www.gesa.com Open in urlscan Pro
2606:4700:3034::6815:2785 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.gesa.com//resources//forms/-and/-tax/-information/-5//
Effective URL:
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Submission: On September 14 via api (September 14th 2024, 12:25:26 am UTC) from US — Scanned from DE

Summary HTTP 132 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 31 IPs in 7 countries across 23 domains to perform 132 HTTP transactions. The main IP is 2606:4700:3034::6815:2785, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.gesa.com. The Cisco Umbrella rank of the primary domain is 943248.
TLS certificate: Issued by WE1 on September 5th 2024. Valid for: 3 months.

This is the only time www.gesa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 72	2606:4700:303... 2606:4700:3034::6815:2785	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.0.114 151.101.0.114	54113 (FASTLY) (FASTLY)
1	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6810:4f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
2	54.86.249.138 54.86.249.138	14618 (AMAZON-AES) (AMAZON-AES)
5	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
4	104.19.147.8 104.19.147.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a99	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	37.157.6.245 37.157.6.245	198622 (ADFORM) (ADFORM)
1	52.24.78.187 52.24.78.187	16509 (AMAZON-02) (AMAZON-02)
4	3.74.18.239 3.74.18.239	16509 (AMAZON-02) (AMAZON-02)
2	54.191.174.242 54.191.174.242	16509 (AMAZON-02) (AMAZON-02)
3	52.88.183.153 52.88.183.153	16509 (AMAZON-02) (AMAZON-02)
2	3.132.11.109 3.132.11.109	16509 (AMAZON-02) (AMAZON-02)
5	23.213.161.215 23.213.161.215	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:225... 2600:9000:225b:f600:18:6c16:27c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c02::9b	15169 (GOOGLE) (GOOGLE)
1	142.250.186.99 142.250.186.99	15169 (GOOGLE) (GOOGLE)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.107.203.234 34.107.203.234	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	185.167.164.49 185.167.164.49	198622 (ADFORM) (ADFORM)
1	34.248.190.127 34.248.190.127	16509 (AMAZON-02) (AMAZON-02)
1	52.85.65.99 52.85.65.99	16509 (AMAZON-02) (AMAZON-02)
1	108.138.36.92 108.138.36.92	16509 (AMAZON-02) (AMAZON-02)
8	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	37.157.6.232 37.157.6.232	198622 (ADFORM) (ADFORM)
1	37.157.6.233 37.157.6.233	198622 (ADFORM) (ADFORM)
132	31

72 2606:4700:3034::6815:2785 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.gesa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.114 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.evgnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.node7seat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4f49 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.86.249.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-86-249-138.compute-1.amazonaws.com

gesacu.us-1.evergage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.147.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a99 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.245 (Denmark)

ASN198622 (ADFORM, DK)

s2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.24.78.187 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-24-78-187.us-west-2.compute.amazonaws.com

app.truconversion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.74.18.239 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-18-239.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.191.174.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-191-174-242.us-west-2.compute.amazonaws.com

app.leadsrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.88.183.153 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-88-183-153.us-west-2.compute.amazonaws.com

api.alpharank.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.alpharank.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.132.11.109 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-132-11-109.us-east-2.compute.amazonaws.com

collector-37937.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.213.161.215 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-215.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225b:f600:18:6c16:27c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

tools.luckyorange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c02::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.203.234 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 234.203.107.34.bc.googleusercontent.com

settings.luckyorange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.167.164.49 (Denmark) 1 redirects

ASN198622 (ADFORM, DK)

a2.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.190.127 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-190-127.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.65.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-65-99.muc50.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.36.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-92.muc50.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.232 (Denmark)

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.233 (Denmark)

ASN198622 (ADFORM, DK)

a1.seadform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
72	gesa.com 2 redirects www.gesa.com — Cisco Umbrella Rank: 943248	1 MB
8	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	6 KB
7	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2506 tracking.crazyegg.com — Cisco Umbrella Rank: 4420 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5443 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5336	41 KB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 801	137 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 178	87 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 327 px4.ads.linkedin.com — Cisco Umbrella Rank: 6795	2 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2778	10 KB
4	adform.net 1 redirects s2.adform.net — Cisco Umbrella Rank: 7642 a2.adform.net — Cisco Umbrella Rank: 7423 c1.adform.net — Cisco Umbrella Rank: 635	33 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	411 KB
3	luckyorange.com tools.luckyorange.com — Cisco Umbrella Rank: 14480 settings.luckyorange.com — Cisco Umbrella Rank: 14415	5 KB
3	alpharank.io api.alpharank.io — Cisco Umbrella Rank: 74174 pixel.alpharank.io — Cisco Umbrella Rank: 75984	47 KB
2	tvsquared.com collector-37937.tvsquared.com	9 KB
2	leadsrx.com app.leadsrx.com — Cisco Umbrella Rank: 12386	17 KB
2	evergage.com gesacu.us-1.evergage.com	1 KB
1	seadform.net a1.seadform.net — Cisco Umbrella Rank: 26333	467 B
1	google.de www.google.de — Cisco Umbrella Rank: 10137	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 130	252 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4054
1	truconversion.com app.truconversion.com — Cisco Umbrella Rank: 85449	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 782	14 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 670	7 KB
1	node7seat.com secure.node7seat.com — Cisco Umbrella Rank: 816942	321 B
1	evgnet.com cdn.evgnet.com — Cisco Umbrella Rank: 3697	49 KB
132	23

	Domain	Requested by
72	www.gesa.com	2 redirects www.gesa.com static.cloudflareinsights.com
8	www.facebook.com
5	analytics.tiktok.com	www.gesa.com analytics.tiktok.com
5	connect.facebook.net	www.gesa.com connect.facebook.net
4	tags.srv.stackadapt.com	www.gesa.com tags.srv.stackadapt.com
4	script.crazyegg.com	www.googletagmanager.com script.crazyegg.com
4	www.googletagmanager.com	www.gesa.com www.googletagmanager.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
2	a2.adform.net	1 redirects
2	settings.luckyorange.com	tools.luckyorange.com
2	collector-37937.tvsquared.com	www.gesa.com
2	api.alpharank.io	www.googletagmanager.com api.alpharank.io
2	app.leadsrx.com	www.gesa.com app.leadsrx.com
2	gesacu.us-1.evergage.com	cdn.evgnet.com
1	pixel.alpharank.io	api.alpharank.io
1	a1.seadform.net
1	c1.adform.net	a2.adform.net
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	tracking.crazyegg.com	script.crazyegg.com
1	px4.ads.linkedin.com
1	www.google.de
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	tools.luckyorange.com	www.googletagmanager.com
1	app.truconversion.com	www.gesa.com
1	s2.adform.net	www.gesa.com
1	snap.licdn.com	www.googletagmanager.com
1	static.cloudflareinsights.com	www.gesa.com
1	secure.node7seat.com	www.gesa.com
1	cdn.evgnet.com	www.gesa.com
132	31

This site contains links to these domains. Also see Links.

