/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
x-fb-debug: KRvH/YBHqDhO2yQSYKs6FuD65BuhnmxeZKnnHLfSAwIjFoDKgTr2dFw074pr9XeCdB21hMxDGNqjuwgcwEPboQ==
x-fb-trace-id: B+4PPYRdQha
date: Tue, 23 Nov 2021 01:05:39 GMT
strict-transport-security: max-age=15552000; preload
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AdSUTeAII8G2LNs7NeH28Ri
cache-control: private, no-cache, no-store, must-revalidate
x-fb-rev: 1004766965
facebook-api-version: v5.0
content-length: 85
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK glyphicons-halflings-regular.woff2
www.cartabcc.it/_catalogs/masterpage/fonts/ 18 KB
18 KB 52ms
42ms Font
application/octet-stream 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/bootstrap.min.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/bootstrap.min.css
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-3ba3-b098-3c3c-4a1a13352047
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:C10F360C-A503-4992-AD74-07958DD3046B@00000000010
Content-Disposition: attachment; filename="glyphicons-halflings-regular.woff2"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 18028
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Last-Modified: Thu, 07 Jan 2016 09:22:43 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-3ba3-b098-3c3c-4a1a13352047
ETag: "{C10F360C-A503-4992-AD74-07958DD3046B},10"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:38 GMT

GET
H/1.1 200
OK strings.js Show response
www.cartabcc.it/_layouts/15/1040/ 147 KB
39 KB 48ms
44ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/1040/strings.js?rev=kXtcn0AA2q%2FvucbEJ2Fn%2BA%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f964b6cdc8fc810fb7852dffff4e208a7ad506b4dab2a23899b4e75d7289fe6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sun, 31 Oct 2021 04:08:13 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 39289
ETag: "80344beccced71:0"

GET
H/1.1 200
OK icgen.gif
www.cartabcc.it/_layouts/15/images/ 90 B
504 B 35ms
32ms Image
image/gif 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/_layouts/15/images/icgen.gif

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f210607fbd2ee60fe559b003e3204e57d9c2b78d9bab99d0861b6bfee943dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-MS-InvokeApp: 1; RequireReadOnly
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Jan 2014 07:02:24 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
ETag: "080a63bd218cf1:0"
Content-Type: image/gif
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 90
X-XSS-Protection: 1

GET
H/1.1 200
OK ecbarw.png
www.cartabcc.it/_layouts/15/images/ 131 B
546 B 40ms
34ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/_layouts/15/images/ecbarw.png?rev=23

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

29fb2a35c616c1546692d8d26167b6af206db3c95a970c7cc1d12d89e38ec035

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-MS-InvokeApp: 1; RequireReadOnly
X-Content-Type-Options: nosniff
Last-Modified: Tue, 21 Jan 2014 05:46:04 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
ETag: "0b684126c16cf1:0"
Content-Type: image/png
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 131
X-XSS-Protection: 1

GET
H/1.1 200
OK A1_Sito_CartaBCC_PremiaTiRev2.jpg
www.cartabcc.it/Lists/TopSlider/ 144 KB
145 KB 42ms
36ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Lists/TopSlider/A1_Sito_CartaBCC_PremiaTiRev2.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0ed8f1bb12a6fc3ca72807e31da80f9e883f09816b7459674301a168cf15e90d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-ebae-b098-3c3c-442af0560a18
Content-Length: 147401
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 01 Oct 2021 07:04:57 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ebae-b098-3c3c-442af0560a18
ETag: "{D8620B4C-C24E-45CD-B963-53F832551947},3pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK A1_Sito_CartaBCC_PSD2.jpg
www.cartabcc.it/Lists/TopSlider/ 99 KB
99 KB 44ms
37ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Lists/TopSlider/A1_Sito_CartaBCC_PSD2.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d1f1ce1c58a73639fdf1712d8f18afe7b201c666b3de4bcb995e1bc95b0c3124

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-ebae-b098-3c3c-4995a01e3b61
Content-Length: 101093
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 05 Feb 2021 09:10:39 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ebae-b098-3c3c-4995a01e3b61
ETag: "{C8CFA2AD-06D1-4DCD-9F00-F1EA41E82048},5pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK A1_Sito_CartaBCC_Co-Badgenocashback.jpg
www.cartabcc.it/Lists/TopSlider/ 141 KB
142 KB 45ms
38ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Lists/TopSlider/A1_Sito_CartaBCC_Co-Badgenocashback.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e2ee2027e3134d65c4701f15e3e2c0dd4695ad74455ce35c5c59c8938c7a046a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:38 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-ebae-b098-3c3c-4e0d50d11cb7
Content-Length: 144616
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 21 Jul 2021 11:00:34 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ebae-b098-3c3c-4e0d50d11cb7
ETag: "{E87D88D7-01A8-4159-85EA-FA8807B72B6E},6pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Ventis%20Card_2.svg
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%20140x140%20PRIVATI%20cerchio/icon%20vantaggi/ 2 KB
3 KB 114ms
50ms Image
image/svg+xml 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%20140x140%20PRIVATI%20cerchio/icon%20vantaggi/Ventis%20Card_2.svg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

725465141f582e4a1530401e4372f289e3ceadc3d9486d70a258a9e61d80691c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-dbb2-b098-3c3c-4d2b26ed6ab9
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:59908B21-B9E8-43A8-A3CB-D1F30332CD82@00000000058
Content-Disposition: attachment; filename="Ventis Card_2.svg"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 1990
X-XSS-Protection: 1
SPIisLatency: 1
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 8
Last-Modified: Tue, 28 Sep 2021 09:00:51 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-dbb2-b098-3c3c-4d2b26ed6ab9
ETag: "{59908B21-B9E8-43A8-A3CB-D1F30332CD82},58"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:39 GMT

GET
H/1.1 200
OK acquisto_facile.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/ 4 KB
4 KB 52ms
50ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/acquisto_facile.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

3319b642d9a9c2d3be976dd64e236792e1941e2ba84764cc15f8e24f946eb057

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-dbb3-b098-3c3c-44d0c57d8936
Content-Length: 3995
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 24 May 2017 12:48:17 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-dbb3-b098-3c3c-44d0c57d8936
ETag: "{9913FAFD-1F10-41FF-B9C8-AE2DF7EA2990},46pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK contactless.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/ 3 KB
3 KB 38ms
37ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/contactless.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

5d6530cc412e24cb8226231d03d1b6fd799e6efe62c273eb38da7e943d115ab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-dbb3-b098-3c3c-4d95f736614f
Content-Length: 2888
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 24 May 2017 12:50:37 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-dbb3-b098-3c3c-4d95f736614f
ETag: "{077EFCA4-D1F8-4981-AE6E-E0C646499631},20pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK addebito_posticipato.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/ 3 KB
3 KB 51ms
50ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/addebito_posticipato.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a6ca968cdd211c37a79a74d53c3222d6a49a10ebeccf7964fa590a642b0e76bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-dbb3-b098-3c3c-4253b2d286a4
Content-Length: 2900
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 24 May 2017 12:56:56 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-dbb3-b098-3c3c-4253b2d286a4
ETag: "{77FDABDD-7EBD-4B4B-B811-ED6FBF982757},16pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK se_la_usi_non_la_paghi.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/ 4 KB
4 KB 43ms
39ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/se_la_usi_non_la_paghi.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

70cb1295d004ab61a42f1aed2375d5a4f82094c3cd4e6de701ab46a6e06932d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-cbb4-b098-3c3c-49211a4ad31b
Content-Length: 3926
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 24 May 2017 12:58:08 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cbb4-b098-3c3c-49211a4ad31b
ETag: "{6CBF580E-9E5E-4563-91BD-C23F9F34BE9B},10pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK tecnologia_chip_pin.png
www.cartabcc.it/Style%20Library/img/icon%20sicurezza/ 4 KB
4 KB 41ms
39ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/icon%20sicurezza/tecnologia_chip_pin.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f3a64f1aa0764e55c6ae52bebd629957c6c1f389d138eb7e8c772d9c6c410fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-cbb4-b098-3c3c-4daf4af84a47
Content-Length: 3958
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 13:11:25 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cbb4-b098-3c3c-4daf4af84a47
ETag: "{6556C526-89FE-4EC8-A6B4-9A83A47C8F88},10pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK sms_alert.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/ 6 KB
7 KB 40ms
40ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/sms_alert.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

65e7768aeab15b4491a1bee61adf4cd77f7014984ac0bb404959af7acb86fa10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-cbb5-b098-3c3c-44ce084453da
Content-Length: 6279
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 19 Dec 2018 15:26:07 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cbb5-b098-3c3c-44ce084453da
ETag: "{B5F07CFD-9DA3-4C8D-A39E-10129A0239E1},15pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK acquisti_su_internet.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/ 4 KB
4 KB 32ms
32ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/acquisti_su_internet.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

14173b2fb370c55d9859a7e1bb87d0b16250f46e14696ac035c6d8fde22a8306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-cbb5-b098-3c3c-48877af419da
Content-Length: 3968
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 13:19:02 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-cbb5-b098-3c3c-48877af419da
ETag: "{07259C81-4F26-4722-9084-A3B246ADB34F},23pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK utilizzo_estero.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/ 4 KB
5 KB 37ms
35ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/utilizzo_estero.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

6e1359cf3dc38872322d3a9f39f76593dd7dea548416b92173d8ec75b59ce261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-bbb7-b098-3c3c-4f7d15102639
Content-Length: 4144
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 13:24:50 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-bbb7-b098-3c3c-4f7d15102639
ETag: "{811A2436-4A2F-4D12-9FD8-8A922077D940},11pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK app_mobile.png
www.cartabcc.it/Style%20Library/img/Icon%20Bianco%2060x60%20no%20cerchio/icon%20controllo/ 1 KB
2 KB 38ms
34ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20Bianco%2060x60%20no%20cerchio/icon%20controllo/app_mobile.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f9ddef4e3eb4f7ddb5397c52bdd0bed3e5aa3e489075913b590ecf422d2063f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-bbb7-b098-3c3c-4677789ce9d9
Content-Length: 1504
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 13:29:55 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-bbb7-b098-3c3c-4677789ce9d9
ETag: "{08C575A0-1B18-4034-A6BB-B40D92B1F8DD},28pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK assistenza_h24.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/ 3 KB
3 KB 39ms
34ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/assistenza_h24.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

2167d6069e570bbe78187cd7f9dfe60bc6483d17bb81974825b26a8af1beb3f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-bbb7-b098-3c3c-4dd9b2fec712
Content-Length: 2580
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 14:01:32 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-bbb7-b098-3c3c-4dd9b2fec712
ETag: "{00324DA4-BC9A-4E2A-B4E3-378AD2B5DD6F},12pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK movimenti_tempo_reale.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/ 3 KB
4 KB 39ms
35ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/movimenti_tempo_reale.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d9feb97bc5878582865e38229057d6259b69d5dc9efcd8043580368164eeca25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-bbb7-b098-3c3c-415a5ea325cc
Content-Length: 3183
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 14:03:27 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-bbb7-b098-3c3c-415a5ea325cc
ETag: "{21B67671-DCFB-48EC-A423-84C7177A1DC6},11pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK estratto_conto_online.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/ 3 KB
3 KB 36ms
34ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/estratto_conto_online.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1c7a6058854929580ce5206613f1676830507804c1d194b7de049d1809bed9b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-bbb8-b098-3c3c-4e92a9fdf897
Content-Length: 2799
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Fri, 26 May 2017 14:06:23 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-bbb8-b098-3c3c-4e92a9fdf897
ETag: "{2434EA26-DAA8-4F7C-8743-FB367BCEF789},9pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK ichtm.gif
www.cartabcc.it/_layouts/15/IMAGES/ 624 B
1 KB 34ms
33ms Image
image/gif 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/_layouts/15/IMAGES/ichtm.gif

