urlscan.io logo urlscan.io
SecurityTrails logo

www.paypal.com Open in urlscan Pro
192.229.221.25  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://paypal-prepagata.com/
Effective URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Submission Tags: falconsandbox
Submission: On June 12 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 42 HTTP transactions. The main IP is 192.229.221.25, located in United States and belongs to EDGECAST, US. The main domain is www.paypal.com. The Cisco Umbrella rank of the primary domain is 3002.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 12th 2023. Valid for: a year.
This is the only time www.paypal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 64.4.250.38 17012 (PAYPAL)
1 1 151.101.3.1 54113 (FASTLY)
1 9 192.229.221.25 15133 (EDGECAST)
25 151.101.130.133 54113 (FASTLY)
1 2600:9000:26d... 16509 (AMAZON-02)
4 151.101.65.35 54113 (FASTLY)
1 104.17.208.240 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
42 7
1    64.4.250.38 (United States)

ASN17012 (PAYPAL, US)
PTR: paypal.co.il
paypal-prepagata.com
1    151.101.3.1 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypal-prepagata.com
9    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
www.paypal.com
25    151.101.130.133 (San Francisco, United States)

ASN54113 (FASTLY, US)
www.paypalobjects.com
1    2600:9000:26db:aa00:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)
images.ctfassets.net
4    151.101.65.35 (San Francisco, United States)

ASN54113 (FASTLY, US)
t.paypal.com
1    104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)
zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
2    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.recaptcha.net
1    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
25 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2736
623 KB
13 paypal.com
www.paypal.com — Cisco Umbrella Rank: 3002
t.paypal.com — Cisco Umbrella Rank: 3785
41 KB
2 recaptcha.net
www.recaptcha.net — Cisco Umbrella Rank: 1502
1 KB
2 paypal-prepagata.com
paypal-prepagata.com
www.paypal-prepagata.com
292 B
1 gstatic.com
www.gstatic.com
205 KB
1 qualtrics.com
zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com — Cisco Umbrella Rank: 20101
7 KB
1 ctfassets.net
images.ctfassets.net — Cisco Umbrella Rank: 4125
68 KB
42 7
Domain Requested by
25 www.paypalobjects.com www.paypal.com
www.paypalobjects.com
9 www.paypal.com 1 redirects www.paypal.com
www.paypalobjects.com
4 t.paypal.com www.paypal.com
2 www.recaptcha.net www.paypal.com
www.gstatic.com
1 www.gstatic.com www.recaptcha.net
1 zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com www.paypalobjects.com
1 images.ctfassets.net www.paypal.com
1 www.paypal-prepagata.com 1 redirects
1 paypal-prepagata.com 1 redirects
42 9

This site contains links to these domains. Also see Links.

Domain
www.cartalis.it
Subject Issuer Validity Valid
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-12 -
2024-10-31		 a year crt.sh
www.paypalobjects.com
DigiCert SHA2 Extended Validation Server CA		 2023-09-05 -
2024-10-05		 a year crt.sh
images.ctfassets.net
Amazon RSA 2048 M02		 2023-12-19 -
2025-01-16		 a year crt.sh
t.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-09-21 -
2024-10-21		 a year crt.sh
*.qualtrics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-27 -
2025-02-19		 a year crt.sh
misc.google.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-27 -
2024-08-19		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Frame ID: 5BD5E75C16B06F52D37DB37122FC5B16
Requests: 38 HTTP requests in this frame

Frame: https://www.paypal.com/auth/recaptcha/grcenterprise_v3.html
Frame ID: BB3D81296E0535AD0610B230BB7E6064
Requests: 3 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsLmNvbTo0NDM.&hl=it&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&cb=fjox1sd28m48
Frame ID: 89D8AF2C2823F2BCA11B8026CAF7CF64
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Prepagata PayPal - La carta prepagata di PayPal

Page URL History Show full URLs

  1. http://paypal-prepagata.com/ HTTP 307
    https://paypal-prepagata.com/ HTTP 302
    https://www.paypal-prepagata.com/ HTTP 301
    https://www.paypal.com/it/prepagata HTTP 301
    https://www.paypal.com/it/webapps/mpp/prepaid-discover Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com
Overall confidence: 100%
Detected patterns
  • react(?:-with-addons)?[.-]([\d.]*\d)[^/]*\.js

Page Statistics

42
Requests

100 %
HTTPS

33 %
IPv6

7
Domains

9
Subdomains

7
IPs

3
Countries

945 kB
Transfer

3260 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://paypal-prepagata.com/ HTTP 307
    https://paypal-prepagata.com/ HTTP 302
    https://www.paypal-prepagata.com/ HTTP 301
    https://www.paypal.com/it/prepagata HTTP 301
    https://www.paypal.com/it/webapps/mpp/prepaid-discover Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request prepaid-discover
www.paypal.com/it/webapps/mpp/
Redirect Chain
  • http://paypal-prepagata.com/
  • https://paypal-prepagata.com/
  • https://www.paypal-prepagata.com/
  • https://www.paypal.com/it/prepagata
  • https://www.paypal.com/it/webapps/mpp/prepaid-discover
42 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CED) /
Resource Hash
cc454f165edd67e689abd988859b242e79d90c7f584ccaaa7bf88c10e3a443ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-KNynUXy4+m9arDajhA8nMtoZNSQh0BmjuEErmCOzOYsPRZGX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-KNynUXy4+m9arDajhA8nMtoZNSQh0BmjuEErmCOzOYsPRZGX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html; charset=utf-8
date
Wed, 12 Jun 2024 23:33:54 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"a5cf-gs/B706eyq0bB4yrGztNSSTGt2w"
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
0791683010676
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server
ECAcc (frc/4CED)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-00000000000000000000791683010676-a407ee60ae814942-01
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