Domain
onlinexpress.gesa.com
www.facebook.com
www.instagram.com
twitter.com
vimeo.com
www.linkedin.com
www.lpl.com

Subject Issuer	Validity	Valid
www.gesa.com WE1	`2024-09-05` - `2024-12-04`	3 months	crt.sh
cdn.evergage.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-14` - `2025-02-12`	a year	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-24` - `2025-08-05`	a year	crt.sh
cloudflareinsights.com WE1	`2024-09-03` - `2024-12-02`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.us-1.evergage.com Amazon RSA 2048 M02	`2024-06-04` - `2025-07-02`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-23` - `2024-09-21`	3 months	crt.sh
script.crazyegg.com Cloudflare Inc ECC CA-3	`2024-08-02` - `2024-12-31`	5 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-03` - `2025-09-24`	a year	crt.sh
www.truconversion.com Sectigo RSA Domain Validation Secure Server CA	`2023-10-15` - `2024-11-13`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2024-08-09` - `2025-09-07`	a year	crt.sh
*.leadsrx.com GeoTrust TLS ECC CA G1	`2024-05-02` - `2025-04-11`	a year	crt.sh
api.alpharank.io R10	`2024-08-05` - `2024-11-03`	3 months	crt.sh
*.tvsquared.com Amazon RSA 2048 M02	`2024-06-14` - `2025-07-12`	a year	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
luckyorange.com Amazon RSA 2048 M03	`2023-11-18` - `2024-12-15`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.de WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
settings.luckyorange.com R10	`2024-08-05` - `2024-11-03`	3 months	crt.sh
crazyegg.com Amazon RSA 2048 M03	`2024-05-24` - `2025-06-23`	a year	crt.sh
*.seadform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-08`	a year	crt.sh
pixel.alpharank.io R10	`2024-07-30` - `2024-10-28`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Frame ID: 83628369EE84149FA20A0BA46BB3590B
Requests: 139 HTTP requests in this frame

Frame: https://c1.adform.net/imatch/pixels?bt=0&uid=6205908680845729888&agencyId=7028&advertiserId=2079361&src=tp&rnd=141187
Frame ID: 36B15C861448BFA1CC528DCA9B2DBC55
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page not found | Washington Credit Union | Loans | Savings Accounts | Gesa

Page URL History Show full URLs

http://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 307
https://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 301
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ HTTP 307
http://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 307
https://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 301
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Elementor (Landing Page Builders) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href=(?:"|')[^"']*elementor/assets

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

Weglot (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

wp-content/plugins/weglot

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

132
Requests

97 %
HTTPS

30 %
IPv6

23
Domains

31
Subdomains

31
IPs

7
Countries

2193 kB
Transfer

6817 kB
Size

84
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://onlinexpress.gesa.com/Banking/SignIn.aspx
Title: Log In

Search URL Search Domain Scan URL

URL: https://www.facebook.com/GesaCU
Title: Facebook-f

Search URL Search Domain Scan URL

URL: https://www.instagram.com/gesacu/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://twitter.com/GesaCU
Title: X

Search URL Search Domain Scan URL

URL: http://vimeo.com/gesacu
Title: Vimeo .cls-1{fill:none;}.cls-2{fill:#31414f;}

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/gesa-credit-union
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://www.lpl.com/CRS
Title: LPL Financial Form CRS

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 307
https://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 301
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ HTTP 307
http://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 307
https://www.gesa.com//resources//forms/-and/-tax/-information/-5// HTTP 301
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 107

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2 HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2&e_ipv6=AQKzNJu3pCsM6AAAAZHt64f1hAv_FX_2FXLuORv5wh9GRYYw4rtVSrQH-yJQVNO4Lg

Request Chain 110

https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24 HTTP 302
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24

132 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request / Show response
www.gesa.com/resources/forms/-and/-tax/-information/-5/
Redirect Chain

http://www.gesa.com//resources//forms/-and/-tax/-information/-5//
https://www.gesa.com//resources//forms/-and/-tax/-information/-5//
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
http://www.gesa.com//resources//forms/-and/-tax/-information/-5//
https://www.gesa.com//resources//forms/-and/-tax/-information/-5//
https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

541 KB
53 KB

2001ms
2000ms

Document
text/html

2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

8fede52ccf357147ddc53de46b2e80ac24b0b7bc647ee972fc594b8918955546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8c2c3d348ac037ce-FRA
content-encoding: br
content-security-policy-report-only: default-src 'self'; script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'; script-src-attr 'nonce-d208ab1ac8' https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js; style-src 'self' https://d10lpsik1i8c69.cloudfront.net https://tags.srv.stackadapt.com https://tagmanager.google.com/ https://fonts.googleapis.com/ 'unsafe-inline'; connect-src 'self' https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://*.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com; img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://td.doubleclick.net/; font-src 'self' data:; base-uri 'self'; manifest-src 'self'; object-src 'none'; worker-src blob: ;
content-type: text/html; charset=UTF-8
date: Sat, 14 Sep 2024 00:25:20 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: <https://www.gesa.com/wp-json/>; rel="https://api.w.org/"
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-cache: HIT: 1
x-cache-group: normal
x-cacheable: non200
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-xss-protection: 1; mode=block

Redirect headers

cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8c2c3d2208d837ce-FRA
content-security-policy-report-only: default-src 'self'; script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'; script-src-attr 'nonce-d208ab1ac8' https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js; style-src 'self' https://d10lpsik1i8c69.cloudfront.net https://tags.srv.stackadapt.com https://tagmanager.google.com/ https://fonts.googleapis.com/ 'unsafe-inline'; connect-src 'self' https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://*.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com; img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://td.doubleclick.net/; font-src 'self' data:; base-uri 'self'; manifest-src 'self'; object-src 'none'; worker-src blob: ;
content-type: text/html; charset=UTF-8
date: Sat, 14 Sep 2024 00:25:16 GMT
expires: Sat, 14 Sep 2024 01:25:16 GMT
location: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding
x-cache: MISS
x-cache-group: normal
x-cacheable: non200
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: WP Engine
x-redirect-by: WordPress
x-xss-protection: 1; mode=block

GET
H2 200 styles.min.css
www.gesa.com/wp-content/plugins/wp-store-locator/css/ 15 KB
3 KB 35ms
22ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/wp-store-locator/css/styles.min.css?ver=2.2.235

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a2adf4c1187ff44afb6596a750c078a97b07717364daade11a8c337771832e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-3a83"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179cb37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 front-css.css
www.gesa.com/wp-content/plugins/weglot/dist/css/ 51 KB
6 KB 38ms
26ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/dist/css/front-css.css?ver=4.2.7