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

39d8a7c6a401b46ed1ca1094cd0ace7c9e1356661e9c37d39848a8c2799afa94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-MS-InvokeApp: 1; RequireReadOnly
X-Content-Type-Options: nosniff
Last-Modified: Tue, 21 Jan 2014 05:44:42 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
ETag: "081a4e16b16cf1:0"
Content-Type: image/gif
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 624
X-XSS-Protection: 1

GET
H/1.1 200
OK classic_MC%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/ 126 KB
127 KB 37ms
37ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/classic_MC%20259x345.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

958431af002b443e91772376e40f97e48ad72064379a9b52ed166679e5f7ccf5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-abb9-b098-3c3c-42409442c5c0
Content-Length: 129497
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 26 Aug 2015 08:10:38 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-abb9-b098-3c3c-42409442c5c0
ETag: "{23025889-195C-4AEE-9280-A7ECFB0440D3},139pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK gold_MC%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/ 126 KB
127 KB 40ms
38ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/gold_MC%20259x345.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

44a9857df6a0e751a7c7a2fee5076c1a16575ccb524e53d26cdbb6da90b2310d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-abb9-b098-3c3c-484df9bc4c63
Content-Length: 129372
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 26 Aug 2015 08:10:38 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-abb9-b098-3c3c-484df9bc4c63
ETag: "{87AAF5E8-1494-4147-8FE8-812BEAC27BF8},88pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK debit-image.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/ 60 KB
61 KB 39ms
38ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/debit-image.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

75329a0036d550283e35ef260a99a40e4f0b3860128afb9a601f5d8aaf2a67da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-abb9-b098-3c3c-49e76ae66a5e
Content-Length: 61671
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 29 Sep 2021 09:53:37 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-abb9-b098-3c3c-49e76ae66a5e
ETag: "{BAC7AB6D-3C5F-4952-9696-D023F79B5E5B},5pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK gold_socio_MC%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/ 128 KB
128 KB 40ms
39ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/gold_socio_MC%20259x345.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

932cc94b7b1b4e13b29e88c8f909d29d12bb6eb3e2688885f462187985e5bb7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-abb9-b098-3c3c-47e78fa96a86
Content-Length: 130880
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 26 Aug 2015 08:10:38 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-abb9-b098-3c3c-47e78fa96a86
ETag: "{F344681C-204F-4577-9192-A05DA5687629},86pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK tasca%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/ 124 KB
125 KB 37ms
35ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/tasca%20259x345.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4286cef9f114568ff20fa78920a832a60158f94533713845730ac41a934d08a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-abba-b098-3c3c-4c50e4d46566
Content-Length: 127319
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 26 Aug 2015 08:10:38 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-abba-b098-3c3c-4c50e4d46566
ETag: "{1A23494B-B0A8-4445-963B-33C6C324D957},78pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK tasca_conto%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/ 115 KB
115 KB 34ms
31ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/tasca_conto%20259x345.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

90aecf63f7b3c11b09a5f941b1ae98a5450458111d7940359ea4eda181f079e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-abba-b098-3c3c-4b0b3bdf4eef
Content-Length: 117471
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 26 Aug 2015 08:10:38 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-abba-b098-3c3c-4b0b3bdf4eef
ETag: "{A8F17DD8-A4AE-4318-8ECA-3DC32EA41512},4pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK A2_Sito_cashback_1%20percent_doppia.jpg
www.cartabcc.it/news/PublishingImages/ 60 KB
61 KB 63ms
46ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/news/PublishingImages/A2_Sito_cashback_1%20percent_doppia.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1d2f16d480ffde58cf9d6ff4e57cf9c21ed2f5515cf2f1a74daefe5107e10985

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8bbe-b098-3c3c-47b3919556ce
Content-Length: 61448
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Mon, 15 Nov 2021 08:44:33 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8bbe-b098-3c3c-47b3919556ce
ETag: "{37BA1AD3-B9D6-436D-830F-F64F5FB79502},6pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK A2_Sito_CartaBCC_PremiaiRevGazzetta.jpg
www.cartabcc.it/news/PublishingImages/ 67 KB
67 KB 60ms
41ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/news/PublishingImages/A2_Sito_CartaBCC_PremiaiRevGazzetta.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

da59c9a6d87cd2e0ffbea8e893e16d3b87cbdd106313900bee85918a256f5c5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8bbe-b098-3c3c-4bed3695f53f
Content-Length: 68120
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 01 Sep 2021 09:22:38 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8bbe-b098-3c3c-4bed3695f53f
ETag: "{82254EC5-09AE-4372-AEA6-69B25B6C8CD4},5pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
25 KB 40ms
39ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: KIxVncS2zwCj/uxyyxZTcAvgMc+tP+I4gDZS99yM8Rab6yjihI8YgYjk9HtGHbeex1Nps+FyPG9sK9bFx1XIQA==
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457 Show response
5139589.fls.doubleclick.net/ Frame D394
Redirect Chain

https://5139589.fls.doubleclick.net/activityi;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457?
https://5139589.fls.doubleclick.net/activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457?

440 B
371 B

145ms
100ms

Document
text/html

216.58.212.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5139589.fls.doubleclick.net/activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457?

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f166.1e100.net

Software

cafe /

Resource Hash

a14806e7f167ecd80a0f6f15165914e923e068971cb7eb15ecc8ca8e16c3948a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 23 Nov 2021 01:05:39 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 346
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 23 Nov 2021 01:05:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5139589.fls.doubleclick.net/activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK DroidSerif-Italic.woff2
www.cartabcc.it/_catalogs/masterpage/fonts/ 20 KB
21 KB 60ms
46ms Font
application/octet-stream 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/DroidSerif-Italic.woff2

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

33a615b30f0b0648a299b0d7e7f57e6c5a1b52cfcc831b3572c1f6ff77c1e2b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-ebb0-b098-3c3c-46f0445e51f3
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:331FD9B6-F0C1-4F95-84E7-CC9B4E8E17C5@00000000010
Content-Disposition: attachment; filename="DroidSerif-Italic.woff2"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 20596
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 11
Last-Modified: Thu, 07 Jan 2016 09:22:42 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ebb0-b098-3c3c-46f0445e51f3
ETag: "{331FD9B6-F0C1-4F95-84E7-CC9B4E8E17C5},10"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:39 GMT

GET
H/1.1 200
OK Open_Sans_Bold_Italic.woff
www.cartabcc.it/_catalogs/masterpage/fonts/ 19 KB
20 KB 56ms
39ms Font
application/font-woff 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_catalogs/masterpage/fonts/Open_Sans_Bold_Italic.woff

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

470985029a73c80df15aaffe3cbed4b09c49801c381c82ce704595d7c0bbcc0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin: https://www.cartabcc.it
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
request-id: 08c805a0-ebb0-b098-3c3c-489ea58478bc
MicrosoftSharePointTeamServices: 15.0.0.4719
X-Powered-By: ASP.NET
X-SharePointHealthScore: 0
ResourceTag: rt:1E572F34-088A-4909-9203-45262ED941C6@00000000010
Content-Disposition: attachment; filename="Open_Sans_Bold_Italic.woff"
Public-Extension: http://schemas.microsoft.com/repl-2
Content-Length: 19604
X-XSS-Protection: 1
SPIisLatency: 0
X-MS-InvokeApp: 1; RequireReadOnly
SPRequestDuration: 6
Last-Modified: Thu, 07 Jan 2016 09:22:50 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-ebb0-b098-3c3c-489ea58478bc
ETag: "{1E572F34-088A-4909-9203-45262ED941C6},10"
X-Download-Options: noopen
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/font-woff
Cache-Control: private,max-age=0
Expires: Mon, 08 Nov 2021 01:05:39 GMT

GET
H/1.1 200
OK Classic_new_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 31 KB
31 KB 62ms
54ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Classic_new_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

29c1e4c54c76ab5712680e54c0b69efdb2db355d19e47826ad74e9971b6cbe42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8bbf-b098-3c3c-4362cd8db259
Content-Length: 31492
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:15 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8bbf-b098-3c3c-4362cd8db259
ETag: "{E790AC81-9808-412B-A97B-41CB04EC94EC},157pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Gold_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 30 KB
31 KB 50ms
42ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Gold_old_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fdb583e2bee22858e3b3e3e046daa26bda50f7e36786dd6f0996210d908a44d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8bbf-b098-3c3c-4d872c776baf
Content-Length: 31103
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:16 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8bbf-b098-3c3c-4d872c776baf
ETag: "{E42F7A81-3B65-44CD-A38D-2F314DCEBAA1},103pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK VentisCard_Menu.png
www.cartabcc.it/Style%20Library/img/ 4 KB
4 KB 66ms
59ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/VentisCard_Menu.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

fe5690c827f2403d06acb35ca7b67743ef538336ae621a1de88a2623b63b0a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-8bbf-b098-3c3c-490f851d223e
Content-Length: 3660
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 22 Nov 2017 13:27:34 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-8bbf-b098-3c3c-490f851d223e
ETag: "{580CC41D-3089-4C77-B120-50A8AE28AB2D},83pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK immagine-carta-per-sito-CartaBCC_145x91.png
www.cartabcc.it/Style%20Library/img/ 14 KB
14 KB 49ms
36ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/immagine-carta-per-sito-CartaBCC_145x91.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c9d8e86ad4888f92124a40bc827b81030f78603e845331440c79b9ffecc65c10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6bc4-b098-3c3c-47fa1fb5ea5b
Content-Length: 14007
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Mon, 11 Nov 2019 11:22:51 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6bc4-b098-3c3c-47fa1fb5ea5b
ETag: "{6FA35A8A-8413-422E-9B5F-E47876AA2F6B},31pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK CArtaBCC_Classic_VISA_145x91.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 23 KB
24 KB 45ms
37ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/CArtaBCC_Classic_VISA_145x91.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

4169d55735350781457e5ac29845c8296f3e5f8880268b7c35ace7781d9bf03b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6bc5-b098-3c3c-424711aa9f6a
Content-Length: 23948
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Mon, 03 Feb 2020 11:29:22 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6bc5-b098-3c3c-424711aa9f6a
ETag: "{DA35D9FE-A375-407E-98E0-4415CB2F6F9E},18pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK A62_Sito_CartaBCC_Co-Badge_Mastercard.jpg
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 38 KB
38 KB 42ms
34ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/A62_Sito_CartaBCC_Co-Badge_Mastercard.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

ee3609236eefa18dc2a4d57e0e4352626e646f3fc435e231432b5d7fbec53fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6bc5-b098-3c3c-4b799072a01f
Content-Length: 38496
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 27 Apr 2021 11:38:18 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6bc5-b098-3c3c-4b799072a01f
ETag: "{C7D0173A-95A9-42DE-A7B0-2C1C36EF7FBE},25pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK A62_Sito_CartaBCC_Co-Badge_Visa.jpg
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 18 KB
19 KB 41ms
35ms Image
image/jpeg 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/A62_Sito_CartaBCC_Co-Badge_Visa.jpg

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

798fcc311737a033dc548d9b1bccce0ebdf34a40ab1995d90301e39e01dc16d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6bc5-b098-3c3c-451d07c271cf
Content-Length: 18836
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 27 Apr 2021 11:38:21 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6bc5-b098-3c3c-451d07c271cf
ETag: "{3BDF04FE-0134-47DF-9E2E-98449DA951F3},17pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/jpeg
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Cash-Maestro_new_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 31 KB
31 KB 37ms
31ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Cash-Maestro_new_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