accept-ch
Sec-CH-UA-Full
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
20
date
Wed, 12 Jun 2024 23:33:54 GMT
dc
ccg11-origin-www-1.paypal.com
location
/it/webapps/mpp/prepaid-discover
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
0132932484596
server
ECAcc (frc/4CCC)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-00000000000000000000132932484596-75a2b83176bf80f7-01
vary
Accept-Encoding
ngrlCaptcha.min.js
www.paypalobjects.com/webcaptcha/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:54 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
MISS, HIT
paypal-debug-id
f22e4b681b75f
dc
ccg11-origin-www-1.paypal.com
content-length
6477
x-served-by
cache-sjc10023-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 05 Jun 2024 09:09:10 GMT
traceparent
00-0000000000000000000f22e4b681b75f-4be7c453b87d0b97-01
x-timer
S1718235235.965633,VS0,VE0
etag
W/"66602b36-5a55"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
2, 9114
PayPalSansSmall-Regular.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansSmall-Regular.woff2
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Origin
https://www.paypal.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:54 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
shield=SJC,src_ip=157.52.96.80,alternate_path=0,ip=157.52.96.80,port=443,name=shield_ssl_cache_sjc10080_SJC,status=200,reason=OK,method=GET,url="/digitalassets/c/paypal-ui/fonts/PayPalSansSmall-Regular.woff2",host=www.paypalobjects.com
log-timing
fetch=636006,misspass=95,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
fd20d8e5a2e56
dc
ccg11-origin-www-1.paypal.com
content-length
18320
x-served-by
cache-sjc10080-SJC, cache-fra-etou8220041-FRA
last-modified
Tue, 23 Jan 2018 03:38:51 GMT
traceparent
00-0000000000000000000fd20d8e5a2e56-8e87ad2b31f0f3ec-01
x-timer
S1718235235.965517,VS0,VE0
etag
"5a66ae4b-4790"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
8519, 89
PayPalSansBig-Light.woff2
www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/digitalassets/c/paypal-ui/fonts/PayPalSansBig-Light.woff2
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Origin
https://www.paypal.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:54 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
ip=66.211.169.102,port=443,name=F_ccg01_phx_origin_www_1_paypal_com,status=200,reason=OK,method=GET,url="/digitalassets/c/paypal-ui/fonts/PayPalSansBig-Light.woff2",host=www.paypalobjects.com,shield=SJC,src_ip=157.52.96.53,alternate_path=0
log-timing
fetch=85017,misspass=108,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
f31eb0250d0a3
dc
ccg11-origin-www-1.paypal.com
content-length
18360
x-served-by
cache-sjc10053-SJC, cache-fra-etou8220041-FRA
last-modified
Tue, 23 Jan 2018 02:50:53 GMT
traceparent
00-0000000000000000000f31eb0250d0a3-e8770460d12ead7d-01
x-timer
S1718235235.965509,VS0,VE0
etag
"5a66a30d-47b8"
vary
Accept-Encoding, Accept-Encoding
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
3410, 3397
afa9a602071f1154fea203d618da40f33aae8a.css
www.paypalobjects.com/marketing-resources/css/66/ 		503 KB
53 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/marketing-resources/css/66/afa9a602071f1154fea203d618da40f33aae8a.css
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2d09578ee636adee2e9ae4055f616e2ff3d12116ba86bf5206dd1b0701346e72
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:54 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
9d5f0f50debea
dc
ccg11-origin-www-1.paypal.com
content-length
54238
x-served-by
cache-sjc1000144-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 11 Oct 2023 08:49:51 GMT
traceparent
00-00000000000000000009d5f0f50debea-96b7620b33ced9a7-01
x-timer
S1718235235.965353,VS0,VE1
etag
W/"652661af-7dab8"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
cache-control
s-maxage=31536000, public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
4, 1
Icon_shops.png
www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/Icon_shops.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d5c7bcec10cda242751f1a935aa837657527a189b3f157489fb600d0ae2f9b64
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:54 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
fastly-io-served-by
vpop-haf2300712
x-cache
HIT, HIT
fastly-io-info
ifsz=9592 idim=96x128 ifmt=png ofsz=6903 odim=96x128 ofmt=png
paypal-debug-id
8e74d2a35cdbb
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
6903
x-served-by
cache-sjc1000089-SJC, cache-fra-etou8220085-FRA
traceparent
00-00000000000000000008e74d2a35cdbb-503aa32296c3b362-01
x-timer
S1718235235.965659,VS0,VE1
etag
"ne3SZtf/Lt1R2gYkxM6ynm8ChUa5oFi0iljawPUMNNg"
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
12, 0
Icon_topup.png
www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/Icon_topup.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
14c6c504bd1d7be956aaf5b73c32469bac551cd6b7b09bcdd3a566e7528fcfe6
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:54 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
fastly-io-info
ifsz=9850 idim=166x130 ifmt=png ofsz=6414 odim=166x130 ofmt=png
paypal-debug-id
a9e9f7aa2ac26
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
6414
x-served-by
cache-sjc1000147-SJC, cache-fra-etou8220085-FRA
traceparent
00-0000000000000000000a9e9f7aa2ac26-9757493c7702e690-01
x-timer
S1718235235.965638,VS0,VE1
etag
"S4L1EiVlqT+2z5rR7ryps76KQJF4qvNjEdjZ9yZq0/g"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
19, 0
prepaid_cards_opt-1.png
images.ctfassets.net/7rifqg28wcbd/4yvKfBtKch8YbZCLfXzx9J/9bf29570855dad1d2de64333606bba9e/ 		68 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.ctfassets.net/7rifqg28wcbd/4yvKfBtKch8YbZCLfXzx9J/9bf29570855dad1d2de64333606bba9e/prepaid_cards_opt-1.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:aa00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
4d139e83ce45fb58a931697cabba2c6238b41cce5ffe7cc3519e12d9d6aefe4b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 fd4a06b35c482e680f7f3fd9baaa0090.cloudfront.net (CloudFront)
last-modified
Mon, 06 Jan 2020 09:58:21 GMT
server
Contentful Images API
x-amz-cf-pop
MUC50-P3
age
61209
etag
"8f15e2f0b655616d2b28ea83e4a1ad3f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000
content-length
69481
x-amz-cf-id
AR4q-jJxH73jEvc85sTrcMSQ4fz6XLHDWefEE-YSRILid7kcNhz6Og==
Icon_control.png
www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/Icon_control.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1326e022b5023db7ce5c14687d3068bcf509ce148d6bb08ffb2d56eb4b047f6c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
fastly-io-served-by
vpop-haf2300702
x-cache
HIT, HIT
fastly-io-info
ifsz=9579 idim=146x132 ifmt=png ofsz=5826 odim=146x132 ofmt=png
paypal-debug-id
8faf6c506510a
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
5826
x-served-by
cache-sjc10042-SJC, cache-fra-etou8220085-FRA
traceparent
00-00000000000000000008faf6c506510a-15dfdde8bc9a9a8f-01
x-timer
S1718235235.003473,VS0,VE1
etag
"0T0WCB4Z2ZuOFQaxmbPLxOU76DrbzkQjbY9NYckxHKA"
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
12, 0
Icon_transfer.png
www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/Icon_transfer.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1688d0e9754c0e66b8eb33895159cf436fc5fe1d1a41d09ec9140e870896afd0
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
fastly-io-info
ifsz=13272 idim=170x132 ifmt=png ofsz=8990 odim=170x132 ofmt=png
paypal-debug-id
5da71188ba538
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
8990
x-served-by
cache-sjc1000107-SJC, cache-fra-etou8220085-FRA
traceparent
00-00000000000000000005da71188ba538-d0cca4e8edd8dde6-01
x-timer
S1718235235.003691,VS0,VE1