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 514709
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 01 Jul 2024 15:49:42 GMT
server: cloudflare
etag: W/"6682d016-cca5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179cc37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 new-flags.css
www.gesa.com/wp-content/plugins/weglot/app/styles/ 86 KB
5 KB 33ms
22ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/app/styles/new-flags.css?ver=4.2.7

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 01 Jul 2024 15:49:42 GMT
server: cloudflare
etag: W/"6682d016-15817"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179cd37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 elementor-icons.min.css
www.gesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 40ms
28ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.16.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-4b4f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179ce37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 frontend.min.css
www.gesa.com/wp-content/plugins/elementor/assets/css/ 158 KB
19 KB 48ms
36ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:46 GMT
server: cloudflare
etag: W/"6480cc5e-27687"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179cf37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 frontend.min.css
www.gesa.com/wp-content/plugins/elementor-pro/assets/css/ 483 KB
41 KB 38ms
27ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b10604af435fcda6674878212b06d1b8d557aee0f5c877dc5befab22ebf71c9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:39 GMT
server: cloudflare
etag: W/"6480cc57-78c7d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179d037ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 default.min.css
www.gesa.com/wp-content/plugins/tablepress/css/ 5 KB
2 KB 56ms
45ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/tablepress/css/default.min.css?ver=1.14

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:13 GMT
server: cloudflare
etag: W/"6480cc3d-13e4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179d137ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 responsive.css
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/ 30 KB
3 KB 34ms
23ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-764b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179d237ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 foundation.css
www.gesa.com/wp-content/themes/gesa/assets/css/ 167 KB
17 KB 56ms
45ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/css/foundation.css?ver=6.5.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e77dafe902b5371d42c7e236b778a91874bfb8bdb2dc82b3ee3d4803d20fd9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-29dfd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179d337ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 custom.css
www.gesa.com/wp-content/themes/gesa/assets/css/ 392 KB
61 KB 38ms
27ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.26

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d9ac500a9710375caccde637375fbacca29f594ae05cdf340feb7bf461eb765

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 26 Apr 2024 14:47:46 GMT
server: cloudflare
etag: W/"662bbe92-61fcd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179d637ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 style.css
www.gesa.com/wp-content/themes/gesa/ 1 KB
692 B 46ms
35ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/style.css?ver=1.1.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69bba50b17d75423288fd69eb23a6bf3a4ad2b63e762f64bd01c973228204e28

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 11 Jul 2023 08:13:53 GMT
server: cloudflare
etag: W/"64ad0f41-453"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179da37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 front-js.js Show response
www.gesa.com/wp-content/plugins/weglot/dist/ 5 KB
2 KB 67ms
56ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/weglot/dist/front-js.js?ver=4.2.7

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 01 Jul 2024 15:49:42 GMT
server: cloudflare
etag: W/"6682d016-1239"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179dc37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 jquery.min.js Show response
www.gesa.com/wp-includes/js/jquery/ 86 KB
30 KB 46ms
36ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 28 Aug 2023 17:14:23 GMT
server: cloudflare
etag: W/"64ecd5ef-15601"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179dd37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 jquery.bind-first-0.2.3.min.js Show response
www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/ 1 KB
799 B 52ms
42ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/jquery.bind-first-0.2.3.min.js?ver=6.6.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37045bf0d243623db4f2e99567c986944957b336dafa6368f4f75bcbad6fc4fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 139696
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 26 Apr 2024 10:36:51 GMT
server: cloudflare
etag: W/"662b83c3-525"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179de37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 js.cookie-2.1.3.min.js Show response
www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/ 2 KB
953 B 53ms
43ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/js.cookie-2.1.3.min.js?ver=2.1.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4af105297c5b49ca668eaa0774c0eb479e907175f12ccc30e9c038dd7b6fcaf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 26 Apr 2024 10:36:51 GMT
server: cloudflare
etag: W/"662b83c3-6ad"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179df37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 public.js Show response
www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/ 118 KB
19 KB 45ms
36ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/pixelyoursite/dist/scripts/public.js?ver=9.5.5

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3edba055b20ba9ea5fef758edcd02e84007576c3c90c5cf654133001b9332d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 204420
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 26 Apr 2024 10:36:51 GMT
server: cloudflare
etag: W/"662b83c3-1d7d4"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e037ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 evergage.min.js Show response
cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/ 206 KB
49 KB 122ms
95ms Script
application/javascript 151.101.0.114
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.0.114 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49ae7e3bcac8eda5151670882e94705d657e672825aa6678105fca6cd824ffcd

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: dBHX0NInCokIp.Tzmrgk8bZNWPOS3RGI
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Sat, 14 Sep 2024 00:25:20 GMT
x-amz-request-id: 6E8QBFERGK1NHVGV
age: 29
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
x-amz-replication-status: COMPLETED
content-length: 49110
x-amz-id-2: RYDrOudG0sXfarYGWEk/WC6FppoiFQDu5cE6n/DcmSSpZm07RGrl2Wkep09OqSCTt+XDv/+3lMk=
x-served-by: cache-iad-kcgs7200023-IAD, cache-fra-etou8220128-FRA
x-amz-meta-evergage-sum: 0f6d7170ca02b48894168bdac7fe29a5ff03c68f
last-modified: Thu, 05 Sep 2024 23:18:19 GMT
server: AmazonS3
x-timer: S1726273521.891129,VS0,VE88
etag: "df0a07731828d79c64655e5a6c935117"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=120
accept-ranges: bytes
timing-allow-origin: *
x-amz-meta-evergage-beacon-ver: 16
x-cache-hits: 13640, 0

GET
H2 200 sfmc-personalization-content.js Show response
www.gesa.com/wp-content/sfmc/personalization/ 28 KB
4 KB 55ms
46ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/sfmc/personalization/sfmc-personalization-content.js?4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7cce058ee1449cd55e1e5ffa2bf967d5045c91c67fed9f13740be01b0ad1937

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 293142
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 03 Sep 2024 21:58:46 GMT
server: cloudflare
etag: W/"66d78696-7085"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e137ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H/1.1 200
OK 219777.js Show response
secure.node7seat.com/js/ 16 B
321 B 183ms
36ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.node7seat.com/js/219777.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 259411854d366c7e5a8ea50c55f590a6c2d215c9cb8d04b332e8eefe8c25e191

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 14 Sep 2024 00:25:21 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=86400
Connection: keep-alive
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
H2 200 animations.min.css
www.gesa.com/wp-content/plugins/elementor/assets/lib/animations/ 18 KB
3 KB 43ms
35ms Stylesheet
text/css 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-4824"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179db37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 frontend-script.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/ 40 B
168 B 51ms
43ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-28"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e237ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 widget-scripts.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 134 KB
41 KB 52ms
44ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-2193f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e337ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 core.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 21 KB
7 KB 50ms
42ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 139696
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 27 Jun 2024 13:51:43 GMT
server: cloudflare
etag: W/"667d6e6f-53d8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e437ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 menu.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 10 KB
3 KB 48ms
40ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.13.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41788f27f61aab4174275eb5fbbbcaffde0f4f0f07e6900592affad38e09b154