57230c28fa1f6b89132cc6b45879cb0d76dc06be76f5160f037b6243b76ee282

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6bc5-b098-3c3c-44ba0bf74948
Content-Length: 31239
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:15 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6bc5-b098-3c3c-44ba0bf74948
ETag: "{82476B90-12C1-4FD5-8F2F-08753C139373},93pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Cash_VPay_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 32 KB
32 KB 38ms
35ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Cash_VPay_old_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e0e6a5cf7ea3142bc39e8ac5a3df12c28968d395db15430b6473d4e1262175ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-6bc5-b098-3c3c-47bcfc27e33c
Content-Length: 32506
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:15 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-6bc5-b098-3c3c-47bcfc27e33c
ETag: "{062E14AC-F0BD-4ED8-AA9B-0CA30C08F9E0},79pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Ventis_Debit_Pink_145x91.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 7 KB
7 KB 35ms
34ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Ventis_Debit_Pink_145x91.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

a4fa05f8818635de315841a7d5efc17424ac4fa7aa796195f3cb83b09ec81dcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-5bc7-b098-3c3c-4ca3e94edfec
Content-Length: 6856
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Thu, 19 Sep 2019 09:26:30 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-5bc7-b098-3c3c-4ca3e94edfec
ETag: "{21DA6CD5-DA3A-4EC6-BB4F-F4433B6E9DA9},32pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Ventis_Debit_VISA_145x91.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 7 KB
7 KB 55ms
53ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Ventis_Debit_VISA_145x91.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d49379cc8f2f7ce47695fbc18e2d992ad79b2c414b3e29fef8b39ec1165f30aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-5bc8-b098-3c3c-4552ca7ba55e
Content-Length: 6923
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Thu, 01 Aug 2019 08:53:47 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-5bc8-b098-3c3c-4552ca7ba55e
ETag: "{A8A1B498-234B-4F9B-BE50-A5475B6926C8},36pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Tasca_new_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 30 KB
31 KB 56ms
53ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Tasca_new_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0975f6be2bbe94c6dcd7aa7546c758afa362b98968207acd4db1f7b57fa9ae21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-5bc8-b098-3c3c-4d3f2c70bf53
Content-Length: 31105
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:16 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-5bc8-b098-3c3c-4d3f2c70bf53
ETag: "{8AAE3F6A-E1AA-4C74-95C9-E8EF5BB6472D},95pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK TascaConto_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 27 KB
28 KB 33ms
30ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/TascaConto_old_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

ecfd2e614ba18324cac553450522e0644b616963a123eb310c7cf2011a2d2efd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-5bc8-b098-3c3c-4c627c8f4dc2
Content-Length: 28121
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:16 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-5bc8-b098-3c3c-4c627c8f4dc2
ETag: "{5C8F91F1-9B62-4A53-95A1-FA87FBECB659},97pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK impresa%2080x49.png
www.cartabcc.it/PublishingImages/ 8 KB
8 KB 54ms
53ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/PublishingImages/impresa%2080x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e7928d115bbeade4591d6525789a360c001c03098286dec2bcdf64272897146d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-5bc8-b098-3c3c-404d069304eb
Content-Length: 7806
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Wed, 26 Feb 2020 08:32:56 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-5bc8-b098-3c3c-404d069304eb
ETag: "{4B749EB5-DE98-4F87-83C1-33980B949DDB},20pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK Corporate_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 32 KB
32 KB 54ms
54ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Corporate_old_80x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

df0d34a8dfd2be2c60889e634b5fdad3d1bad855881735b33c671e84e4f1e182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-5bc8-b098-3c3c-43ed7c74bce5
Content-Length: 32617
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 08 Nov 2016 16:04:16 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-5bc8-b098-3c3c-43ed7c74bce5
ETag: "{A07C3360-866D-456E-A5F9-77621A7FD0E1},68pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK tasca_business%2080x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/ 8 KB
8 KB 34ms
33ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/tasca_business%2080x49.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7bdf22ffb529e43c1d080e28259c013b75e377c229b740c123c6849af49e8f66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4bc9-b098-3c3c-4bca7e5b4ec7
Content-Length: 7827
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Tue, 29 Jan 2019 15:53:10 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4bc9-b098-3c3c-4bca7e5b4ec7
ETag: "{D90CA99F-3D61-4F34-8A59-F2EEB5DD30BA},29pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK CartaBCCPOS_527X347.png
www.cartabcc.it/Style%20Library/img/New%20design%20527x347%20carta%20scheda%20prodotto/ 9 KB
9 KB 55ms
54ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/New%20design%20527x347%20carta%20scheda%20prodotto/CartaBCCPOS_527X347.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

f98b9217f41d70643fbe413ec1d526ebd8524cec86f38e16f5bdaea6d281f40b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-4bcb-b098-3c3c-4468cd7f853c
Content-Length: 9083
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Sun, 13 Sep 2015 16:12:32 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-4bcb-b098-3c3c-4468cd7f853c
ETag: "{79930E92-CD04-4E6F-A156-B16A50721DBD},24pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H/1.1 200
OK close.png
www.cartabcc.it/Style%20Library/img/ 1 KB
2 KB 67ms
66ms Image
image/png 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/Style%20Library/img/close.png

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

24eb071c600fe4a3ba31ac2c4f33c34eac3b3780ac8c8f5924bcf00d66acfa73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
X-Content-Type-Options: nosniff
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Cache-Control: public, max-age=86400
request-id: 08c805a0-3bcc-b098-3c3c-4fd89f9b53e8
Content-Length: 1065
X-XSS-Protection: 1
X-MS-InvokeApp: 1; RequireReadOnly
Last-Modified: Thu, 07 Jan 2016 09:18:44 GMT
Server: Microsoft-IIS/8.5
SPRequestGuid: 08c805a0-3bcc-b098-3c3c-4fd89f9b53e8
ETag: "{C4DF2AC6-05F6-4E92-AA6B-11F0A4F530A5},1pub"
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: image/png
MicrosoftSharePointTeamServices: 15.0.0.4719
Accept-Ranges: bytes

GET
H3 200 feed Show response
graph.facebook.com/1465771113712398/ 427 B
308 B 197ms
153ms XHR
application/json 2a03:2880:f01c:20e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/1465771113712398/feed?access_token=1416719458657646%7C4BjfR6SqK8tUOififgHtmAvKcU8&limit=2&method=get&pretty=0&sdk=joey&suppress_http_code=1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=36bf60109ba1fbd22d837dd4fc1dec16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:20e:face:b00c:0:2 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8ee9355148dfcccd985f18bc117ed348188283a4e0107d75d14725015b11464b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.cartabcc.it/
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#10) This endpoint requires the 'manage_pages' or 'pages_read_user_content' permission or the 'Page Public Content Access' feature. Refer to https://developers.facebook.com/docs/apps/review/login-permissions#manage-pages and https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS for details."
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
cross-origin-resource-policy: cross-origin
x-fb-rev: 1004766965
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 268
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: 5+9b826gcYoDgvcgPTGzELZoWyU7SYMymE+Fze9MuhtkQjPOqy/mjUz3m+nRPx4vwc7T4w1Q0q5E3NfwYQpvng==
x-fb-trace-id: FiNXITX6gjR
date: Tue, 23 Nov 2021 01:05:39 GMT
vary: Origin, Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AxT2igmfHVkTYXXXUxJWOug
cache-control: no-store
facebook-api-version: v5.0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame EDBC 11 KB
5 KB 639ms
36ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.cartabcc.it&origin=onetag

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

44fdd1eb3c024fe9fb4faeb815b2367ace182437a87eb25a75d7802d0f3c88c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2088
date: Tue, 23 Nov 2021 01:05:39 GMT
content-length: 4685

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 101ms
100ms Fetch
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=120834568001752&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=36bf60109ba1fbd22d837dd4fc1dec16

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: CYfYPwCWBfNZmXOUM2F6qgxNCjYewGkvsiw3I/2ISqFU4gQ44Jd0TkOd+7Yy4xioha1qcdZgWxdV5oSjn01M7g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Tue, 23 Nov 2021 01:05:39 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.cartabcc.it
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

/ Show response
track.adform.net/Serving/TrackPoint/
Redirect Chain

https://s2.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdef...
https://track.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2F...
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagi...

104 B
585 B

38ms
37ms

Script
text/javascript

37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Server

37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1ee9d84d2672ca8a499d2218ffe73d5d9ce86c69861864a22fc3afc3c462d2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:39 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 179
expires: -1

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:39 GMT
server: nginx
location: https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=447696809272&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: text/html; charset=utf-8
expires: -1

GET
H/1.1 200
OK dragdrop.js Show response
www.cartabcc.it/_layouts/15/ 83 KB
21 KB 38ms
35ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/dragdrop.js?rev=LqsILQdmX9MDOiy%2BCmfRCw%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

1b3d01cebe00670eeed492b5e4edec8d4c7056cce5b597a6c8c94f0c1f9119bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14 Sep 2021 16:19:42 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 21101
ETag: "0e3c25284a9d71:0"

GET
H3 200 185490025453730 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 81ms
80ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/185490025453730?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

65d9f134351cfb463a24469e3767a725acb365c1140c683b72716f4a8c29a0d0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: NvudDzEnQLfJCZqqUz1BOhTuLJo0Y+3qV8YmGhAghb82leV7YoyCp7eaOJFXXs4AURd8gcvBQZGuJS/KXwURzw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:39 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK mquery.js Show response
www.cartabcc.it/_layouts/15/ 22 KB
6 KB 44ms
43ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/mquery.js?rev=VYAJYBo5H8I3gVSL3MzD6A%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

b8fbf8d23cb7158e74924a38361e3ba96a4044e57677d3dbf2d45fa93e4cb2de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jan 2014 06:06:06 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 5873
ETag: "0dbca33118cf1:0"

GET
H/1.1 200
OK core.js Show response
www.cartabcc.it/_layouts/15/ 324 KB
84 KB 32ms
32ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/core.js?rev=BoOTONqXW5dYCwvqGhdhCw%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e5c750ac2f038732ddd1eed5cd3c58b3ee2b0fb3a207fb55525783d412c8a160

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:39 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Mar 2020 07:46:24 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 85119
ETag: "08a826e70d61:0"

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/ Frame 4AE7 439 B
814 B 146ms
67ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/

Requested by

Host: 5139589.fls.doubleclick.net
URL: https://5139589.fls.doubleclick.net/activityi;dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd8ff4240810eb6c9f8683f11648ea572bd083d8aad0e6bcc5b7e3521f31f788

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://5139589.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 23 Nov 2021 01:05:40 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK oslo.css
www.cartabcc.it/_layouts/15/1040/styles/Themable/ 64 KB
64 KB 32ms
32ms Image
text/css 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Mar 2020 20:35:18 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 46672
ETag: "08713bb1b2d61:0"

GET
H/1.1 200
OK sharing.js Show response
www.cartabcc.it/_layouts/15/ 26 KB
8 KB 37ms
36ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/sharing.js?rev=XxxHIxIIc8BsW9ikVc6dgA%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

bc079e5a4e58c7446ded814230e4733efdae98cfbfde22445fdb72b723624f86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 28 Apr 2015 19:19:20 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 7645
ETag: "0ecb3ae881d01:0"

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 61ms
28ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=185490025453730&ev=PageView&dl=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&rl=&if=false&ts=1637629540256&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637629540254.903420106&it=1637629539795&coo=false&rqm=GET

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Tue, 23 Nov 2021 01:05:40 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame EDBC
Redirect Chain

https://gum.criteo.com/sid/json?origin=onetag&domain=cartabcc.it&sn=ChromeSyncframe&so=0&topUrl=www.cartabcc.it&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=QK6aF3w5WlFaTSs3N0l2bWMxWlhLNzB5WnJtQWp1Z3Nsak5lTjhnQmpxTzN4UHVQaEFkQVoydUxNbEp0aThmWUYvcUExeFZHeTJIKzVqamFHUjFSMk85L25iSWdVaWxJSnF0Ym9jUjQ0bXBzQXJ2NFZnbldiQ2VCT3htSV...