etag
"88dkDl6dvNlN7gwSw/2VdqqdToc03VsDzvAUDdX/xO8"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
10, 0
react-17_0_1-bundle.js
www.paypalobjects.com/marketing-resources/vendors/ 		132 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/marketing-resources/vendors/react-17_0_1-bundle.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9924560b9904ab7730ef349123a92bdd7f5aec477051fbe927d951970c78a69f
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
log-origin
ip=173.0.87.52,port=443,name=F_ccg14_wju_origin_www_1_paypal_com,status=200,reason=OK,method=GET,url="/marketing-resources/vendors/react-17_0_1-bundle.js",host=www.paypalobjects.com,shield=SJC,src_ip=157.52.96.32,alternate_path=0
strict-transport-security
max-age=31557600
log-timing
fetch=84542,misspass=91,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
2fbc842c0bab9
dc
ccg11-origin-www-1.paypal.com
content-length
41755
x-served-by
cache-sjc10032-SJC, cache-fra-etou8220085-FRA
last-modified
Mon, 22 Feb 2021 21:58:19 GMT
traceparent
00-00000000000000000002fbc842c0bab9-47a9a821e65b4da1-01
x-timer
S1718235235.004194,VS0,VE4
etag
W/"603428fb-20ee8"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
1216, 1
pa.js
www.paypalobjects.com/pa/js/min/ 		70 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/js/min/pa.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
855a6bf411932b8bc99bf7acdcefcb67f10f21ec4acc6ae77e26d91265a2e928
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
9896df962b590
dc
ccg11-origin-www-1.paypal.com
content-length
25119
x-served-by
cache-sjc1000121-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 12 Jun 2024 19:33:57 GMT
traceparent
00-00000000000000000009896df962b590-4d3ebe7c155d6911-01
x-timer
S1718235235.004527,VS0,VE0
etag
W/"6669f825-116a3"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
2, 161
open-chat.js
www.paypalobjects.com/helpcenter/smartchat/sales/v1/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/helpcenter/smartchat/sales/v1/open-chat.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
15213b958a0af95e33fb82a50fc1a68ef2f171b3762662957e91ef1d834291f8
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
ip=173.0.87.20,port=443,name=F_ccg13_wju_origin_www_1_paypal_com,status=200,reason=OK,method=GET,url="/helpcenter/smartchat/sales/v1/open-chat.js",host=www.paypalobjects.com,shield=SJC,src_ip=157.52.96.47,alternate_path=0
log-timing
fetch=63920,misspass=131,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
8d703efa6fa8b
dc
ccg11-origin-www-1.paypal.com
content-length
1471
x-served-by
cache-sjc10047-SJC, cache-fra-etou8220085-FRA
last-modified
Sat, 13 Feb 2021 00:19:40 GMT
traceparent
00-00000000000000000008d703efa6fa8b-a2badc33a7c12339-01
x-timer
S1718235235.004182,VS0,VE1
etag
"60271b1c-5bf"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
3865, 0
marketingIntentsV2.js
www.paypalobjects.com/activation/js/ 		554 B
983 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/activation/js/marketingIntentsV2.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4be8b546dbb09a4b486f6efab312ee3e5c94cb12e05dbe389c20d5cf391e3da2
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
ip=173.0.87.20,port=443,name=F_ccg13_wju_origin_www_1_paypal_com,status=200,reason=OK,method=GET,url="/activation/js/marketingIntentsV2.js",host=www.paypalobjects.com,shield=SJC,src_ip=157.52.96.33,alternate_path=0
log-timing
fetch=95417,misspass=153,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
787d91bfb7326
dc
ccg11-origin-www-1.paypal.com
content-length
554
x-served-by
cache-sjc1000104-SJC, cache-fra-etou8220085-FRA
last-modified
Fri, 12 Feb 2021 23:55:13 GMT
traceparent
00-0000000000000000000787d91bfb7326-0d822f170470875a-01
x-timer
S1718235235.004172,VS0,VE1
etag
"60271561-22a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
3834, 0
c1c57790d8d29bddce70e4247b5a9cd2ce963f.js
www.paypalobjects.com/marketing-resources/js/58/ 		1 MB
206 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/marketing-resources/js/58/c1c57790d8d29bddce70e4247b5a9cd2ce963f.js
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b30c5cb98b7cad23ce739a411097717483a8f50d556aed2aa1d37bd55b5ce76c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
ec735aa499e50
dc
ccg11-origin-www-1.paypal.com
content-length
210665
x-served-by
cache-sjc10047-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 05 Jun 2024 06:04:27 GMT
traceparent
00-0000000000000000000ec735aa499e50-e53ecf994830d533-01
x-timer
S1718235235.004211,VS0,VE1
etag
W/"665fffeb-10f1e8"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
s-maxage=31536000, public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
2, 0
recaptchav3.js
www.paypal.com/auth/createchallenge/4c8f14cb8866f893/ 		11 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/createchallenge/4c8f14cb8866f893/recaptchav3.js?_sessionID=iKJIM8zY_RYYxQGG5b3NxP1AtHB0KopK
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE1) /
Resource Hash
64ada321dbb67d15dbea50c2bb50ed5156c78450e132e5c54c7df43f4496630e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-CGtycfM7thIxkIX/FPxbbCgyV2OlZmT/Emf/+OReJaXszfhw' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch
"x86"
sec-ch-ua-full-version
"126.0.6478.55"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-bitness
"64"
sec-ch-ua-model
""
sec-ch-ua-wow64
?0
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-CGtycfM7thIxkIX/FPxbbCgyV2OlZmT/Emf/+OReJaXszfhw' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 12 Jun 2024 23:33:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
0bb26691ab499
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CE1)
traceparent
00-00000000000000000000bb26691ab499-5dbeffcae0bf7ad6-01
etag
W/"2b55-JykrPaccmgma/joDZ0FDRj7Zj7E"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
pp_prepagata.png
www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/pp_prepagata.png
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c2c7a837ef71fdc1ae707aba929bffa692c6a57f14d9dd6f86a6a7f12d689f6c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
fastly-io-served-by
vpop-haf2300705
x-cache
HIT, HIT
fastly-io-info
ifsz=10185 idim=512x70 ifmt=png ofsz=7054 odim=512x70 ofmt=png
paypal-debug-id
42248bfbe2cb8
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
7054
x-served-by
cache-sjc1000122-SJC, cache-fra-etou8220085-FRA
traceparent
00-000000000000000000042248bfbe2cb8-9240c41b2db2a808-01
x-timer
S1718235235.045274,VS0,VE1
etag
"cbhtvEnGBdiDdzgfY/IByBjKK7GPM6oupW3ebdqW76U"
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
16, 0
hero_image_prepaid_opt.jpg
www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/ 		90 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/digitalassets/c/website/marketing/emea/it/it/prepaid-discover/hero_image_prepaid_opt.jpg
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9e114547048fe17de0e1d0705ac0bc563521c5bdb91a5105b43ebb0d9cc6ac44
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
fastly-io-served-by
vpop-haf2300701
x-cache
HIT, HIT
fastly-io-info
ifsz=91767 idim=1600x600 ifmt=jpeg ofsz=91767 odim=1600x600 ofmt=jpeg
paypal-debug-id
2dbbc26967d1c
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
91767
fastly-io-warning
Failed to shrink image
x-served-by
cache-sjc10066-SJC, cache-fra-etou8220085-FRA
traceparent
00-00000000000000000002dbbc26967d1c-8b71c45fcff21dac-01
x-timer
S1718235235.045589,VS0,VE1
etag
"gCl/fzMD+xR5SPhV8qk+h1M2OH26ZBBuieSXHu7CM9Q"
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
13, 0
latmconf.js
www.paypalobjects.com/pa/mi/paypal/ 		310 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/mi/paypal/latmconf.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