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 139696
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 27 Jun 2024 13:51:43 GMT
server: cloudflare
etag: W/"667d6e6f-27d7"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e537ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 selectmenu.min.js Show response
www.gesa.com/wp-includes/js/jquery/ui/ 9 KB
3 KB 58ms
51ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/jquery/ui/selectmenu.min.js?ver=1.13.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89c3f51110f629231ae765385824fb6df90584e9063db539777b350f868eb859

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 139696
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 27 Jun 2024 13:51:43 GMT
server: cloudflare
etag: W/"667d6e6f-251e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e737ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 foundation.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/ 46 KB
15 KB 54ms
47ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/foundation.min.js?ver=6.5.3

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58a752f5a1298d0757f7953670951352ab722958e4332e1f1f20a315f836e6e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: W/"63d2e310-b835"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e837ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 slick.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 52 KB
11 KB 52ms
45ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/slick.min.js?ver=1.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6c39ab37a92035619ffbf66dd293f6d6980fc1bebdaeb9a0b922775abc32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-d13f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179e937ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 lazyload.min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 8 KB
3 KB 57ms
50ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/lazyload.min.js?ver=12.4.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7866661e9747c63d27963b389bd0bbc19c29dc5255cf7393b727368927e9b06c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-1f24"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179ea37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 jquery.matchHeight-min.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 3 KB
1 KB 51ms
45ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/jquery.matchHeight-min.js?ver=0.7.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

246faa0aca51a7be47ae13827bffdec1f0e69699d291c727646b56e83ee1fd0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-d39"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179eb37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 jquery.fancybox.v3.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/plugins/ 67 KB
22 KB 52ms
46ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/plugins/jquery.fancybox.v3.js?ver=3.5.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4961dda4383b1a3727e5aa981024c40cb07005f89e3264a3ab423eb356380f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:13 GMT
server: cloudflare
etag: W/"63d2e311-10aa1"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179ed37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 webpack.runtime.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 54ms
47ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:45 GMT
server: cloudflare
etag: W/"6480cc5d-135d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179ee37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 frontend-modules.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 32 KB
11 KB 55ms
49ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-80b3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179ef37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 waypoints.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 51ms
45ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-2fa6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179f337ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 frontend.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 40 KB
12 KB 53ms
47ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:44 GMT
server: cloudflare
etag: W/"6480cc5c-9e41"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179f437ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 global.js Show response
www.gesa.com/wp-content/themes/gesa/assets/js/ 43 KB
11 KB 53ms
48ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/js/global.js?ver=1.0.20

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5491e6347e06782a875a30960c3123a9918615eb631bceaa48bbbd1910ec782f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Aug 2024 17:08:43 GMT
server: cloudflare
etag: W/"66b2589b-aa6b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179f537ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 jquery.smartmenus.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/ 25 KB
7 KB 53ms
48ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.0.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:37 GMT
server: cloudflare
etag: W/"647f71b1-6272"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179f837ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 webpack-pro.runtime.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 5 KB
2 KB 58ms
53ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc65806adf6c251323693c9b7adb6b97e19879aa2f5428f2f05c0f08fca18404

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:38 GMT
server: cloudflare
etag: W/"6480cc56-1472"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179fa37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 hooks.min.js Show response
www.gesa.com/wp-includes/js/dist/ 4 KB
2 KB 64ms
59ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cb546fbdda7995d374fffa4b2f6530bbcf57d014639ddf76de45df43d593045

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 31 Jan 2024 12:59:56 GMT
server: cloudflare
etag: W/"65ba444c-10d3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4179fb37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 i18n.min.js Show response
www.gesa.com/wp-includes/js/dist/ 9 KB
4 KB 52ms
47ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 15 Feb 2024 16:53:15 GMT
server: cloudflare
etag: W/"65ce417b-23b5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4189fd37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 frontend.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 21 KB
6 KB 56ms
52ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a7fdd491f449c314d884b9b9b6d11cfe037179d84e567a62e1e19584881e3e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-543b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d4189fe37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 elements-handlers.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
6 KB 55ms
50ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27c3bae726c78894582c23e5b507dda2dacd2c5c8aa9afe17ae179519e4ba3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 293142
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-60dc"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d418a0037ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 animate-circle.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 810 B
551 B 57ms
53ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:44 GMT
server: cloudflare
etag: W/"647f71b8-32a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d418a0137ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 elementor.js Show response
www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/ 18 KB
5 KB 89ms
85ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a496ca0aa2b9981aef70474b2219472dcf25db655779c48e3ab018e268857558

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:33 GMT
server: cloudflare
etag: W/"6480cc51-461c"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d418a0237ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 swiper.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/ 136 KB
35 KB 48ms
44ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=2.7.4

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:30 GMT
server: cloudflare
etag: W/"647f71aa-21f91"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d418a0337ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 jquery.sticky.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/sticky/ 4 KB
2 KB 47ms
44ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.8.1

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399831
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 06 Jun 2023 17:49:37 GMT
server: cloudflare
etag: W/"647f71b1-e89"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d418a0437ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 62ms
36ms Script
text/javascript 2606:4700::6810:4f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4f49 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8c2c3d4269dc65d2-FRA

GET
H2 200 admin-ajax.php Show response
www.gesa.com/wp-admin/ 99 B
296 B 531ms
530ms XHR
application/json 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-admin/admin-ajax.php?action=pys_get_pbid

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

10b08cc61521f1a256d584929dfa21d06697f9e0051b750704c7ecab2bd41b49

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: NO:Passed
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-powered-by: WP Engine
x-cache: MISS
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d422a4f37ce-FRA
x-robots-tag: noindex
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;
x-pass-why: wp-admin

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 393 KB
115 KB 84ms
53ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14e252b67e7b2f8fc2abf948bc6fe6410043abe7c47f7ffed0fecbd51365861a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 117529
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 14 Sep 2024 00:25:21 GMT