425 B
618 B

128ms
36ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=QK6aF3w5WlFaTSs3N0l2bWMxWlhLNzB5WnJtQWp1Z3Nsak5lTjhnQmpxTzN4UHVQaEFkQVoydUxNbEp0aThmWUYvcUExeFZHeTJIKzVqamFHUjFSMk85L25iSWdVaWxJSnF0Ym9jUjQ0bXBzQXJ2NFZnbldiQ2VCT3htSVpURHdqK1JBK3RleFYwUjRoeU9KZWY4TjlHSVRDR0ZieWdZSzZXa1JtVHlMeHhaS0ZEd3JBV3VRcitwcnNpVXoxVG0xeXFsamF1NDFpQVdWODdvKytHcWphY3NoWHowSzZoNEVPTVNuRlpvdGhQemtybU1XRXpGSWdDZlQ3M21JRERMdHRoNHR4cFM0Z0t0REVvcS9kSVQyaE9hQW0yUT09fA&cppv=2

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

917486d8cd48bb66c433f0a917be267eda9c79db033f45f13bdf9ce9b89306af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Tue, 23 Nov 2021 01:05:40 GMT
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3656
expires: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=31536000
date: Tue, 23 Nov 2021 01:05:39 GMT
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=QK6aF3w5WlFaTSs3N0l2bWMxWlhLNzB5WnJtQWp1Z3Nsak5lTjhnQmpxTzN4UHVQaEFkQVoydUxNbEp0aThmWUYvcUExeFZHeTJIKzVqamFHUjFSMk85L25iSWdVaWxJSnF0Ym9jUjQ0bXBzQXJ2NFZnbldiQ2VCT3htSVpURHdqK1JBK3RleFYwUjRoeU9KZWY4TjlHSVRDR0ZieWdZSzZXa1JtVHlMeHhaS0ZEd3JBV3VRcitwcnNpVXoxVG0xeXFsamF1NDFpQVdWODdvKytHcWphY3NoWHowSzZoNEVPTVNuRlpvdGhQemtybU1XRXpGSWdDZlQ3M21JRERMdHRoNHR4cFM0Z0t0REVvcS9kSVQyaE9hQW0yUT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2963
content-length: 541
expires: 0

GET
H/1.1 200
OK callout.js Show response
www.cartabcc.it/_layouts/15/ 26 KB
8 KB 35ms
35ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/callout.js?rev=ryx2n4ePkYj1%2FALmcsXZfA%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

39e8386b4e8a4a0ba1de3031f050265df97f635c9d30990212970a79b14d5726

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jan 2014 06:06:04 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 7628
ETag: "0ae9932118cf1:0"

GET
H2 200 / Show response
adservice.google.it/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/ Frame F563 194 B
870 B 528ms
66ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.it/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CK_l2belrfQCFRiR3godHLECfg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4473695282979.457;~oref=https://www.cartabcc.it/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 23 Nov 2021 01:05:40 GMT
expires: Tue, 23 Nov 2021 01:05:40 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 event Show response
sslwidget.criteo.com/ 7 KB
7 KB 425ms
50ms Script
application/x-javascript 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://sslwidget.criteo.com/event?a=33332&v=5.8.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dce%26m%3D%255B%255D&p2=e%3Dvh&p3=e%3Dvh&p4=e%3Ddis&adce=1&bundle=Q63Idl9wQlFQTkloWCUyRnY5YTgwNWljbVJlTGlEalNDNkxFTFdYbnZOUHdLY2ZEb1FhS2RNWW8zQjlINE5wUmRoOFBDZmNTNXpBYXNrY3hYdlByNGk1N2tJN0FOeiUyQnI4SnRHM3dyOTJpNjROeHNpTWtZaTBsUjR5WHBibWZWNUlXdk8wdFVHSzA5S3BHJTJCd1lqU2FQOWdlVW9MU2clM0QlM0Q&tld=cartabcc.it&dtycbr=57248
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: dc7fb8685ab2e788b47429efe2dca0cdce4dd22e6785aed3ae9d2d67b2d049db

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:40 GMT
content-type: application/x-javascript
server: Kestrel
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 14782265
timing-allow-origin: *
expires: 0

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 28ms
28ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=185490025453730&ev=Microdata&dl=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&rl=&if=false&ts=1637629540759&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5CtCartaBCC%5Cn%22%2C%22meta%3Adescription%22%3A%22CartaBCChp%22%2C%22meta%3Akeywords%22%3A%22CartaBCChp%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22Carta%20BCC%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx%22%2C%22og%3Atitle%22%3A%22CartaBCC%20Home%20Page%22%2C%22og%3Adescription%22%3A%22La%20home%20page%20del%20Portale%20Carta%20BCC%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.cartabcc.it%2FPublishingImages%2FOpenGraph%2FHome.PNG%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637629540254.903420106&it=1637629539795&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:40 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Tue, 23 Nov 2021 01:05:40 GMT

GET
H/1.1 200
OK ScriptResx.ashx Show response
www.cartabcc.it/_layouts/15/ 39 KB
14 KB 37ms
37ms Script
application/x-javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/ScriptResx.ashx?culture=it%2Dit&name=SP%2ERes&rev=rYx7WNBtgVDnLE3%2FC3khRg%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

3223ccaa46f2320f7d698bc38b969c5baf6e33d4dc2f291bf770bdb24e7b34d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 15 Sep 2021 03:11:00 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: public, max-age=31536000
Content-Length: 14084
X-XSS-Protection: 1
MicrosoftSharePointTeamServices: 15.0.0.4719

GET
H/1.1 200
OK sp.init.js Show response
www.cartabcc.it/_layouts/15/ 31 KB
9 KB 34ms
34ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/sp.init.js?rev=jvJC3Kl5gbORaLtf7kxULQ%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c38f09f7cbd22ed93585150ca71f950737ffc04b4edef1494fafb79019fa267d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 28 Apr 2015 19:19:20 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 8385
ETag: "0ecb3ae881d01:0"

GET
H3 200 share_button.php Show response
www.facebook.com/plugins/ Frame C00D 41 KB
13 KB 91ms
91ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=36bf60109ba1fbd22d837dd4fc1dec16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d0955baca871dc75343508e3e271ec07200bc1279915dd5de70c36a2f6a4be4b

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: pCOCTn0Y0SDAZ8onfMF+g1DpNeKjCd5jkqDzPLYyriJfagKz6kHsnLrAyLtOqAG4gYs5WiqoDDs64si0HDgoHg==
date: Tue, 23 Nov 2021 01:05:40 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i

GET
H3 200 like.php Show response
www.facebook.com/plugins/ Frame 141A 34 KB
13 KB 91ms
87ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=36bf60109ba1fbd22d837dd4fc1dec16

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

28803c0e402da23c79a1320b346848fba39682475099ec4503ccf70d6267d8a3

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: BITdLKcJYbVeh92BxDYnlEA3AFFTGhFmmqNvUsRR9LMGeIcCFvd+olfhx+k4L+kJ0ukxU23YxFPA8gJM6+bvcA==
date: Tue, 23 Nov 2021 01:05:40 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame DC41
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1ES2tlRFpxOFBhWW0xSmpHWFZCRmtDbjUzZ2QzY05xWXFpYzBuQQ
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0

43 B
341 B

89ms
35ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Protocol: H2
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:40 GMT
content-type: image/gif
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 242756
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 279
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK cookie-sync
sync.outbrain.com/ Frame DC41 0
476 B 976ms
107ms Image
text/plain 70.42.32.95
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-mh93rZq8PaYm1JjGXVBFkCn53gc-M7Eivpy0Tg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:41 GMT
Cache-Control: no-cache
X-TraceId: 2c1d96f3bdce53d0eaa3ff6c406eff4f
Content-Length: 0

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame DC41 0
239 B 1008ms
114ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-Qhcyk5q8PaYm1JjGXVBFkCn53gdtH6gMaORI8A&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 0228ab361cece0438ff9eb16e4e5890e
Content-Type: image/gif

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame DC41 43 B
163 B 169ms
45ms Image
image/gif 185.86.137.110
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-f79Ka5q8PaYm1JjGXVBFkCn53gfxHuWJi_aY3w
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:40 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/ Frame DC41
Redirect Chain

https://secure.adnxs.com/setuid?entity=52&code=k-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A&seg=130915
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A%26seg%3D130915

43 B
1 KB

73ms
27ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A%26seg%3D130915

Protocol

HTTP/1.1

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 01:05:41 GMT
X-Proxy-Origin: 82.102.26.70; 82.102.26.70; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 4a7425a6-6495-4f44-83f7-4d9930b7b7d1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 01:05:41 GMT
X-Proxy-Origin: 82.102.26.70; 82.102.26.70; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 98d190cb-4be0-47a9-970b-68ca0bd635b8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A%26seg%3D130915
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 c.gif
c.bing.com/ Frame DC41 42 B
595 B 106ms
50ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?Red3=CTOMS_pd&cbid=k-cu5brJq8PaYm1JjGXVBFkCn53gdpfs6JL-fg-A
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:40 GMT
etag: "f95a3e4769d2d71:0"
last-modified: Fri, 05 Nov 2021 17:19:23 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A5C9D716CBB54FAAAA65A11990E913E7 Ref B: MIL30EDGE1014 Ref C: 2021-11-23T01:05:40Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H2 204 v1
ads.yahoo.com/cms/ Frame DC41 0
446 B 121ms
23ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58301/ Frame DC41
Redirect Chain

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-DINf5Jq8PaYm1JjGXVBFkCn53gfgET8YX9dYUA
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-DINf5Jq8PaYm1JjGXVBFkCn53gfgET8YX9dYUA&verify=true

0
122 B

82ms
30ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-DINf5Jq8PaYm1JjGXVBFkCn53gfgET8YX9dYUA&verify=true

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-DINf5Jq8PaYm1JjGXVBFkCn53gfgET8YX9dYUA&verify=true
date: Tue, 23 Nov 2021 01:05:41 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 Pug
simage2.pubmatic.com/AdServer/ Frame DC41 42 B
340 B 135ms
19ms Image
image/gif 185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI0NTMmdGw9NDMyMDA=&piggybackCookie=uid:k-F9iVZZq8PaYm1JjGXVBFkCn53gcf4mNTOVphMA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:40 GMT
cache-control: no-store, no-cache, private
x-lat: amspug011:0:359
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1

200
OK

rum
r.casalemedia.com/ Frame DC41
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA&C=1

43 B
1 KB

99ms
58ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA&C=1
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 01:05:41 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 23 Nov 2021 01:05:41 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 01:05:41 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 296
Expires: Tue, 23 Nov 2021 01:05:41 GMT

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame DC41 0
231 B 676ms
35ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-4PFou5q8PaYm1JjGXVBFkCn53geSWwSJFsS9Yw
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 18969

GET
H2 200 pixel
cm.adform.net/ Frame DC41 43 B
162 B 673ms
37ms Image
image/gif 37.157.5.142
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-0Yabx5q8PaYm1JjGXVBFkCn53gdnZY5nqazjVg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
last-modified: Mon, 04 Oct 2021 14:04:49 GMT
server: nginx
accept-ranges: bytes
etag: "615b0a01-2b"
content-length: 43
content-type: image/gif

GET
H2 200 um
criteo-sync.teads.tv/ Frame DC41 23 B
172 B 676ms
50ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-LbZcPJq8PaYm1JjGXVBFkCn53gcCNWvjqJUptg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.6 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 23 Nov 2021 01:05:41 GMT
server: akka-http/10.2.6
content-length: 23
content-type: image/gif

GET
H2

200

xuid
eb2.3lift.com/ Frame DC41
Redirect Chain

https://eb2.3lift.com/xuid?mid=2711&xuid=k-4pnsc5q8PaYm1JjGXVBFkCn53gdl-Nd-vinzng&dongle=013b
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-4pnsc5q8PaYm1JjGXVBFkCn53gdl-Nd-vinzng&dongle=013b&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