502c546f3fb2950c370c6a9b7706ce428c1fb034c64c2a7bf0284d9ceda9fb7e
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Origin
https://www.paypal.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
aec344c906654
dc
ccg11-origin-www-1.paypal.com
content-length
28072
x-served-by
cache-sjc1000117-SJC, cache-fra-etou8220041-FRA
last-modified
Wed, 12 Jun 2024 19:33:57 GMT
traceparent
00-0000000000000000000aec344c906654-be6144cd11542c25-01
x-timer
S1718235235.060168,VS0,VE0
etag
W/"6669f825-4d803"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
3, 170
eligibility
www.paypal.com/smartchat/open/ 		1 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/smartchat/open/eligibility?intent=SALESCHAT&page=/it/webapps/mpp/prepaid-discover
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C9C) /
Resource Hash
932ec8fdb4d0b00336a6c1cd5ed7f80f6f53ddf2282c451fd5897f411aa19bc6
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn; script-src 'nonce-yu10jYnA5uWId8gHrQnfjz7fNn/FXzBCsyxJQi+fVl8PjPbo' 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline' ; img-src 'self' https: data:; object-src 'none'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline' https://*.kampyle.com https://*.qualtrics.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn data:; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; frame-ancestors 'self' https://help.venmo.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn https://*.qualtrics.com;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch
"x86"
sec-ch-ua-full-version
"126.0.6478.55"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
X-Requested-With
XMLHttpRequest
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-bitness
"64"
sec-ch-ua-model
""
sec-ch-ua-wow64
?0
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn; script-src 'nonce-yu10jYnA5uWId8gHrQnfjz7fNn/FXzBCsyxJQi+fVl8PjPbo' 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline' ; img-src 'self' https: data:; object-src 'none'; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn 'unsafe-inline' https://*.kampyle.com https://*.qualtrics.com; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn data:; base-uri 'self' https://*.paypal.com; form-action 'self' https://*.paypal.com; frame-ancestors 'self' https://help.venmo.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypal.cn https://*.qualtrics.com;
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 12 Jun 2024 23:33:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
010906305b053
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4C9C)
traceparent
00-0000000000000000000010906305b053-e02016a3345ebe44-01
etag
W/"4ed-ny+1CnCXJ23El6cO8A7BWh8pI0c"
vary
Accept-Encoding, Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
it
www.paypal.com/it/webapps/mpp/rest/cookie-banner/IT/ 		21 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/it/webapps/mpp/rest/cookie-banner/IT/it
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C8F) /
Resource Hash
5ce45f088da786c509e00bbf9727a735abe35b51ac0de766883ef95279b28a66
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-dkYav1vsLxFDs5FAb3e0Jl2BGLWJ6stEb0nzzMmdD3n8C87V' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch
"x86"
sec-ch-ua-full-version
"126.0.6478.55"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
X-Requested-With
fetch
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-bitness
"64"
sec-ch-ua-model
""
sec-ch-ua-wow64
?0
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-dkYav1vsLxFDs5FAb3e0Jl2BGLWJ6stEb0nzzMmdD3n8C87V' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 12 Jun 2024 23:33:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
02365a557a5a7
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4C8F)
traceparent
00-000000000000000000002365a557a5a7-8caf8d146a41ac69-01
etag
W/"52c7-+bxg7M7r1afPgBj7+G+mNcI5Qmk"
vary
Accept-Encoding, Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
max-age=0, no-cache, no-store, must-revalidate
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
OrchestratorMain.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/js/min/pa.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8b43508aba121c079651841e31c71adc6ddecca7cfbb0ee310498bf415d907b8
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Origin
https://www.paypal.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
71fe33b2508cc
dc
ccg11-origin-www-1.paypal.com
content-length
3161
x-served-by
cache-sjc1000130-SJC, cache-fra-etou8220041-FRA
last-modified
Wed, 12 Jun 2024 19:33:59 GMT
traceparent
00-000000000000000000071fe33b2508cc-b5ae3572c6743b28-01
x-timer
S1718235235.156749,VS0,VE0
etag
W/"6669f827-1d47"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
3, 136
ts
t.paypal.com/ 		42 B
810 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.18&t=1718235235148&g=-120&pgrp=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover&page=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover%3A%3A%3A&rsta=it_IT&ccpg=it&comp=mppnodeweb&xe=107814%2C104449%2C105841&xt=140224%2C142459%2C135141&pageurl=%2Fit%2Fwebapps%2Fmpp%2Fprepaid-discover&fcp=1373.500&fcp_attr=%7B%22timeToFirstByte%22%3A%221203.500%22%2C%22firstByteToFCP%22%3A%22170.000%22%2C%22fcpEntry%22%3A%7B%22name%22%3A%22first-contentful-paint%22%2C%22entryType%22%3A%22paint%22%2C%22startTime%22%3A%221373.500%22%2C%22duration%22%3A0%7D%2C%22rating%22%3A%22good%22%7D&e=cwv
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0
date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
8836c00c90b41
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-etou8220149-FRA
pragma
no-cache
correlation-id
8836c00c90b41
traceparent
00-00000000000000000008836c00c90b41-525c96dc7a10f13f-01
x-timer
S1718235235.266578,VS0,VE144
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 23:33:55 GMT
12.2e4d3453d92fa382c1f6.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9678dd86513c236593527c9b89e5a95d64621c8b7dbe5f27638ab6c5c858a106
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
feca428bd1400
dc
ccg11-origin-www-1.paypal.com
content-length
15426
x-served-by
cache-sjc10062-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 12 Jun 2024 19:33:59 GMT
traceparent
00-0000000000000000000feca428bd1400-605d3c5463778b59-01
x-timer
S1718235235.196744,VS0,VE0
etag
W/"6669f827-e017"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
7, 114
Targeting.php
zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		64 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_1yNnlIufRcT75CB&Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
669b8e41a2dd0fbe7a62d5512165f20f6cab5d0ba39c3ff7256aee220d81e82b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
content-type
application/json
access-control-allow-origin
https://www.paypal.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
camera=(), geolocation=(), microphone=()
trace-id
7d694381ef6bcec8
timing-allow-origin
*
cf-ray
892da60cdc26914c-FRA
grcenterprise_v3.html
www.paypal.com/auth/recaptcha/ Frame BB3D 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/recaptcha/grcenterprise_v3.html
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/auth/createchallenge/4c8f14cb8866f893/recaptchav3.js?_sessionID=iKJIM8zY_RYYxQGG5b3NxP1AtHB0KopK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEE) /
Resource Hash
57bd2ef0ce4d833346ff5e10010792fc55c00bc317df06b6e0cddbab401c69bd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-arch
"x86"
sec-ch-ua-bitness
"64"
sec-ch-ua-full-version
"126.0.6478.55"
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-mobile
?0
sec-ch-ua-model
""
sec-ch-ua-platform
"Win32"
sec-ch-ua-platform-version
"10.0.0"
sec-ch-ua-wow64
?0