GET
H2 200 gesa_prod Show response
gesacu.us-1.evergage.com/api2/event/ 137 B
802 B 309ms
113ms XHR
application/json 54.86.249.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gesacu.us-1.evergage.com/api2/event/gesa_prod?event=eyJpdGVtQWN0aW9uIjpudWxsLCJzb3VyY2UiOnsicGFnZVR5cGUiOiJkZWZhdWx0IiwiY29udGVudFpvbmVzIjpbImdsb2JhbF9pbmZvYmFyX3RvcF9vZl9wYWdlIiwiZ2xvYmFsX2luZm9iYXJfYm90dG9tX29mX3BhZ2UiLCJnbG9iYWxfcG9wdXAiLCJpbmZvYmFyIl0sInVybCI6Imh0dHBzOi8vd3d3Lmdlc2EuY29tL3Jlc291cmNlcy9mb3Jtcy8tYW5kLy10YXgvLWluZm9ybWF0aW9uLy01LyIsInVybFJlZmVycmVyIjoiIiwiY2hhbm5lbCI6IldlYiIsImJlYWNvblZlcnNpb24iOjE2LCJjb25maWdWZXJzaW9uIjoiMTc0In0sImZsYWdzIjp7InBhZ2VWaWV3Ijp0cnVlfSwidXNlciI6eyJhdHRyaWJ1dGVzIjp7fSwiYW5vbklkIjoiZWI3ZGJlNzc1NGNmZDgyOSJ9LCJwZXJmb3JtYW5jZSI6e30sImRlYnVnIjp7ImV4cGxhbmF0aW9ucyI6dHJ1ZX0sImNhdGFsb2ciOnt9LCJjb25zZW50cyI6W10sImFjY291bnQiOnt9LCJfdG9vbHNFdmVudExpbmtJZCI6IjY2MTg4NjcwMzg4ODk5NjQifQ%3D%3D

Requested by

Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.86.249.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-86-249-138.compute-1.amazonaws.com

Software

Resource Hash

d5694b4aa9c53efe0cb6d1a569b18bb0d0f3e01f767c478293282703e8b45321

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8aa916be8ee9babafc0055de42bd64e344202fe3223d463d0cc35e1637f1ea1

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 641611b58754d802f2a7672c62a4d15ee0950f47c28f1bb9b2c1f38d9f7bca50

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51351fc299066f9f6ec2e7ca2a85adad4bc2693d11469515ba23d796904e1621

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 75e0fe33a139622cde1d4bacdef52e609e623b514c56b113c69568fa16c23a12

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b774ecfba495efb9191ea702fe68e667b9d1ee6904d88a5c6301f23cbde66b6c

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 096003258cb51d14dbe7e4229ee63c5e81f101a4f38d45a13036b62d1671d8f0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b354a0e73e811d7d49e6a34cff8a1ca999296498a411ace5efad1c5fc7f58bf

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88bd92a6561a1c265ddd5add029ede12c5acbe96ff6c2d7f0b24c983758466b7

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9702fb282f7460668305673b77e4e30212991aa022fcad56a8bb9b87d4b2908

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c91f391bb3bd4f6dc9a1b1d5208b575630f75cdc8bb5a0f7d272de485b941e7

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff0a79ec21356d69477f2e854838c684d1a18f82c8c384dc8530efd60392f18b

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Patterns-1.svg
www.gesa.com/wp-content/uploads/2022/06/ 8 KB
2 KB 24ms
23ms Image
image/svg+xml 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/Patterns-1.svg

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

54ce8999aee272d8bfed2e1894235f82826e738b22de370cc76692f271d16820

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 175747
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-2013"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d42baa737ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 CircularXXWeb-Medium.woff2
www.gesa.com/wp-content/uploads/2022/06/ 70 KB
70 KB 25ms
23ms Font
font/woff2 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Medium.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5ea45f8ad8b8df8cdebe87f18cfce232468b3e6a028880773a8d09e13789ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 399832
content-length: 71779
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-11863"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d42dab637ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 CircularXXWeb-Book.woff2
www.gesa.com/wp-content/uploads/2022/06/ 67 KB
68 KB 22ms
21ms Font
font/woff2 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Book.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

884ec4af3e42aa326e687947185fce05ecdbd42e4a4481de91495ab423a5259c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 399832
content-length: 69026
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-10da2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d42dab837ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 CircularXXWeb-Bold.woff2
www.gesa.com/wp-content/uploads/2022/06/ 73 KB
74 KB 85ms
84ms Font
font/woff2 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CircularXXWeb-Bold.woff2

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d92ee9c3d13c54f11e88045a5f5ed45550cee1ce7c1b653a9da645d65400fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-length: 75010
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:08 GMT
server: cloudflare
etag: "63977dbc-12502"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d42dab937ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 Besley-Regular.ttf
www.gesa.com/wp-content/uploads/2022/06/ 59 KB
59 KB 30ms
28ms Font
application/octet-stream 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/Besley-Regular.ttf

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ee3b1db07661a9cc8b0fdff20fc508bf14336eadf704d42384e368b0a3ecb7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 399832
content-length: 60500
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 13 Aug 2024 23:21:05 GMT
server: cloudflare
etag: "66bbea61-ec54"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d42daba37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 fa-solid-900.woff
www.gesa.com/wp-content/themes/gesa/assets/fonts/ 96 KB
96 KB 23ms
22ms Font
font/woff 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/fonts/fa-solid-900.woff

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00bca6a9271b5e1cbb3965a74f48c1ce0b72bcbf08790aa2cab95f8dc5362153

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 399832
content-length: 98016
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-17ee0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d42dabc37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 fa-brands-400.woff
www.gesa.com/wp-content/themes/gesa/assets/fonts/ 85 KB
86 KB 25ms
25ms Font
font/woff 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/themes/gesa/assets/fonts/fa-brands-400.woff

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/themes/gesa/assets/css/custom.css?ver=1.0.26

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ad88e6a32db51a41cff1741970ca95b3e433fbfb8be269c72f881a42f2b88c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
Origin: https://www.gesa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18786
content-length: 87520
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Thu, 26 Jan 2023 20:31:12 GMT
server: cloudflare
etag: "63d2e310-155e0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d42dabd37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 populate-rates-on-page-api.php Show response
www.gesa.com/wp-content/plugins/rates-widget-plugin/ 121 KB
5 KB 236ms
236ms XHR
text/html 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/rates-widget-plugin/populate-rates-on-page-api.php

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

91a3339b07de08015a56df21b72633829c029c61effd4b1ab42107ff7aabcde8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: SHORT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-powered-by: WP Engine
x-cache-group: normal
x-cache: HIT: 124
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: max-age=600, must-revalidate
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d439b3d37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 rates-v2.php Show response
www.gesa.com/wp-content/plugins/rates-widget-plugin/ 119 KB
5 KB 227ms
227ms Fetch
text/html 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/rates-widget-plugin/rates-v2.php

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

99957faeaf39970f8f1acb07897cfb4f93f46ef7c15d661a2c282d0aa52e029f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: SHORT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-powered-by: WP Engine
x-cache-group: normal
x-cache: HIT: 117
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: max-age=600, must-revalidate
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d439b4237ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 338 KB
110 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44594e9a79fe9dabbff6213e64700100d4fa0967a365452a01aba0223d596711