73ms
42ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-4pnsc5q8PaYm1JjGXVBFkCn53gdl-Nd-vinzng&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=2711&xuid=k-4pnsc5q8PaYm1JjGXVBFkCn53gdl-Nd-vinzng&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date: Tue, 23 Nov 2021 01:05:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/ Frame DC41
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=46&user_id=k-vsZXCpq8PaYm1JjGXVBFkCn53gdSns2Boq_EPw&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-vsZXCpq8PaYm1JjGXVBFkCn53gdSns2Boq_EPw&expires=30

43 B
495 B

43ms
41ms

Image
image/gif

18.185.209.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-vsZXCpq8PaYm1JjGXVBFkCn53gdSns2Boq_EPw&expires=30
Protocol: HTTP/1.1
Server: 18.185.209.98 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-209-98.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:41 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-vsZXCpq8PaYm1JjGXVBFkCn53gdSns2Boq_EPw&expires=30
Date: Tue, 23 Nov 2021 01:05:41 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 cksync.php
contextual.media.net/ Frame DC41 45 B
784 B 512ms
56ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-vp10xJq8PaYm1JjGXVBFkCn53gehRWTz1vGStA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Tue, 23 Nov 2021 01:05:41 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 23 Nov 2021 01:05:41 GMT

GET
H2 200 v1
match.sharethrough.com/sync/ Frame DC41 68 B
263 B 477ms
26ms Image
image/png 54.93.151.69
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-It3-8Zq8PaYm1JjGXVBFkCn53gfGUXgp8q2hFg
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.151.69 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-151-69.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
content-length: 68
content-type: image/png

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame DC41 49 B
235 B 467ms
32ms Image
image/gif 185.255.84.152
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-bN0Gtpq8PaYm1JjGXVBFkCn53gfZxrkoaTb-Vw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.152 Paris, France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 0
content-length: 49
expires: 0

GET
H/1.1

200
OK

empty.gif
cdn.stickyadstv.com/one-shot/ Frame DC41
Redirect Chain

https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-1ymhiZq8PaYm1JjGXVBFkCn53geyCGFLsoAPfg&redirectId=69
https://cdn.stickyadstv.com/one-shot/empty.gif?

43 B
462 B

289ms
166ms

Image
image/gif

2001:4de0:ac19::1:b:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.stickyadstv.com/one-shot/empty.gif?
Protocol: HTTP/1.1
Server: 2001:4de0:ac19::1:b:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:42 GMT
Last-Modified: Thu, 28 Feb 2013 15:45:35 GMT
ETag: "1362066335"
X-HW: 1637629541.dop018.ml1.t,1637629542.cds211.ml1.shn,1637629542.dop018.ml1.t,1637629542.cds215.ml1.c
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=7200
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 43

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 01:05:41 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://cdn.stickyadstv.com/one-shot/empty.gif?
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1637629541612037-503
Expires: Tue, 23 Nov 2021 01:05:41 GMT

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55945/ Frame DC41
Redirect Chain

https://pixel.advertising.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1
https://pixel.advertising.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1&verify=true
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda

0
343 B

31ms
30ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-2E7kRJq8PaYm1JjGXVBFkCn53gcNATkt_dPBAQ&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda
date: Tue, 23 Nov 2021 01:05:41 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 sync
matching.ivitrack.com/ Frame DC41 42 B
242 B 110ms
35ms Image
image/gif 35.186.243.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-MYCAIJq8PaYm1JjGXVBFkCn53gc2mPbi25_nXA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.243.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.243.186.35.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
via: 1.1 google
x-envoy-decorator-operation: tag-manager.programmatic.svc.cluster.local:3000/*
server: istio-envoy
content-type: image/gif
cache-control: public, max-age=86400
x-envoy-upstream-service-time: 0
alt-svc: clear
content-length: 42

GET
H2 200 m
cm.mgid.com/ Frame DC41 43 B
812 B 147ms
76ms Image
image/gif 104.19.133.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.mgid.com/m?cdsp=617660&c=k-NYQcNpq8PaYm1JjGXVBFkCn53gcKYlUBA59MsQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.133.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cf-ray: 6b267d9c4e733751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame DC41 43 B
716 B 208ms
55ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10001287818027&.yp=438726

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Tue, 23 Nov 2021 01:05:41 GMT

GET
H2 200 sync
sync-criteo.ads.yieldmo.com/ Frame DC41 43 B
457 B 395ms
117ms Image
image/gif 34.200.184.86
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-OOQcIJq8PaYm1JjGXVBFkCn53gfAwNgjRsRklw&pn_id=criteo&ext=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.184.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-184-86.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 23 Nov 2021 01:05:42 GMT
content-type: image/gif
content-length: 43
access-control-allow-methods: GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H2 204 /
s.ad.smaato.net/c/ Frame DC41 0
239 B 119ms
26ms Image
text/plain 2600:9000:223f:f800:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-H24NxZq8PaYm1JjGXVBFkCn53gfcXCKmw-BlzQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:f800:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
via: 1.1 342054511f9732c450e11bade76323dd.cloudfront.net (CloudFront)
server: CloudFront
cache-control: no-cache, must-revalidate
x-amz-cf-pop: FRA56-P5
x-amz-cf-id: oeIp4soaxMuP-VDHb2dNocu_tXkZmdsVsFDgHjUZx4kpNKgRIooWSA==
x-cache: FunctionGeneratedResponse from cloudfront

GET
H/1.1

200
OK

28292
i6.liadm.com/s/ Frame DC41
Redirect Chain

https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w
https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w&_li_chk=true&previous_uuid=7a41e4b6cd484880a54f39c0355e0f64
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w

43 B
447 B

363ms
115ms

Image
image/gif

2600:1f18:444a:4602:b51a:2bef:14:5241
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w

Protocol

HTTP/1.1

Server

2600:1f18:444a:4602:b51a:2bef:14:5241 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:42 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 5144c0c1fcedb9e1
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-pdsx7pq8PaYm1JjGXVBFkCn53gc576BlTh8O4w
Date: Tue, 23 Nov 2021 01:05:41 GMT
Connection: keep-alive
trace-id: b848cfe5387fd112
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1 200
OK sp.ui.dialog.js Show response
www.cartabcc.it/_layouts/15/ 39 KB
10 KB 40ms
38ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/sp.ui.dialog.js?rev=3Oh2QbaaiXSb7ldu2zd6QQ%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

75c601b64fef79cd7e2992c5f1715697e533e4d46737aef3f2e2980b34c19504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14 Jul 2015 11:00:22 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 9454
ETag: "0676a4724bed01:0"

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 77ms
76ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: n5mLzNZOrB2nE5OqcGwEgdhloB8KDEiu2odhkO7e+stlYa6glRFu8rpCLjqzX/8KI6S/uIBnysIi2VQ/jh/hmg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 88ms
86ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ILemouwhrJYvAqItswplYxBxkErAaqj4kE9v2fYM3ASSKgzirnvodaC2MLp5mh1uc+lKRJIAQ8jd7QcJ37EkEg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 87ms
83ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: nPjWVkJd2za6aDSGzcVfTDvOXbX4c1nMRN2f2by0jc/xlXiXme84nKTfZARWFZiIxEf54kGaaNRqx8hOaNUKeQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 88ms
81ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Q4jjVdjH4E+iPFo898ykW1UjlrZdrJv1yWdUCAVb8WlEap9LtXp4Ua7QdbvCqdZvVDpH8XgKwTNFCUs4eJd/kQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 89ms
82ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 6OlLkjQj6I4KO6bPdSNAxcelVEyQpiYbqTNAdjK6U9d6flMVyxrMhfImtkXMY8AD69mC4kuXN8lhrq/FNwLIhg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 94ms
89ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: E/h0ej73Tu7ZxHhKp/BJDMaHmedp/zZnPmTn68HABS684Z5sjw59WFKLHoOha5YfZ88Y3eltoaA0IkVwPzVOsQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 84ms
78ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: kYxX2TB7pknjN0PqGpwtAJ7+XfbEzQbmYAjSPJtGRtE0OS7mlBJIEVZNSQr1R7Cr5Mnu1e6UxpsZJBvCjznwKA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 91ms
89ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: tdFNdzeTku82NIZx0IAqeTLHcGkffJVsI4thzEYMMmnxBjwMqMprF1AyJjEamtG8KrVjXRuUUSFi8+e+aFkEqw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 89ms
87ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ETOu3rJ60EhdREO8HRPmYgIkDNCBPkwwqWl0VD/nEKijatJo1v1o+EWk7KMFI+Bzy8m7YsTqo0veMLL9WAfMkQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 93ms
92ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: cX+YkN0HNtGKOJ9NxpjIMEiDsCb+21+yEPna0ud2oAmQ7UnBWJUhnVyCQ9oCQnaN11H+AymRCsFqE02YSjIgfA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 99ms
94ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 7QU0c3WCK3ZdFPDKfai3Jv6pTDpyz/YHbwMWFY2KoKuxfc7TaY/8SUbp72nw07cpaBHGG4gLwBMxXxZGCi7i5Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 116ms
104ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: vv8+XfuJR+Zer5EqY86GEVXI/uRQ6Ei9bZ8Hv02jkNB046qXLUDkzVyL//1C72ifUG/+f8V8iIugNL9fYgnR1w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 110ms
105ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: mF/uzDZyl3pACJ6yUKQjp8fdvzSj+7PRtA6xBsjIUCu6OVrqDIZI/TlSWp0CMbrEe9ilyB/QCMthAB1t0Nm0MA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 103ms
101ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: /NHTtPWackv+v/DmY+eWv12tn7OLy3m58NRm4fb6tmCBZcSOr+RxN267wtw4ULV0rIt5Q5UeNfdHciF2lZl4Fg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 110ms
107ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: DQ+iObD/AXo+Iexh9MZ15Q6YDM55WJAoyPEhUDaWPP96Fi4UCpm6S8F3Bb+kBZeG7qfIxdfXhbMWyC0Hnp+lRw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 111ms
109ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: iVRq3eVJtLORin599fGgBMpi5nNNGytdmo9LSuA8nOb80F+dsL0RkwB39b/dWQd8S1Z6D96ysw4aYNrj+UnB+g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 105ms
103ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: RD2S6hBznITjgs7LhGwOlusLRaucUDCWiFqEilD2EnUZzrl70VmneO84o0THbePKJNOQNWuDtryB3wVTkNLCbw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 107ms
103ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: tMWWUtnB98/KlEwp1ns+5BNrWPDs+IcbgYvlE2Ld6yCI3TzLF7tiRHgY5sqxiKmTGylbqxP61haX6FHFjRy+bw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 112ms
108ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: fD5bWSSRkWQJ78rUkxk3jEp/IUReNFwt0GBdeQUScKtOerfPtdxUWmleV9ekeb+F7PHz1nHhjO1qxuvs1AMVsQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 107ms
104ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: h3r3BaafwUSLMWXcMjUDjRL4CFAcDbQ77Ri3zzcXrF7JwiM5Xh5UyiZa9SOGrZeX0PaLNkDJWa+SA8loHVO2NQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame C00D 0
30 B 70ms
67ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: g68OQINPTvOnMEbRTNDvSjUYrdgMvQBLZOF8TQpjx9+FKqHgxiFfVP7rZRI8C5aoI9obUoOyAKHlhfymxpJdAw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 107ms
105ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: I7XDHQJPt5COH1RIPSPMsIKhR9233qUj4zci2DWLuGoaTAWM0JMx1TApsZ7rdFziKzFY6gFYV2dKTFRkCK0AkQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 107ms
106ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: i/FZzDH44yo+YBe0wWuo6zHy4UdWpXGZsoolsYMCeyLCE2xRM9anIwfWTSMdLdB8pwQfTQNHcnRAvND97AEqmg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 102ms
102ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 0Vup6tSOpEBwg7YQzPEUHRBEPllpkvAV5+uoyODXOl/3lw5MRp4NhL+ELRIaAocB1xejMTScWSiVqe3XjKl88w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 105ms
105ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: dBHqg9aqcaS5ohoSKA3aDBYGLPxIutEuTwVFQG1zJXkAziIdhR3UQO7L+XNtcZ4Iuh18l5XVQka0xswCCmPRQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 103ms
103ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: fr0/EMvnTla+5RV328scDQ+CIM33IR48nGduKOmSUK4jzJWttzlGN2L/9Pw6k7PCozi+lpm7ZBYhjEXxl1ElQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 104ms
103ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: n0QgFczoo5UtfEA2cP/UadsV8mr5MJKPWN8xbQA13JPtiPelOg4PD3kVg2092BwL6xL18P/r8QBExOEf7oOYPw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 102ms
101ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: qN/21At7jj1SDnrCZtBruxHd/4EYP/DHw+V+Kt0bBUVApgENG4OfDyaxXqlqjZttjkA5Q8Ou7cRtGNxsg3AOKw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 99ms
98ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: gxQRmlSvaJ6LMED3IPir8aeJ9gBUGkq6RahDfMXmADQlTnQDV+JcASWpv43F5HRvSq/1c8sJyrOi1NclkwejOA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 104ms
103ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Q59oGHqJxbbguaf5jNmimTq+DtM01WZsJj78gk9fGKkZcm5hO2y82I1Ngcz72WQU3eVO2TcgtNzThI1KT9B8Vw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 99ms
98ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: v59C4ogUwPVTVtFcq+RG/SZLzVFCnzwK2PfMu2vaTQWM61TEBhMB7fCS1S8y5PttBu9uPBoRxvY3/rxArCjJzQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 99ms
99ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ffZlVL8KHQt1iwlqezOtO4mkzPZeoVnTbl7WNnv+BR1wPecFOzCqWFQ1EsZK5biZf7JLxlREpqDHHeOvLs5dsA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 100ms
100ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 7ryh3MxAVybAxnsSEYY21IF4FnxPNIyi2kEf25KgZ+soHN/Y0u1F3g3MedSBR+9tM/8wyANc8RdMzV8vvRmboA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 95ms
95ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: CBJGOpQgAgtBKKLm+LsjN3z4eZEmcIdkdct6WMjeW3i6OVV40osTAj8/Tkz7clyvC4goRutiD1CEK0WD31Lv8g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 98ms
97ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: poY8z6CtnU4VngmIO2UuDlfqqBOzdtUrgCt8SEVkRKUtyvMqlJEI5Z2vz7JigKFUqTXzs9wejk8sLLkR6W9FsQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 96ms
95ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Hs4+/ftRadbSsoYsBiF7K96V/FCOtdPi3cIfJ9JuQUg+YGfHkWJfTq+wqBvO3UdvjF/UuJL4RteEzeCSGjuXCQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 107ms
92ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 173Bwbu/83s+3SG298R0YU23O0/5UxrdeLL3Qpom2Nk4p764gQUdyuqdlBKgLZe9QDkzScbhdojL2Dk/fRnZkQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
30 B 97ms
87ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: PLEaw+JdWI4r40CYr/cROuQ1CD5SFRtLfa9xEJ81OG/agUEMNuD2R+dtT/eqAZpOU6qhja4Wy6XF+XTj5pTaIw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
32 B 97ms
82ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: OHAY8tlJ1COVmATLmail9hmmq3PLTPUG/U3+XIL1ixxOqIFiUjgm3Jc5LkWXRB1lhvJ+tTAgEOtGbH+UpSFwfQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
33 B 99ms
83ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: IzTa/YW/d8yzOfok07tU3cPw60ECrVVESN419pJ3SNYUqwhtgyURRaI7OPxTJDyMYfNmf9u9DNihtSYB98BicQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
32 B 98ms
82ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: cNbraag2Lzes4zzhSthMS+pycA1UpLNZov3LNW9GiyE0OdwPRf5KmWtS7/tdXunNFPQCwPb/Vf5ub5XtOnZEzQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H3 200 /
www.facebook.com/csp/reporting/ Frame 141A 0
31 B 95ms
79ms Other
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: yfdxUWZ4hmYlfE/zj/NzPjxOroX3M1muaN7lxCg+UNYJM47HULeMp7OVBbrkk9XsXF7H/es76Ei3mPZHXWCq/w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 23 Nov 2021 01:05:41 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