Response headers

accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 12 Jun 2024 23:33:55 GMT
dc
ccg11-origin-www-1.paypal.com
etag
W/"15c2-18fe3a4f208"
last-modified
Tue, 04 Jun 2024 14:26:29 GMT
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
paypal-debug-id
08b0ab16a4aa2
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
server
ECAcc (frc/4CEE)
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-000000000000000000008b0ab16a4aa2-6481df04e48fa147-01
vary
Accept-Encoding Accept-Encoding
PayPalOpen-Regular.woff2
www.paypalobjects.com/paypal-ui/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Regular.woff2
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/marketing-resources/css/66/afa9a602071f1154fea203d618da40f33aae8a.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypalobjects.com/marketing-resources/css/66/afa9a602071f1154fea203d618da40f33aae8a.css
Origin
https://www.paypal.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
shield=SJC,src_ip=157.52.96.20,alternate_path=0,ip=157.52.96.20,port=443,name=shield_ssl_cache_sjc10020_SJC,status=200,reason=OK,method=GET,url="/paypal-ui/fonts/PayPalOpen-Regular.woff2",host=www.paypalobjects.com
log-timing
fetch=149072,misspass=88,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
6ebaf6db24abf
dc
ccg11-origin-www-1.paypal.com
content-length
27457
x-served-by
cache-sjc10020-SJC, cache-fra-etou8220041-FRA
last-modified
Thu, 02 Jun 2022 17:26:24 GMT
x-timer
S1718235235.385400,VS0,VE0
etag
"6298f2c0-6b41"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
1754, 11074
cookies
www.paypal.com/myaccount/privacy/cookieprefs/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/myaccount/privacy/cookieprefs/cookies?eventSource=pageLoad&page=main:mktg:business:partner:prepaid-discover:::&component=mppnodeweb&eventSourceUrl=https://www.paypal.com/it/webapps/mpp/prepaid-discover
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CB2) /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-vl0INSXejVj4lNAFt3/dsTh8IICV00dEsSUFfdqlpuu4y9Iy' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://recaptcha.net/; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://recaptcha.net/ https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://id.venmo.com https://venmo.com/ https://api.sprig.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; frame-ancestors 'self' https://www.zettle.com/; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-arch
"x86"
sec-ch-ua-platform-version
"10.0.0"
X-Requested-With
XMLHttpRequest
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-bitness
"64"
sec-ch-ua-model
""
sec-ch-ua-wow64
?0
sec-ch-ua-platform
"Win32"
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
sec-ch-ua-full-version
"126.0.6478.55"
Accept
application/json
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-vl0INSXejVj4lNAFt3/dsTh8IICV00dEsSUFfdqlpuu4y9Iy' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://recaptcha.net/; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://recaptcha.net/ https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://id.venmo.com https://venmo.com/ https://api.sprig.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; frame-ancestors 'self' https://www.zettle.com/; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
date
Wed, 12 Jun 2024 23:33:55 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
0a013490307ba
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
2
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CB2)
traceparent
00-00000000000000000000a013490307ba-435efa1dc7719a07-01
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
ts
t.paypal.com/ 		42 B
167 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.18&t=1718235235370&g=-120&pgrp=main%3Aprivacy%3Apolicy&page=main%3Aprivacy%3Apolicy%3Agdpr_v2.1&pgst=Unknown&calc=0791683010676&nsid=iKJIM8zY_RYYxQGG5b3NxP1AtHB0KopK&rsta=it_IT&pgtf=Nodejs&env=live&s=ci&ccpg=IT&csci=fffd3e97738d42bebad438cc354ff6a0&comp=mppnodeweb&tsrce=mppnodeweb&cu=0&ef_policy=gdpr_v2.1&xe=105410%2C105409%2C109679%2C109059%2C104406%2C104405%2C104407&xt=123956%2C123954%2C146708%2C143369%2C119037%2C119034%2C119038&pgld=Unknown&bzsr=main&bchn=mktg&tmpl=prepaid-discover&pgsf=business&lgin=out&server=origin&shir=main_mktg_business_partner&pros=2&lgcook=0&event_props=cu%2Clgin%2Cpage%2Cxe%2Cxt&user_props=cu%2Cxe%2Cxt&page_segment=ppcom&api_name=cookieBanner&displaypage=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover&ppage=privacy_banner&bannertype=cookiebanner&flag=gdpr_v2.1&bannerversion=gdprv21_v4&bannersource=ConsentNodeServ&eligibility_reason=true&is_native=false&cookie_disabled=false&event_name=cookie_banner_shown&product=consentNodeServ&e=ac
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/it/webapps/mpp/prepaid-discover
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0
date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
7a37cba12f5a6
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-etou8220149-FRA
pragma
no-cache
correlation-id
7a37cba12f5a6
traceparent
00-00000000000000000007a37cba12f5a6-d9e38bfebb24d81c-01
x-timer
S1718235235.388375,VS0,VE160
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 23:33:55 GMT
CoreModule.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		100 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/CoreModule.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/12.2e4d3453d92fa382c1f6.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ba4691262fbf1abd2bd988530282374fbe5517357d414d61cba2b6739374d565
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
HIT, HIT
paypal-debug-id
47fbc02ef7a96
dc
ccg11-origin-www-1.paypal.com
content-length
28472
x-served-by
cache-sjc10066-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 12 Jun 2024 19:33:59 GMT
traceparent
00-000000000000000000047fbc02ef7a96-742ac738f722bfaa-01
x-timer
S1718235235.408031,VS0,VE0
etag
W/"6669f827-190b6"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
2, 108
4.bee7caf079144a7b9980.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/4.bee7caf079144a7b9980.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ea680c36b1e632fc0a96cd21231f1d9e17db700b8b68729328c5b8972e2d3622