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 112128
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 14 Sep 2024 00:25:21 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 31ms
10ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
document-policy: force-load-at-top
x-fb-server-load: 36
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58953
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=23, mss=1232, tbw=4455, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ej3V+Iy6IEKC47/CQ0PFlVbs6PSFFQugabvSDlfa4NDJfWKU56/AANYJynprbGX+QTiHhCYVBFnco/jtpeE73g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 2289.js Show response
script.crazyegg.com/pages/scripts/0126/ 7 KB
3 KB 58ms
25ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0126/2289.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b00905cd947bbb9ea809e3ec81c20957169ac25edd4356e50226f0c097078f1b

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 59709
cf-polished: origSize=6998
ce-version: 11.5.282
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 13 Sep 2024 07:50:12 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8c2c3d442fab5c02-FRA

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 268 KB
93 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-794148304&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

39c3ebb5890daa804f17c9a76bf96af7a27d4194c647204a6dba077a3bd5fef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94607
x-xss-protection: 0
last-modified: Sat, 14 Sep 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 14 Sep 2024 00:25:21 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 273 KB
94 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-783161191&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9645f6f4ce67e35420d1496ac0a11df7f407cd5fcb775ba3dc40192637b466c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95878
x-xss-protection: 0
last-modified: Sat, 14 Sep 2024 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 14 Sep 2024 00:25:21 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 47ms
7ms Script
application/javascript 2a02:26f0:3500:10::210:a99
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a99 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=75072
accept-ranges: bytes
content-length: 14628

GET
H2 200 trackpoint-async.js Show response
s2.adform.net/banners/scripts/st/ 80 KB
31 KB 102ms
28ms Script
application/javascript 37.157.6.245
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.157.6.245 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8ddc6cbdb63a791bfc33f40d4b0a250a18e85e0ae93f72389ebda9242bef010d

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
last-modified: Fri, 08 Mar 2024 07:02:31 GMT
server: nginx
x-amz-request-id: tx000007a6a6bdd57f74c56-0066964345-329773f2-default
etag: W/"1c188eabf1f0749a0cffb2c108473370"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 d9707.js Show response
app.truconversion.com/ti-js/19201/ 267 B
1 KB 555ms
178ms Script
application/javascript 52.24.78.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.truconversion.com/ti-js/19201/d9707.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.24.78.187 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-24-78-187.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

3ea0ae12147c76e3b4e6ad26bfb580121295c8aa91480dee7b7e579dd00eb23d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' .truconversion.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'self' 'unsafe-inline' http: https:; style-src-elem 'self' 'unsafe-inline' http: https: data:; img-src http: https: data: blob:; connect-src wss://.truconversion.com wss://.intercom.io wss://.appcues.net wss://.wistia.com wss://.crisp.chat http: https: data: blob:; font-src http: https: data: blob:; object-src http: https:; media-src http: https: data: blob:; form-action 'self' http://.truconversion.com https://.truconversion.com;
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-security-policy: default-src 'self'; frame-src 'self' *.truconversion.com http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob:; style-src 'self' 'unsafe-inline' http: https:; style-src-elem 'self' 'unsafe-inline' http: https: data:; img-src http: https: data: blob:; connect-src wss://*.truconversion.com wss://*.intercom.io wss://*.appcues.net wss://*.wistia.com wss://*.crisp.chat http: https: data: blob:; font-src http: https: data: blob:; object-src http: https:; media-src http: https: data: blob:; form-action 'self' http://*.truconversion.com https://*.truconversion.com;
content-length: 267
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 14 Sep 2024 00:20:22 GMT
server: nginx
etag: "66e4d6c6-10b"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/javascript
cache-control: max-age=180, public, stale-while-revalidate=10, stale-if-error=10
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Sat, 14 Sep 2024 00:28:21 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 22 KB
8 KB 128ms
100ms Script
text/javascript 3.74.18.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.74.18.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-74-18-239.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: b306f23a407ccf859f6f9d1009fc06d1709ba13ce676a43bf7c77ce725e01d54

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Sep 2024 00:25:21 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 visitor.js Show response
app.leadsrx.com/ 16 KB
16 KB 563ms
179ms Script
application/javascript 54.191.174.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.leadsrx.com/visitor.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.191.174.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-191-174-242.us-west-2.compute.amazonaws.com
Software: nginx/1.20.1 /
Resource Hash: 7e8f70f86d34990e70e0b696310775bc5c4327110a78a08cebf21fc072cab1b2

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
last-modified: Thu, 12 Sep 2024 20:34:39 GMT
server: nginx/1.20.1
etag: "66e3505f-40d1"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
content-length: 16593

GET
H/1.1 200
OK bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de Show response
api.alpharank.io/api/pixel/script/ 495 B
848 B 563ms
183ms Script
text/javascript 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 013c037f68d07cd5a0a595f89995290aec3addca27079bc47ecd128440b06b3a

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 14 Sep 2024 00:25:21 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"1ef-dugMHzxjl0TnCCwJG+f12QIKVsA"
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: undefined
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 495

GET
H/1.1 200
OK tv2track.js Show response
collector-37937.tvsquared.com/ 20 KB
9 KB 452ms
105ms Script
application/javascript 3.132.11.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-37937.tvsquared.com/tv2track.js
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.132.11.109 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-132-11-109.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 14 Sep 2024 00:25:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Feb 2024 15:15:43 GMT
Server: nginx
ETag: "65d3709f-2133"
Content-Type: application/javascript
Cache-Control: max-age=600
Connection: keep-alive
Accept-Ranges: bytes
X-Robots-Tag: noindex
Content-Length: 8499
Expires: Sat, 14 Sep 2024 00:35:21 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 5 KB
3 KB 170ms
130ms Script
application/javascript 23.213.161.215
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKKRU9JC77UA6J84RSQ0&lib=ttq
Requested by: Host: www.gesa.com
URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.215 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-215.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 12b24eda9ccbce1eb304622463584a016cf5008f78c8a1e12cbce48e2759afcc

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 7cdfaea6.1e036852
date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240914002521FCF5505870620B481868-6C89149DF9AEF08B-00
x-cache: TCP_MISS from a23-213-160-218.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
x-parent-response-time: 106,23.213.160.218
server-timing: cdn-cache; desc=MISS, edge; dur=103, origin; dur=8, inner; dur=4
content-length: 1774
pragma: no-cache
server: nginx
x-tt-logid: 20240914002521FCF5505870620B481868
x-cache-remote: TCP_MISS from a23-220-105-70.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 9,23.220.105.70
x-tt-trace-host: 017e34349fe8a72d9de25156a4db0349fe2ce863f2306c0f0c39b8d3986d203442f5076d488be3935cae2acc0139213e37569b9f0596625359af44667d7eabfe0c68a45e584a260306cb7477ddec6e8b94e07643dbe256b4b7f4b0527318d70615e95d3c78da2706380903cbbf298f60bb
expires: Sat, 14 Sep 2024 00:25:21 GMT