GET
H2 200 ps3LEjFUMch.png
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ Frame C00D 441 B
2 KB 117ms
29ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/ps3LEjFUMch.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df192d4c452a2738%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
x-content-type-options: nosniff
content-md5: bIdClDVUx2JypSkH1jl0jQ==
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 441
x-fb-rlafr: 0
x-fb-debug: JyGsHO0ADLJWfIpBgR+kwJPIZSl4UxUM/djpItZ+410hvZYvyFIWaYzW3tGlYCGBqwfcwW25DkUIZy2LY4PaCg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 11 Nov 2022 04:50:35 GMT

GET
H2 204 v1
ads.yahoo.com/cms/ Frame DC41 0
269 B 100ms
19ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~fa63d183df77c65a03eac82806b701b9c4f726b8&nwid=10000892938&sigv=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 RZAsbT6fr_E.js Show response
static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/ Frame C00D 518 KB
136 KB 131ms
75ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/RZAsbT6fr_E.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

20da2267ae5830a4c79483f48586f7c14d98ba433e9ef1e74a9de00bbe4335b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: OMDUuAybfBaAy1KGsZRcIw==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 138803
x-fb-rlafr: 0
x-fb-debug: mOXkcNnzZCgmuj4mSz5NPZnqFVZ9uLd8B7zC4hQVkmGZqHJ+pByvihLdO54qCVjmeT9iju7jPoevaoS/JpzUjA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 20 Nov 2022 00:12:22 GMT

GET
H2 200 OqOE21UvWe3.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame 141A 400 B
745 B 71ms
30ms Image
image/png 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfab8544a27da6c%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff1b9e673a4c82dc%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
x-content-type-options: nosniff
content-md5: uF0RL4E+h23ClLQmPOTTMw==
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 400
x-fb-rlafr: 0
x-fb-debug: jYGIaHh8OqMAorjbyX6pZ6BUepT/ZbYWp9+GyKTnSbxgYx8VJ5yTbQaZ64Js+yysEWFsCh0xCa6BijXjc6xkJg==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Fri, 11 Nov 2022 02:53:09 GMT

GET
H2 200 RZAsbT6fr_E.js Show response
static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/ Frame 141A 518 KB
137 KB 49ms
31ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/RZAsbT6fr_E.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

20da2267ae5830a4c79483f48586f7c14d98ba433e9ef1e74a9de00bbe4335b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: OMDUuAybfBaAy1KGsZRcIw==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 138803
x-fb-rlafr: 0
x-fb-debug: mOXkcNnzZCgmuj4mSz5NPZnqFVZ9uLd8B7zC4hQVkmGZqHJ+pByvihLdO54qCVjmeT9iju7jPoevaoS/JpzUjA==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 20 Nov 2022 00:12:22 GMT

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame DC41
Redirect Chain

https://secure.adnxs.com/seg?add=130915&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=130324064635517086

43 B
342 B

38ms
37ms

Image
image/gif

178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=130324064635517086
Protocol: H2
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
content-type: image/gif
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2228410
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 23 Nov 2021 01:05:41 GMT
X-Proxy-Origin: 82.102.26.70; 82.102.26.70; 868.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ad9603ab-b372-4601-b979-31d4a8ae3b95
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=130324064635517086
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sp.runtime.js Show response
www.cartabcc.it/_layouts/15/ 109 KB
23 KB 50ms
47ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/sp.runtime.js?rev=5f2WkYJoaxlIRdwUeg4WEg%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

462bc67f383c00cd2f09afa83f4ab70ad9ece0e14310a0e1c381a902db6ee2ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jan 2014 06:06:06 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 22581
ETag: "0dbca33118cf1:0"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55945/ Frame DC41
Redirect Chain

https://pixel.advertising.com/ups/55945/sync?uid=k-3WiXe5q8PaYm1JjGXVBFkCn53gcBv13E0mIwwg&_origin=1
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-3WiXe5q8PaYm1JjGXVBFkCn53gcBv13E0mIwwg&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda

0
20 B

31ms
31ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-3WiXe5q8PaYm1JjGXVBFkCn53gcBv13E0mIwwg&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.33 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date: Tue, 23 Nov 2021 01:05:41 GMT
server: ATS/9.1.0.33
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-3WiXe5q8PaYm1JjGXVBFkCn53gcBv13E0mIwwg&_origin=1&apid=UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda
date: Tue, 23 Nov 2021 01:05:41 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK sp.js Show response
www.cartabcc.it/_layouts/15/ 611 KB
77 KB 35ms
35ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/sp.js?rev=PuStxsNvcWcF1LKgj8CisA%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

687d5823bd2024aea8f7a887a96f0a5bc17a9ea94e4bc4f803df57ba0510dc2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14 Sep 2021 16:19:44 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 78870
ETag: "010f45384a9d71:0"

GET
H2 200 spp.pl
sp.analytics.yahoo.com/ Frame DC41 43 B
79 B 58ms
58ms Image
image/gif 212.82.100.181
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/spp.pl?a=10000&.yp=438726

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.181 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

spdc.pbp.vip.ir2.yahoo.com

Software

ATS /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: it-IT,it;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Nov 2021 01:05:41 GMT
x-content-type-options: nosniff
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security: max-age=31536000
accept-ranges: bytes
content-length: 43
referrer-policy: strict-origin-when-cross-origin
expires: Tue, 23 Nov 2021 01:05:41 GMT

GET
H/1.1 200
OK inplview.js Show response
www.cartabcc.it/_layouts/15/ 68 KB
20 KB 45ms
42ms Script
application/javascript 149.154.92.61
ICCREA-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cartabcc.it/_layouts/15/inplview.js?rev=iMf5THfqukSYut7sl9HwUg%3D%3D

Requested by

Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

0f4a284e4e5fc437bbf0aa321373d29447fc580592a85721775a9f001df3a9a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://www.cartabcc.it/Pagine/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Tue, 23 Nov 2021 01:05:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 23 Feb 2019 15:05:24 GMT
Server: Microsoft-IIS/8.5
MicrosoftSharePointTeamServices: 15.0.0.4719
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
X-XSS-Protection: 1
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 19583
ETag: "092c33389cbd41:0"