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
MISS, HIT
paypal-debug-id
ea798497dc9d0
dc
ccg11-origin-www-1.paypal.com
content-length
1119
x-served-by
cache-sjc10069-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 12 Jun 2024 19:33:59 GMT
traceparent
00-0000000000000000000ea798497dc9d0-ce6e13e68df2903d-01
x-timer
S1718235235.467012,VS0,VE0
etag
W/"6669f827-9ed"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
2, 108
1.1303dc17a61da0f506d3.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		29 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/1.1303dc17a61da0f506d3.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e7d287b90b3a071aed8c9860f22cff01bcb34fcfc45bd90319bac450226d1e6d
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
MISS, HIT
paypal-debug-id
0092a506dc10f
dc
ccg11-origin-www-1.paypal.com
content-length
6159
x-served-by
cache-sjc1000136-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 12 Jun 2024 19:33:58 GMT
traceparent
00-00000000000000000000092a506dc10f-b05b1a7309ac3ffb-01
x-timer
S1718235235.467217,VS0,VE0
etag
W/"6669f826-7257"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
1, 108
17.0e47ac923c1fa85e46cf.chunk.js
www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/17.0e47ac923c1fa85e46cf.chunk.js?Q_CLIENTVERSION=1.64.1&Q_CLIENTTYPE=hostedjs&Q_BRANDID=paypalxm
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/pa/3pjs/qualtrics/1.64.1/OrchestratorMain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
b3a8d966d249beda7f50ac3c2bfbb549109d5aee49c948aaba10cffade528715
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
br
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
x-cache
MISS, HIT
paypal-debug-id
983ae4e398fe9
dc
ccg11-origin-www-1.paypal.com
content-length
7495
x-served-by
cache-sjc10045-SJC, cache-fra-etou8220085-FRA
last-modified
Wed, 12 Jun 2024 19:33:59 GMT
traceparent
00-0000000000000000000983ae4e398fe9-f26d976cd29996cc-01
x-timer
S1718235235.467396,VS0,VE0
etag
W/"6669f827-4a99"
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
access-control-allow-headers
x-csrf-token
x-cache-hits
2, 108
enterprise.js
www.recaptcha.net/recaptcha/ Frame BB3D 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=it
Requested by
Host: www.paypal.com
URL: https://www.paypal.com/auth/recaptcha/grcenterprise_v3.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a0b6e593c812b124aab71664514b7119e052ae37d0835698cb09c937f9a7ad2a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Wed, 12 Jun 2024 23:33:55 GMT
pp32.png
www.paypalobjects.com/webstatic/icon/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/icon/pp32.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
538cf688eaad3d9891630f7d369a9e6d34e125011520853739b44b72869e42eb
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
fastly-io-served-by
vpop-haf2300713
x-cache
HIT, HIT
fastly-io-info
ifsz=3972 idim=32x32 ifmt=png ofsz=1514 odim=32x32 ofmt=png
paypal-debug-id
d0e9ffc607f7b
fastly-stats
io=1
dc
ccg11-origin-www-1.paypal.com
content-length
1514
x-served-by
cache-sjc1000107-SJC, cache-fra-etou8220085-FRA
traceparent
00-0000000000000000000d0e9ffc607f7b-1df44fb7ed48e7ec-01
x-timer
S1718235236.674366,VS0,VE0
etag
"L8ILBcMkrkSJB9s5nmuLuLKzLm5JpnBB7E2KeA4ZxRU"
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
5093, 1486
recaptcha__it.js
www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/ Frame BB3D 		516 KB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/recaptcha__it.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/enterprise.js?render=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&hl=it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c6cc548a7f956b72e1c55ed5fa4ee1a56f27354ba7155bfc60452215b4bd159
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Origin
https://www.paypal.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 11 Jun 2024 11:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
130309
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
209609
x-xss-protection
0
last-modified
Mon, 10 Jun 2024 16:44:59 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 11 Jun 2025 11:22:06 GMT
favicon.ico
www.paypalobjects.com/webstatic/icon/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.paypalobjects.com/webstatic/icon/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
Security Headers
Name Value
Strict-Transport-Security max-age=31557600
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 12 Jun 2024 23:33:55 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
strict-transport-security
max-age=31557600
log-origin
shield=SJC,src_ip=157.52.96.23,alternate_path=0,ip=157.52.96.23,port=443,name=shield_ssl_cache_sjc10023_SJC,status=200,reason=OK,method=GET,url="/webstatic/icon/favicon.ico",host=www.paypalobjects.com
log-timing
fetch=146732,misspass=81,do_stream=0
x-cache
HIT, HIT
paypal-debug-id
fe4f7e62c987c
dc
ccg11-origin-www-1.paypal.com
content-length
5430
x-served-by
cache-sjc10023-SJC, cache-fra-etou8220085-FRA
last-modified
Thu, 01 May 2014 21:26:45 GMT
traceparent
00-0000000000000000000fe4f7e62c987c-d8992e683b45d2ac-01
x-timer
S1718235236.710993,VS0,VE0
etag
"5362bc15-1536"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/x-icon
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits
8792, 4257
anchor
www.recaptcha.net/recaptcha/enterprise/ Frame 89D8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/enterprise/anchor?ar=1&k=6LdCCOUUAAAAAHTE-Snr6hi4HJGtJk_d1_ce-gWB&co=aHR0cHM6Ly93d3cucGF5cGFsLmNvbTo0NDM.&hl=it&v=TqxSU0dsOd2Q9IbI7CpFnJLD&size=invisible&cb=fjox1sd28m48
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/TqxSU0dsOd2Q9IbI7CpFnJLD/recaptcha__it.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-W_vK3Fm4nvna49VK2Pbj2Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.paypal.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-W_vK3Fm4nvna49VK2Pbj2Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 12 Jun 2024 23:33:56 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ts
t.paypal.com/ 		42 B