GET
H2 200 lo.js Show response
tools.luckyorange.com/core/ 13 KB
5 KB 53ms
7ms Script
text/javascript 2600:9000:225b:f600:18:6c16:27c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tools.luckyorange.com/core/lo.js?site-id=db3541a4
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225b:f600:18:6c16:27c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: de6c02a0b87d4a7efebf4c80340bb90c9c9b9815b5f12c9ff45bf9f70e91e607

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 23:46:17 GMT
content-encoding: gzip
via: 1.1 355f72364b4c8f8829ae95f886a03f56.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 2347
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 4677
last-modified: Wed, 28 Aug 2024 18:51:45 GMT
server: AmazonS3
etag: "eddd6a4fa28e4000f50b1ac3a5e6bf09"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: he20RFW1JyjFgmyk3Nf48Mh2at_UqDFjq_WETU6ZFNFoOU7eQtW6jw==

GET
H2 200 admin-ajax.php Show response
www.gesa.com/wp-admin/ 99 B
188 B 537ms
315ms XHR
application/json 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-admin/admin-ajax.php?action=pys_get_pbid

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

7cac928c21c394956af12602e1ec2362caa32fc52194cc8af6d56828fef9a7b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Wed, 11 Jan 1984 05:00:00 GMT
date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-cacheable: NO:Passed
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-powered-by: WP Engine
x-cache: MISS
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d457c8b37ce-FRA
x-robots-tag: noindex
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;
x-pass-why: wp-admin

GET
H2 200 dialog.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/lib/dialog/ 10 KB
4 KB 22ms
21ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/lib/dialog/dialog.min.js?ver=4.9.0

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.8.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399830
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:43 GMT
server: cloudflare
etag: W/"6480cc5b-29ba"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d443bc937ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

POST
H2 204 rum Show response
www.gesa.com/cdn-cgi/ 0
146 B 12ms
11ms XHR
text/plain 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.gesa.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8c2c3d445bdb37ce-FRA

GET
H2 200 nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor-pro/assets/js/ 3 KB
1 KB 21ms
20ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/nav-menu.3de49ba5ef86f9a22ff5.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.8.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f47116b10e3e156f70ab31279c1fa298e34f89ff75af6eea89c2dc092362fa2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399830
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:37 GMT
server: cloudflare
etag: W/"6480cc55-ce9"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d447be837ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
www.gesa.com/wp-content/plugins/elementor/assets/js/ 1 KB
772 B 21ms
20ms Script
application/javascript 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.8.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a518bd1723da2b6011895ad68059361ebb4cb80de3eec9145eacee89ddd9745

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 399830
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Wed, 07 Jun 2023 18:28:45 GMT
server: cloudflare
etag: W/"6480cc5d-54f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d447bea37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

POST
H2 204 pr
gesacu.us-1.evergage.com/ 0
529 B 94ms
94ms Ping
text/plain 54.86.249.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://gesacu.us-1.evergage.com/pr?.top=389&.tt=310&.ttdns=10&.dt=5454&.lt=5456&.btdns=6&.bv=16&_ak=gesacu&_ds=gesa_prod&.scv=174&channel=Web&_r=019250&.anonId=eb7dbe7754cfd829&_anon=true

Requested by

Host: cdn.evgnet.com
URL: https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.86.249.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-86-249-138.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.gesa.com
date: Sat, 14 Sep 2024 00:25:21 GMT
x-content-type-options: nosniff
timing-allow-origin: *

GET
H2 200 blue-logo.svg
www.gesa.com/wp-content/uploads/2022/05/ 14 KB
6 KB 26ms
26ms Other
image/svg+xml 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/blue-logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-38a2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d44bc0f37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 blue-logo.svg
www.gesa.com/wp-content/uploads/2022/05/ 14 KB
0 26ms
26ms Image
image/svg+xml 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/05/blue-logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 638671
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-38a2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d44bc0f37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 gesa-customer-banking.jpg
www.gesa.com/wp-content/uploads/2022/10/ 184 KB
185 KB 32ms
29ms Image
image/jpeg 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/gesa-customer-banking.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62eae656d047defc6a444456fb8878aa962ccab6a6841a503fd275cbaeb0b59c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 461641
cf-polished: origSize=210771
content-length: 188772
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "63977dbb-33753"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d44cc1337ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 east-business.jpg
www.gesa.com/wp-content/uploads/2022/10/ 55 KB
55 KB 28ms
26ms Image
image/jpeg 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/east-business.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c14c63c6226ab5e6104ab7bd06206427cc7d09806f381c4be2ce68da643f1907

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 461641
cf-polished: origSize=58230
content-length: 56321
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 16 Jul 2024 23:58:15 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "66970917-e376"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d44cc1437ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 Affinity-3D-WSU-768x768.webp
www.gesa.com/wp-content/uploads/2022/10/ 80 KB
81 KB 28ms
26ms Image
image/webp 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/10/Affinity-3D-WSU-768x768.webp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

839f1778ae61732f255a47d811d52937f289177dd84cd024e3341925e14968d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 461641
content-length: 82362
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 16 Jul 2024 23:18:43 GMT
server: cloudflare
etag: "6696ffd3-141ba"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d44cc1537ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 Group-626998.png
www.gesa.com/wp-content/uploads/2022/07/ 4 KB
4 KB 166ms
164ms Image
image/webp 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/07/Group-626998.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4aeb13170397b464cffff3b52ea86aba5ded26fda9e531d8a3dc264d6cc3ccae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
cf-polished: origFmt=png, origSize=4061
content-disposition: inline; filename="Group-626998.webp"
content-length: 3682
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:07 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "63977dbb-fdd"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d44cc1937ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 GesaCreditUnion-White.svg
www.gesa.com/wp-content/uploads/2022/06/ 13 KB
5 KB 83ms
82ms Image
image/svg+xml 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/GesaCreditUnion-White.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9baa5dfd467e7b370ab5de74725204791016c4f2396d63e15ecffc8c8656d92c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Mon, 12 Dec 2022 19:15:09 GMT
server: cloudflare
etag: W/"63977dbd-3213"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d44cc1a37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 NCUA-official.svg
www.gesa.com/wp-content/uploads/2022/06/ 68 KB
12 KB 78ms
77ms Image
image/svg+xml 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/NCUA-official.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75b4d3be4de4fa1248445a80b681c70a7b77d0ed49eb89bd3587d3dfe5086072

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 23 May 2023 22:22:14 GMT
server: cloudflare
etag: W/"646d3c96-10f53"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d44cc1b37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 equal-housing-opportunity-1.png
www.gesa.com/wp-content/uploads/2022/06/ 5 KB
5 KB 55ms
54ms Image
image/webp 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/equal-housing-opportunity-1.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f40efd80332bc8ca17a3af9c1eb134068063bdb0753f60d070e74e8527db6057