Verdicts & Comments Add Verdict or Comment

2491 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

51 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.cartabcc.it/Pagine	1969-12-31 23:59:59	Name: databaseBtnText Value: 0
www.cartabcc.it/Pagine	1969-12-31 23:59:59	Name: databaseBtnDesc Value: 0
i.liadm.com/s	1970-01-19 23:37:01	Name: _li_ss Value: MgkI_____wcQ-BA
www.cartabcc.it/	1969-12-31 23:59:59	Name: TBMCookie_9865384463882519378 Value: 5165960016376295240/9HPLS7K8tf8p3y+N3SnDdkRyg=
www.cartabcc.it/	1969-12-31 23:59:59	Name: ___utmvm Value: ###########
.cartabcc.it/	1970-01-20 16:25:01	Name: _ga_FE9QMZSP59 Value: GS1.1.1637629538.1.0.1637629538.60
.cartabcc.it/	1970-01-20 16:25:01	Name: _ga Value: GA1.1.1105178230.1637629539
www.cartabcc.it/	1970-01-19 22:53:49	Name: ___utmvc Value: navigator%3Dtrue,navigator.vendor%3DGoogle%20Inc.,navigator.appName%3DNetscape,navigator.plugins.length%3D%3D0%3Dfalse,navigator.platform%3DLinux%20x86_64,navigator.webdriver%3Dfalse,plugin_ext%3Dno%20extention,ActiveXObject%3Dfalse,webkitURL%3Dtrue,_phantom%3Dfalse,callPhantom%3Dfalse,chrome%3Dtrue,yandex%3Dfalse,opera%3Dfalse,opr%3Dfalse,safari%3Dfalse,awesomium%3Dfalse,puffinDevice%3Dfalse,__nightmare%3Dfalse,domAutomation%3Dfalse,domAutomationController%3Dfalse,_Selenium_IDE_Recorder%3Dfalse,document.__webdriver_script_fn%3Dfalse,document.%24cdc_asdjflasutopfhvcZLmcfl_%3Dfalse,process.version%3Dfalse,navigator.cpuClass%3Dfalse,navigator.oscpu%3Dfalse,navigator.connection%3Dtrue,navigator.language%3D%3D'C'%3Dfalse,window.outerWidth%3D%3D0%3Dfalse,window.outerHeight%3D%3D0%3Dfalse,window.WebGLRenderingContext%3Dtrue,document.documentMode%3Dundefined,eval.toString().length%3D33,digest=
www.cartabcc.it/	1969-12-31 23:59:59	Name: stsSyncAppName Value: Client
www.cartabcc.it/	1969-12-31 23:59:59	Name: stsSyncIconPath Value:
.adform.net/	1970-01-19 23:37:01	Name: C Value: 1
.adform.net/	1970-01-20 00:20:13	Name: uid Value: 3676362967645214296
www.cartabcc.it/	1969-12-31 23:59:59	Name: WSS_FullScreenMode Value: false
.criteo.com/	1970-01-20 08:15:25	Name: uid Value: 2468ea8d-7437-45fb-ba97-5fe628866648
.cartabcc.it/	1970-01-20 01:03:25	Name: _fbp Value: fb.1.1637629540254.903420106
.cartabcc.it/	1970-01-20 08:23:13	Name: cto_bundle Value: Q63Idl9wQlFQTkloWCUyRnY5YTgwNWljbVJlTGlEalNDNkxFTFdYbnZOUHdLY2ZEb1FhS2RNWW8zQjlINE5wUmRoOFBDZmNTNXpBYXNrY3hYdlByNGk1N2tJN0FOeiUyQnI4SnRHM3dyOTJpNjROeHNpTWtZaTBsUjR5WHBibWZWNUlXdk8wdFVHSzA5S3BHJTJCd1lqU2FQOWdlVW9MU2clM0QlM0Q
.adnxs.com/	1970-01-20 01:03:25	Name: uuid2 Value: 130324064635517086
.bing.com/	1970-01-20 08:15:25	Name: MUID Value: 14EABEEDB06A675430ACAE15B1B7669B
.pubmatic.com/	1970-01-20 01:03:25	Name: PUBMDCID Value: 3
.casalemedia.com/	1970-01-20 07:39:25	Name: CMID Value: YZw.ZXZb7h.5q-nSB9XghwAA
.casalemedia.com/	1970-01-20 01:03:25	Name: CMPS Value: 299
.yahoo.com/	1970-01-20 07:39:47	Name: A3 Value: d=AQABBGU-nGECEKBMFWxaEcz3yCVDL-UN9qsFEgEBAQGPnWGmYQAAAAAA_eMAAA&S=AQAAAufPGGHWcAP5BC0PflEYy80
.doubleclick.net/	1970-01-20 08:15:25	Name: IDE Value: AHWqTUkP-jCc8B_2bXDiPoleRWFAu-QgjQbV_N5qORjJSVa7Nqd1tb9k8qVF8l_VC90
.casalemedia.com/	1970-01-20 01:03:25	Name: CMPRO Value: 1833
.casalemedia.com/	1970-01-20 07:39:25	Name: CMRUM3 Value: 14619c3e652760k-CGqtG5q8PaYm1JjGXVBFkCn53gcXPOaDg86_dA
.casalemedia.com/	1970-01-19 22:55:15	Name: CMST Value: YZw+ZWGcPmUA
.sharethrough.com/	1970-01-20 07:39:25	Name: stx_user_id Value: 3fd2d6ff-8265-4de6-a6de-2c48ed15c28c
.3lift.com/	1970-01-20 01:03:25	Name: tluid Value: 13650100084193889219
.taboola.com/	1970-01-20 07:39:25	Name: t_gid Value: b2d7486e-2466-461a-afb9-579c81293864-tuct895c3e5
.media.net/	1970-01-20 07:39:25	Name: visitor-id Value: 2806311412311098000V10
.media.net/	1970-01-19 23:37:01	Name: data-c-ts Value: 1637629541
.media.net/	1970-01-19 23:37:01	Name: data-c Value: k-vp10xJq8PaYm1JjGXVBFkCn53gehRWTz1vGStA~~3
.bidswitch.net/	1970-01-20 07:39:25	Name: tuuid Value: d40bd060-3f53-454c-a81f-a3a6b418f43f
.bidswitch.net/	1970-01-20 07:39:25	Name: c Value: 1637629541
.bidswitch.net/	1970-01-20 07:39:25	Name: tuuid_lu Value: 1637629541
.advertising.com/	1970-01-20 07:40:51	Name: APID Value: UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda
cm.mgid.com/	1970-01-19 23:37:01	Name: mg_sync Value: {"617660":1637629541}
.mgid.com/	1970-01-25 20:31:23	Name: muidn Value: lamF5c49u_5h
.mgid.com/	1970-01-19 22:53:51	Name: __cf_bm Value: 9eVW4FFhwcQNXH3KN2kbBBtx5_cR3tlNqxhEbMj2dZE-1637629541-0-AQkuiqNBfYT4VRo/BHIpqBywAozYG7fm3lXaO0WOZwAD/u8i1nPOGJX1V+h6joewPbCpsK/ZlPaDMprM8P9lTpY=
ads.stickyadstv.com/	1970-01-19 23:37:01	Name: UID Value: 3b8f93a162bf1110e91fcc4350728044
ads.stickyadstv.com/	1970-01-19 23:37:01	Name: uid-bp-11554 Value: k-1ymhiZq8PaYm1JjGXVBFkCn53geyCGFLsoAPfg
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 93ba8942797680ea4ea9ea4ad4cbb6e4
.adnxs.com/	1970-01-20 01:03:25	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2E?gpNRbQ!fss0=RroE7VW]Fp9RZUcX9=KsoOh/^%t:LAf[[OO9WW79R#QZq9+)v=PIpgg6F6]W#Nt>cv9Nl$]kNya!tNhTpa1R_H.
.outbrain.com/	1970-01-20 01:03:25	Name: obuid Value: 13262fff-8767-4a81-9247-3b6d7b7914ca
.outbrain.com/	1970-01-19 23:37:01	Name: criteo Value: k-mh93rZq8PaYm1JjGXVBFkCn53gc-M7Eivpy0Tg
.analytics.yahoo.com/	1970-01-20 07:40:51	Name: IDSYNC Value: "18zh~21op:1761~21op"
.yahoo.com/	1970-01-19 23:49:55	Name: APID Value: UP7aa77f8d-4bf9-11ec-b371-02c731d5dfda
.yahoo.com/	1970-01-19 22:55:15	Name: APIDTS Value: 1637629541
.yieldmo.com/	1970-01-20 07:39:25	Name: yieldmo_id Value: gee7568a958cd41be3af%7C1637629542085%7C0%7C
.ads.yieldmo.com/	1970-01-20 07:39:25	Name: ptrcriteo Value: k-OOQcIJq8PaYm1JjGXVBFkCn53gfAwNgjRsRklw
.liadm.com/	1970-01-20 16:25:01	Name: lidid Value: 7a41e4b6-cd48-4880-a54f-39c0355e0f64