513 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.18&t=1718235236108&g=-120&pgrp=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover&page=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover%3A%3A%3A&pgst=Unknown&calc=0791683010676&nsid=iKJIM8zY_RYYxQGG5b3NxP1AtHB0KopK&rsta=it_IT&pgtf=Nodejs&env=live&s=ci&ccpg=it&csci=fffd3e97738d42bebad438cc354ff6a0&comp=mppnodeweb&tsrce=mppnodeweb&cu=0&ef_policy=gdpr_v2.1&xe=107814%2C104449%2C105841&xt=140224%2C142459%2C135141&pgld=Unknown&bzsr=main&bchn=mktg&tmpl=prepaid-discover&pgsf=business&lgin=out&server=origin&shir=main_mktg_business_partner&pros=2&lgcook=0&event_props=cu%2Clgin%2Cpage%2Cxe%2Cxt&user_props=cu%2Cxe%2Cxt&page_segment=ppcom&event_name=ppcom_page_viewed&e=im&c_prefs=T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial&imsrc=setup&view=%7B%22t10%22%3A1%2C%22t11%22%3A2213%2C%22tcp%22%3A1374%2C%22et%22%3A%224g%22%2C%22nt%22%3A%22navigate%22%2C%22bt%22%3A313%7D&pt=Prepagata%20PayPal%20-%20La%20carta%20prepagata%20di%20PayPal&cd=24&sw=1600&sh=1200&dw=1600&dh=1200&bw=1600&bh=1200&ce=1&t1=1&t1c=0&t1d=0&t1s=0&t2=494&t3=1&t4d=0&t4=0&t4e=1&tt=1899&rdc=0&protocol=h2&cdn=edgecast&res=%7B%7D&rtt=197
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0
date
Wed, 12 Jun 2024 23:33:56 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
650dafcffa448
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-etou8220149-FRA
pragma
no-cache
correlation-id
650dafcffa448
traceparent
00-0000000000000000000650dafcffa448-bc568036aca75e79-01
x-timer
S1718235236.127655,VS0,VE150
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 23:33:56 GMT
verifygrcenterprise
www.paypal.com/auth/ 		0
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/auth/verifygrcenterprise
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CF7) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-VnA4GCoOHUu157mrdlopvlZBhrZLeyHOeh3vzS/iMpX3W5G5' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-arch
"x86"
Content-Type
application/x-www-form-urlencoded
sec-ch-ua-full-version
"126.0.6478.55"
sec-ch-ua-platform-version
"10.0.0"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
x-requested-with
XMLHttpRequest
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-bitness
"64"
sec-ch-ua-model
""
sec-ch-ua-wow64
?0
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; script-src 'nonce-VnA4GCoOHUu157mrdlopvlZBhrZLeyHOeh3vzS/iMpX3W5G5' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.recaptcha.net https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src https://*.paypalobjects.com https://objects.paypal.cn https://*.paypal.com https://*.paypal.cn https://ak1s.abmr.net https://ak1.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://www.google.com https://www.recaptcha.net https://paypal-api.arkoselabs.com https://paypal-api.arkose.com.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com; form-action 'self' https://*.paypal.com https://*.paypal.cn https://*.zettle.com https://*.xoom.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 12 Jun 2024 23:33:57 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
022673aa18a77
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
20
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4CF7)
traceparent
00-0000000000000000000022673aa18a77-6dc916a441e6d96f-01
vary
Accept-Encoding
cache-control
max-age=0, no-cache, no-store, must-revalidate
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*
ts
t.paypal.com/ 		42 B
775 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.paypal.com/ts?v=1.8.18&t=1718235237109&g=-120&pgrp=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover&page=main%3Amktg%3Abusiness%3Apartner%3Aprepaid-discover%3A%3A%3A&pgst=Unknown&calc=0791683010676&nsid=iKJIM8zY_RYYxQGG5b3NxP1AtHB0KopK&rsta=it_IT&pgtf=Nodejs&env=live&s=ci&ccpg=it&csci=fffd3e97738d42bebad438cc354ff6a0&comp=mppnodeweb&tsrce=mppnodeweb&cu=0&ef_policy=gdpr_v2.1&xe=107814%2C104449%2C105841&xt=140224%2C142459%2C135141&pgld=Unknown&bzsr=main&bchn=mktg&tmpl=%2F%2Ft.paypal.&pgsf=business&lgin=out&server=origin&shir=main_mktg_business_partner&pros=2&lgcook=0&event_props=cu%2Clgin%2Cpage%2Cxe%2Cxt&user_props=cu%2Cxe%2Cxt&page_segment=ppcom&event_name=t_paypal_cpl&t1=1&t1c=0&t1d=0&t1s=0&t2=186&t3=1&tt=187&protocol=h2&cdn=fastly&view=%7B%22t10%22%3A1%2C%22t11%22%3A187%2C%22nt%22%3A%22res%22%7D&e=pf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-cache-hits
0
date
Wed, 12 Jun 2024 23:33:57 GMT
via
1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS
p3p
CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id
9ced199aa0f5c
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
x-served-by
cache-fra-etou8220149-FRA
pragma
no-cache
correlation-id
9ced199aa0f5c
traceparent
00-00000000000000000009ced199aa0f5c-28c5eeedad872f2a-01
x-timer
S1718235237.128505,VS0,VE145
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 12 Jun 2024 23:33:57 GMT
cookies
www.paypal.com/myaccount/privacy/cookieprefs/ 		2 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.paypal.com/myaccount/privacy/cookieprefs/cookies?eventSource=afterPageLoad&page=main:mktg:business:partner:prepaid-discover:::&component=mppnodeweb&eventSourceUrl=https://www.paypal.com/it/webapps/mpp/prepaid-discover
Requested by
Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/webcaptcha/ngrlCaptcha.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4D07) /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-BY/CRiWsHmc1LoExdwhzJnlJyloqR8zQlPRFBQ2jy41TzXIG' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://recaptcha.net/; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://recaptcha.net/ https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://id.venmo.com https://venmo.com/ https://api.sprig.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; frame-ancestors 'self' https://www.zettle.com/; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-arch
"x86"
sec-ch-ua-platform-version
"10.0.0"
X-Requested-With
XMLHttpRequest
sec-ch-ua-full-version-list
"Not/A)Brand";v="8.0.0.0", "Chromium";v="126.0.6478.55", "Google Chrome";v="126.0.6478.55"
sec-ch-ua-bitness
"64"
sec-ch-ua-model
""
sec-ch-ua-wow64
?0
sec-ch-ua-platform
"Win32"
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json
sec-ch-ua-full-version
"126.0.6478.55"
Accept
application/json
Referer
https://www.paypal.com/it/webapps/mpp/prepaid-discover