408 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5139589.fls.doubleclick.net
ads.stickyadstv.com
ads.yahoo.com
adservice.google.com
adservice.google.it
analytics.google.com
c.bing.com
cdn.stickyadstv.com
cm.adform.net
cm.g.doubleclick.net
cm.mgid.com
connect.facebook.com
connect.facebook.net
contextual.media.net
criteo-sync.teads.tv
dis.criteo.com
eb2.3lift.com
graph.facebook.com
gum.criteo.com
i.liadm.com
i6.liadm.com
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
pixel.advertising.com
pixel.rubiconproject.com
r.casalemedia.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s2.adform.net
secure.adnxs.com
simage2.pubmatic.com
sp.analytics.yahoo.com
sslwidget.criteo.com
static.criteo.net
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
track.adform.net
ups.analytics.yahoo.com
visitor.omnitagjs.com
www.cartabcc.it
www.facebook.com
www.google.it
www.googleadservices.com
www.googletagmanager.com
x.bidswitch.net
104.111.242.245
104.19.133.78
13.248.245.213
141.226.228.48
142.250.186.162
149.154.92.61
178.250.0.157
178.250.0.163
18.185.209.98
185.255.84.152
185.64.189.110
185.86.137.110
2.18.234.21
2.18.234.233
2.18.235.93
2001:4de0:ac19::1:b:3b
212.82.100.181
216.58.212.130
216.58.212.166
2600:1f18:444a:4602:b51a:2bef:14:5241
2600:9000:223f:f800:1b:5138:8a40:93a1
2620:1ec:c11::200
2a00:1288:80:800::7000
2a00:1450:4001:801::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2002
2a00:1450:400c:c1b::9d
2a02:2638::1c
2a02:2638::3
2a03:2880:f01c:20e:face:b00c:0:2
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
3.126.56.137
34.200.184.86
35.157.241.218
35.186.243.160
37.157.2.247
37.157.5.142
37.252.172.123
54.84.15.237
54.93.151.69
69.173.151.100
70.42.32.95
0012acabfeb2a46ff3224dcf3189ed930fe0ef0247d70024c631e76b5d3f02c8
0415736d61407b163bfdccf8d5564e10e515abf89cb0c4bc72e3a9a975967335
0489af80fe5de0da0ed7a1652cd4b14b7594472681eeb77bd1445954e09117ff
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
073cd0d839ebad694e5ac81b493613ea72b35ca9f91159e343974b442e38ccb2
083676345d3d4780868d7082af80b98cb33a9c28945dfdebb64b8859f62b8e15
09023baefad81ce5066da12f63dbfd860f1321097977c6994d7862905f18da76
0975f6be2bbe94c6dcd7aa7546c758afa362b98968207acd4db1f7b57fa9ae21
098c1d66ca6ac145edf6dc127803d5409064e1985e40a112fe52b36f2a130ae9
09ade0062ce21dde03dec21e9dcdddfacc765a4e22d800cc5bf06a363a49681a
0b2921dc3fdec737052a1ae4fc1b7c0308f7ba1fea6129b67cf07879d17810d3
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
0ed8f1bb12a6fc3ca72807e31da80f9e883f09816b7459674301a168cf15e90d
0f4a284e4e5fc437bbf0aa321373d29447fc580592a85721775a9f001df3a9a6
101cf54c0b669349a1fd5ab1935464a9a9645eb48fcae4cc2633a854444a501d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13d8206e6dcb19f6362581ec12b009524c1bd131d45722b61094436bca79445b
14173b2fb370c55d9859a7e1bb87d0b16250f46e14696ac035c6d8fde22a8306
14c7f3592be7d72bccb6c3e7d8ffaeffd31270c40885e109782fd46ba721d338
17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1
18ca475184946aceb47fcd1ec8e2dfa3da40826a365e97844b5fb79f74d8524c
1b3d01cebe00670eeed492b5e4edec8d4c7056cce5b597a6c8c94f0c1f9119bc
1b70ec41a84b82047cd2935f6ac76c0d0ded50ec6a65b725f2b2abaf5edbfb6c
1c7a6058854929580ce5206613f1676830507804c1d194b7de049d1809bed9b2
1d2f16d480ffde58cf9d6ff4e57cf9c21ed2f5515cf2f1a74daefe5107e10985
1eaecb92e4a26d061539964caebb1ffcf87858a5db08eccdf2345b1a547e2019
1ee9d84d2672ca8a499d2218ffe73d5d9ce86c69861864a22fc3afc3c462d2aa
20da2267ae5830a4c79483f48586f7c14d98ba433e9ef1e74a9de00bbe4335b4
2167d6069e570bbe78187cd7f9dfe60bc6483d17bb81974825b26a8af1beb3f9
24eb071c600fe4a3ba31ac2c4f33c34eac3b3780ac8c8f5924bcf00d66acfa73
2563ca062d2fb21da1ec427412b982b02799fdcb75db6522ef3a777d2235c0ca
284a56c4ba4ca9f30a494fcb4f75c23f5253547bad735ef51158df6dfc90c915
28803c0e402da23c79a1320b346848fba39682475099ec4503ccf70d6267d8a3
2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc
29c1e4c54c76ab5712680e54c0b69efdb2db355d19e47826ad74e9971b6cbe42
29fb2a35c616c1546692d8d26167b6af206db3c95a970c7cc1d12d89e38ec035
318d7b10f08b02ff518c5c74e6fcc8fc075ae5023d27e6c9859a6ba2519950f6
31cccd6f55aa480629657cb5458f989c9f5361b1b45bab9047fe21f1375370a5
3223ccaa46f2320f7d698bc38b969c5baf6e33d4dc2f291bf770bdb24e7b34d7
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3319b642d9a9c2d3be976dd64e236792e1941e2ba84764cc15f8e24f946eb057
33a615b30f0b0648a299b0d7e7f57e6c5a1b52cfcc831b3572c1f6ff77c1e2b1
368988b8aad8a0bbecd67db9a0a16a7760af07094e5613d7e0a8bda650b22b2d
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
39d8a7c6a401b46ed1ca1094cd0ace7c9e1356661e9c37d39848a8c2799afa94
39e8386b4e8a4a0ba1de3031f050265df97f635c9d30990212970a79b14d5726
3c8cca8f79a813ccbc3683de3169c70c385b8bec34e0b383d05ef904c8b020cb
3d393fb4fa5aed6c21023b8981fb1bc69c5e566d0d3807cde55a8484fee9407d
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5
4169d55735350781457e5ac29845c8296f3e5f8880268b7c35ace7781d9bf03b
4286cef9f114568ff20fa78920a832a60158f94533713845730ac41a934d08a5
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42cb30500358c7f019ee93575e48d523d0931fa3b75de43868b03d66f3e0fb74
4323f8ddb7c570311f9ccf5035c68d856bfe0cda1865097d8fe13826c02590c6
44a9857df6a0e751a7c7a2fee5076c1a16575ccb524e53d26cdbb6da90b2310d
44fdd1eb3c024fe9fb4faeb815b2367ace182437a87eb25a75d7802d0f3c88c0
462bc67f383c00cd2f09afa83f4ab70ad9ece0e14310a0e1c381a902db6ee2ce
470985029a73c80df15aaffe3cbed4b09c49801c381c82ce704595d7c0bbcc0c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9b12ff6d6bcfe24b3908b5b4653b2769d650b5aafcaa9ad983a521dd9a4491
528d30b6dbe6422fa5cb80857cc760cc07156da2f76fdec99c5a86400d9e739e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a490329010041abb0982e8fb65d384ea8307e3849deaf5792e071b71496806
57230c28fa1f6b89132cc6b45879cb0d76dc06be76f5160f037b6243b76ee282
5ae0cd8647ce25c3caa7cf5155b4b3e7120f537004f5f34569b261f4dc792fb7
5d6530cc412e24cb8226231d03d1b6fd799e6efe62c273eb38da7e943d115ab4
5d9862c186718bb6f766954530b787379a6ef8a9fdc50d913d4342843e1ee43b
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c
65d9f134351cfb463a24469e3767a725acb365c1140c683b72716f4a8c29a0d0
65e7768aeab15b4491a1bee61adf4cd77f7014984ac0bb404959af7acb86fa10
663c4a5f602e171f5f8cfcd8002ea6a4a2e87b45ec771ad5e2bc5ff0866b46aa
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
687d5823bd2024aea8f7a887a96f0a5bc17a9ea94e4bc4f803df57ba0510dc2e
6b29e3ddb09886db2f0ba25d3842c850d302cefb75705eac51488be724e59837
6e1359cf3dc38872322d3a9f39f76593dd7dea548416b92173d8ec75b59ce261
6fec58a48598613c8a4d19fb461f024ba975d146fc0426514c1b4a4637ccdbed
70cb1295d004ab61a42f1aed2375d5a4f82094c3cd4e6de701ab46a6e06932d1
725465141f582e4a1530401e4372f289e3ceadc3d9486d70a258a9e61d80691c
75329a0036d550283e35ef260a99a40e4f0b3860128afb9a601f5d8aaf2a67da
7588a3068e2520e236ee7708b08636bc587d79ee0c3e1ce13f31e860c5a00936
75c601b64fef79cd7e2992c5f1715697e533e4d46737aef3f2e2980b34c19504
798fcc311737a033dc548d9b1bccce0ebdf34a40ab1995d90301e39e01dc16d3
7ae33ab34c0cc4321f009d234844837244b763b76b3a1769621f9619f849cfe2
7bc15156bfd0c994eb416710df6402ae66bde703b16f0b494fbea7f4b6f9d5db
7bdf22ffb529e43c1d080e28259c013b75e377c229b740c123c6849af49e8f66
80fb3e76ddde2313ad4c6b34b06b8d42d3a4d2fd628861fec955e70bf99e5eaa
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
87c0ba07e79ba24acaedb7c0ffb79aed84a0876dc99ea17b44d92898c1920636
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8ee9355148dfcccd985f18bc117ed348188283a4e0107d75d14725015b11464b
90866a1ecb4b2d71afa0657bbc4426ff1c65cd950bb7c7610420fdb25000bc94
90aecf63f7b3c11b09a5f941b1ae98a5450458111d7940359ea4eda181f079e8
917486d8cd48bb66c433f0a917be267eda9c79db033f45f13bdf9ce9b89306af
932cc94b7b1b4e13b29e88c8f909d29d12bb6eb3e2688885f462187985e5bb7e
958431af002b443e91772376e40f97e48ad72064379a9b52ed166679e5f7ccf5
96ed2223d2d8f0ee570a2f28acd2fe7ff3c490a8e95726e178e025a2cd3b6d3c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9eeec5a5fe940a31de261545439b0d349056e859045dc8c0a60e849b2bfcdaea
a14806e7f167ecd80a0f6f15165914e923e068971cb7eb15ecc8ca8e16c3948a
a1fddf4d5fec5f577b977db5c16c6582c1768324262382650fce903a37d73ab6
a4ec6f94a0b8da689d7e44343539adbcd049e2aacb981a6cbc4891bbd051bae9
a4fa05f8818635de315841a7d5efc17424ac4fa7aa796195f3cb83b09ec81dcb
a5c277cb9c2bff3a7ebffc13f04997021c12a83c8b101e6e03330676bec5808d
a6ca968cdd211c37a79a74d53c3222d6a49a10ebeccf7964fa590a642b0e76bc
a719a73fe8edbe4230570b0a3fc59232c096a6983f79c0f5d3f5766061ad6e4d
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ace45b46ac17a67385d5531e52dd00c52b17329a911ad2548954a11b2ad6f1d4
af44c83f737c501b3862145a4a30d18f780168a429f94c9a6ef90b71f464c858
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b4ff860133d8c85a28926a7e93aa7f45f374ae6277b16c79f37356b81b18b602
b8fbf8d23cb7158e74924a38361e3ba96a4044e57677d3dbf2d45fa93e4cb2de
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc079e5a4e58c7446ded814230e4733efdae98cfbfde22445fdb72b723624f86
bd8ff4240810eb6c9f8683f11648ea572bd083d8aad0e6bcc5b7e3521f31f788
beaa74a3337db035766f890b60e7e5da285f1393b3565f09799e278e4e09b46c
c38f09f7cbd22ed93585150ca71f950737ffc04b4edef1494fafb79019fa267d
c9d8e86ad4888f92124a40bc827b81030f78603e845331440c79b9ffecc65c10
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d0955baca871dc75343508e3e271ec07200bc1279915dd5de70c36a2f6a4be4b
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d1f1ce1c58a73639fdf1712d8f18afe7b201c666b3de4bcb995e1bc95b0c3124
d36d9109275ca93d47589862c92e2ba34b58cc1a67541fe8ee3417ffd6b7c306
d49379cc8f2f7ce47695fbc18e2d992ad79b2c414b3e29fef8b39ec1165f30aa
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d9ad820e147680f85136b0af7b33d79e9d2cbcf4d259fd010e4b8f9b4c1e5d31
d9feb97bc5878582865e38229057d6259b69d5dc9efcd8043580368164eeca25
da59c9a6d87cd2e0ffbea8e893e16d3b87cbdd106313900bee85918a256f5c5a
dc7fb8685ab2e788b47429efe2dca0cdce4dd22e6785aed3ae9d2d67b2d049db
dcda9469e8f63a870df774bc9e46a0d53387e493fe43dd3724d024ae2d09f33a
dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277
df0d34a8dfd2be2c60889e634b5fdad3d1bad855881735b33c671e84e4f1e182
e0e6a5cf7ea3142bc39e8ac5a3df12c28968d395db15430b6473d4e1262175ba
e2ee2027e3134d65c4701f15e3e2c0dd4695ad74455ce35c5c59c8938c7a046a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c750ac2f038732ddd1eed5cd3c58b3ee2b0fb3a207fb55525783d412c8a160
e7928d115bbeade4591d6525789a360c001c03098286dec2bcdf64272897146d
ea229dc845952b01f28d60d13dfcce83fd0b3c1857e29ea610f699253151d08c
ecfd2e614ba18324cac553450522e0644b616963a123eb310c7cf2011a2d2efd
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
ee3609236eefa18dc2a4d57e0e4352626e646f3fc435e231432b5d7fbec53fa4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f210607fbd2ee60fe559b003e3204e57d9c2b78d9bab99d0861b6bfee943dee9
f3a64f1aa0764e55c6ae52bebd629957c6c1f389d138eb7e8c772d9c6c410fc7
f964b6cdc8fc810fb7852dffff4e208a7ad506b4dab2a23899b4e75d7289fe6f
f98b9217f41d70643fbe413ec1d526ebd8524cec86f38e16f5bdaea6d281f40b
f9ddef4e3eb4f7ddb5397c52bdd0bed3e5aa3e489075913b590ecf422d2063f7
fd64cd355a393eb0e75ffb097014deab7e585e38fb57348dcc3f6bd8998d3328
fdb583e2bee22858e3b3e3e046daa26bda50f7e36786dd6f0996210d908a44d8
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
fe5690c827f2403d06acb35ca7b67743ef538336ae621a1de88a2623b63b0a68

www.cartabcc.it Open in urlscan Pro 149.154.92.61 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

222 Requests

93 %HTTPS

36 %IPv6

34 Domains

49 Subdomains

41 IPs

10 Countries

4193 kBTransfer

7859 kBSize

51 Cookies

8 Outgoing links

Page URL History

Redirected requests

222 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.cartabcc.it Open in urlscan Pro
149.154.92.61 Public Scan

Screenshot
Live screenshot

Full Image

222
Requests

93 %
HTTPS

36 %
IPv6

34
Domains

49
Subdomains

41
IPs

10
Countries

4193 kB
Transfer

7859 kB
Size

51
Cookies

222 HTTP transactions
0 data transactions