Response headers

content-security-policy
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-BY/CRiWsHmc1LoExdwhzJnlJyloqR8zQlPRFBQ2jy41TzXIG' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://recaptcha.net/; img-src 'self' * data:; object-src 'none'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://recaptcha.net/ https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://id.venmo.com https://venmo.com/ https://api.sprig.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; frame-ancestors 'self' https://www.zettle.com/; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
date
Wed, 12 Jun 2024 23:33:58 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
paypal-debug-id
0311274515405
server-timing
content-encoding;desc="", x-cdn;desc="edgecast"
dc
ccg11-origin-www-1.paypal.com
content-length
2
x-xss-protection
1; mode=block
accept-ch
sec-ch-ua-full, sec-ch-ua-arch, sec-ch-ua-model, sec-ch-ua-platform-version, sec-ch-ua-full-version, sec-ch-ua-full-version-list, sec-ch-ua-bitness, sec-ch-ua-wow64
server
ECAcc (frc/4D07)
traceparent
00-00000000000000000000311274515405-f08bbfb722fd6c63-01
etag
W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.paypal.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
origin-trial
AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
permissions-policy
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
timing-allow-origin
*

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage object| antiClickjack object| modelData boolean| paypalADSInterceptorInjected object| dataLayer object| PAYPAL object| fpti string| fptiserverurl object| _ifpti function| t object| latmconf object| laDataLayer object| QSI object| React object| ReactDOM object| WAFQualtricsWebpackJsonP-hosted-1.64.1 function| _0x2745 function| _0x1a8b function| openSalesChat function| bindGdprEvents function| hideGdprBanner function| showGdprBanner object| _qsie object| PageBundle

11 Cookies

Domain/Path Name / Value
www.recaptcha.net/recaptcha Name: _GRECAPTCHA
Value: 09AHVui7-WUNjoduyKBi8I58vfN3BF4oX5ODlXF4CNX4WualKnboQJp1iMBZwuSQ8Gc9yfYsG9zLvmiNdfVvKuja8
.paypal.com/ Name: ts_c
Value: vr%3D0eccffec1900a55120c5c14fffcb46b5%26vt%3D0eccffec1900a55120c5c14fffcb46b4
.paypal.com/ Name: enforce_policy
Value: gdpr_v2.1
.paypal.com/ Name: cookie_check
Value: yes
.paypal.com/ Name: LANG
Value: it_IT%3BIT
www.paypal.com/ Name: nsid
Value: s%3AiKJIM8zY_RYYxQGG5b3NxP1AtHB0KopK.WqsOfiaszsJ9an7D7IMZLrCXZFJqDU8zFZzVyB7n4uc
.paypal.com/ Name: l7_az
Value: dcg01.phx
.paypal.com/ Name: cookie_prefs
Value: T%3D0%2CP%3D0%2CF%3D0%2Ctype%3Dinitial
.paypal.com/ Name: x-pp-s
Value: eyJ0IjoiMTcxODIzNTIzODUzOCIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/ Name: tsrce
Value: privacynodeweb
.paypal.com/ Name: ts
Value: vreXpYrS%3D1812843238%26vteXpYrS%3D1718237038%26vr%3D0eccffec1900a55120c5c14fffcb46b5%26vt%3D0eccffec1900a55120c5c14fffcb46b4%26vtyp%3Dnew

1 Console Messages

Source Level URL
Text
security warning URL: https://www.paypal.com/auth/recaptcha/grcenterprise_v3.html
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-KNynUXy4+m9arDajhA8nMtoZNSQh0BmjuEErmCOzOYsPRZGX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images.ctfassets.net
paypal-prepagata.com
t.paypal.com
www.gstatic.com
www.paypal-prepagata.com
www.paypal.com
www.paypalobjects.com
www.recaptcha.net
zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com
104.17.208.240
151.101.130.133
151.101.3.1
151.101.65.35
192.229.221.25
2600:9000:26db:aa00:12:94b3:c380:93a1
2a00:1450:4001:80f::2003
2a00:1450:4001:827::2003
64.4.250.38
0d4d4b0ee4bdbbbfdf2fa8cc4c0ba0332a3798c2629cb806d249712f6a7063e3
1326e022b5023db7ce5c14687d3068bcf509ce148d6bb08ffb2d56eb4b047f6c
14c6c504bd1d7be956aaf5b73c32469bac551cd6b7b09bcdd3a566e7528fcfe6
15213b958a0af95e33fb82a50fc1a68ef2f171b3762662957e91ef1d834291f8
1688d0e9754c0e66b8eb33895159cf436fc5fe1d1a41d09ec9140e870896afd0
1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
2d09578ee636adee2e9ae4055f616e2ff3d12116ba86bf5206dd1b0701346e72
4be8b546dbb09a4b486f6efab312ee3e5c94cb12e05dbe389c20d5cf391e3da2
4d139e83ce45fb58a931697cabba2c6238b41cce5ffe7cc3519e12d9d6aefe4b
502c546f3fb2950c370c6a9b7706ce428c1fb034c64c2a7bf0284d9ceda9fb7e
538cf688eaad3d9891630f7d369a9e6d34e125011520853739b44b72869e42eb
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57bd2ef0ce4d833346ff5e10010792fc55c00bc317df06b6e0cddbab401c69bd
5ce45f088da786c509e00bbf9727a735abe35b51ac0de766883ef95279b28a66
64ada321dbb67d15dbea50c2bb50ed5156c78450e132e5c54c7df43f4496630e
669b8e41a2dd0fbe7a62d5512165f20f6cab5d0ba39c3ff7256aee220d81e82b
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
7c6cc548a7f956b72e1c55ed5fa4ee1a56f27354ba7155bfc60452215b4bd159
855a6bf411932b8bc99bf7acdcefcb67f10f21ec4acc6ae77e26d91265a2e928
8b43508aba121c079651841e31c71adc6ddecca7cfbb0ee310498bf415d907b8
932ec8fdb4d0b00336a6c1cd5ed7f80f6f53ddf2282c451fd5897f411aa19bc6
9678dd86513c236593527c9b89e5a95d64621c8b7dbe5f27638ab6c5c858a106
9924560b9904ab7730ef349123a92bdd7f5aec477051fbe927d951970c78a69f
9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df
9e114547048fe17de0e1d0705ac0bc563521c5bdb91a5105b43ebb0d9cc6ac44
a0b6e593c812b124aab71664514b7119e052ae37d0835698cb09c937f9a7ad2a
af93d1d952b2dc42c029871cbbb92988835b31c86d4f0cb6a9674b1d1714a20f
b30c5cb98b7cad23ce739a411097717483a8f50d556aed2aa1d37bd55b5ce76c
b3a8d966d249beda7f50ac3c2bfbb549109d5aee49c948aaba10cffade528715
ba4691262fbf1abd2bd988530282374fbe5517357d414d61cba2b6739374d565
c2c7a837ef71fdc1ae707aba929bffa692c6a57f14d9dd6f86a6a7f12d689f6c
cc454f165edd67e689abd988859b242e79d90c7f584ccaaa7bf88c10e3a443ad
d5c7bcec10cda242751f1a935aa837657527a189b3f157489fb600d0ae2f9b64
d81bfefd8585b694222d3e94e9dee5d7935049c65355f9fd096800301d51545b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7d287b90b3a071aed8c9860f22cff01bcb34fcfc45bd90319bac450226d1e6d
ea680c36b1e632fc0a96cd21231f1d9e17db700b8b68729328c5b8972e2d3622