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
cf-polished: origFmt=png, origSize=13010
content-disposition: inline; filename="equal-housing-opportunity-1.webp"
content-length: 5292
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Tue, 12 Mar 2024 21:12:55 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "65f0c557-32d2"
vary: Accept, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
accept-ranges: bytes
cf-ray: 8c2c3d44cc1c37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

GET
H2 200 CO-OPx2.svg
www.gesa.com/wp-content/uploads/2022/06/ 7 KB
3 KB 53ms
52ms Image
image/svg+xml 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gesa.com/wp-content/uploads/2022/06/CO-OPx2.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4aa32d0514a3b91ba50923356ee6a61e475656074d1671e78558313759a82215

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-xss-protection: 1; mode=block
referrer-policy: origin
last-modified: Fri, 03 Feb 2023 22:28:43 GMT
server: cloudflare
etag: W/"63dd8a9b-1ca0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d44cc1d37ce-FRA
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;

POST
H2 200 admin-ajax.php Show response
www.gesa.com/wp-admin/ 0
276 B 480ms
478ms XHR
text/html 2606:4700:3034::6815:2785
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gesa.com/wp-admin/admin-ajax.php

Requested by

Host: www.gesa.com
URL: https://www.gesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:2785 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Cache-Control: no-cache
Referer: https://www.gesa.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-powered-by: WP Engine
x-xss-protection: 1; mode=block
referrer-policy: origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, must-revalidate, max-age=0, no-store
access-control-allow-credentials: true
permissions-policy: midi=(), notifications=(self), push=(self), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(self), vibrate=(self), fullscreen=(), payment=()
cf-ray: 8c2c3d44cc1e37ce-FRA
x-robots-tag: noindex
sharepointiframecode: Content-Security-Policy: frame-ancestors 'self' https://gesacreditunion.sharepoint.com;
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 200 309829729581526 Show response
connect.facebook.net/signals/config/ 75 KB
16 KB 62ms
61ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/309829729581526?v=2.9.167&r=stable&domain=www.gesa.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

47e925d13492d065185476f059ef78e3035aebef7bd51420e0c85f343cbca791

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
document-policy: force-load-at-top
x-fb-server-load: 27
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=8, rtx=0, c=70, mss=1232, tbw=67157, tp=63, tpl=0, uplat=51, ullat=0
pragma: public
x-fb-debug: wR2gyV9We3bIi4vzQmNrKtqAHtUQK7f/fHynHg0GqxJJ8WAowFkAMww1jo9pTj/TNuCaKDKZzviKWqdl0KB86A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 55ms
21ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-H1S93VJW48&gtm=45je4990v896984732z879611690za200zb79611690&_p=1726273520981&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=821488507.1726273521&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1726273521&sct=1&seg=0&dl=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&dt=Page%20not%20found%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=5705
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Sep 2024 00:25:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
252 B 79ms
21ms Ping
text/plain 2a00:1450:400c:c02::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-H1S93VJW48&cid=821488507.1726273521&gtm=45je4990v896984732z879611690za200zb79611690&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1S93VJW48&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c02::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Sep 2024 00:25:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.gesa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 42ms
23ms Image
image/gif 142.250.186.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-H1S93VJW48&cid=821488507.1726273521&gtm=45je4990v896984732z879611690za200zb79611690&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=1244422319

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Sep 2024 00:25:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
696 B 225ms
190ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: F1E11FB8D0C742FEACA6C1C60902F077 Ref B: DUS30EDGE0313 Ref C: 2024-09-14T00:25:21Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.gesa.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYiCWAK6Qz7y5e2AhA7fw==

GET
H3 200 www.gesa.com.json Show response
script.crazyegg.com/pages/data-scripts/0126/2289/site/ 5 KB
2 KB 42ms
28ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0126/2289/site/www.gesa.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0126/2289.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ab9f0ba818ae073994633579fa00714fed1584c30210dfe040c0f380f1df531

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 59692
ce-version: 11.5.282
alt-svc: h3=":443"; ma=86400
content-length: 1824
last-modified: Fri, 13 Sep 2024 07:50:12 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c2c3d459b6c35ee-FRA

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
813 B 155ms
128ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: CDD7F7A19A734FCAA44E376B2E4B0627 Ref B: DUS30EDGE0422 Ref C: 2024-09-14T00:25:21Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-lva1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYiCWAK2pD3NOrfvxv6kQ==
x-fs-uuid: 00062209600ada90f734eadfbf1bfa91

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2&e_ipv6=AQKzNJu3pCsM6A...

0
265 B

208ms
181ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2&e_ipv6=AQKzNJu3pCsM6AAAAZHt64f1hAv_FX_2FXLuORv5wh9GRYYw4rtVSrQH-yJQVNO4Lg
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 56D4393F8C1F46FBB7439138763302E2 Ref B: FRAEDGE1308 Ref C: 2024-09-14T00:25:21Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYiCWAOSIQBjto+uTDJmA==

Redirect headers

date: Sat, 14 Sep 2024 00:25:21 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 0DB24A13999C4B8DAFE4FB55AB8C1D5E Ref B: DUS30EDGE0313 Ref C: 2024-09-14T00:25:21Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2&e_ipv6=AQKzNJu3pCsM6AAAAZHt64f1hAv_FX_2FXLuORv5wh9GRYYw4rtVSrQH-yJQVNO4Lg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYiCWAK/tA7UgSSVLtDfA==

GET
H2 200 db3541a4 Show response
settings.luckyorange.com/ 149 B
239 B 124ms
122ms Fetch
application/json 34.107.203.234
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://settings.luckyorange.com/db3541a4
Requested by: Host: tools.luckyorange.com
URL: https://tools.luckyorange.com/core/lo.js?site-id=db3541a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.234 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 234.203.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 664e150dfc78bd30e122bf293825d9e176a6d509b7571999b29627c0f15efa65

Request headers

Referer: https://www.gesa.com/
x-lucky-uid: undefined
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
x-lucky-referrer

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
via: 1.1 google
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.gesa.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 149

OPTIONS
H2 200 db3541a4
settings.luckyorange.com/ Frame 0
0 158ms
121ms Preflight 34.107.203.234
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://settings.luckyorange.com/db3541a4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.203.234 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 234.203.107.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-lucky-referrer,x-lucky-uid
Access-Control-Request-Method: GET
Origin: https://www.gesa.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Access-Control-Allow-Origin,Authorization,Content-Type,X-Lucky-Uid,X-Lucky-Site-Id,X-Lucky-Impersonate,X-Lucky-Session-Id,X-Lucky-Referrer
access-control-allow-methods: POST,GET,PUT,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://www.gesa.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Sat, 14 Sep 2024 00:25:21 GMT
via: 1.1 google

GET
H2

200

/ Show response
a2.adform.net/Serving/TrackPoint/
Redirect Chain

https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7...
https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de...

836 B
1 KB

92ms
92ms

Script
text/javascript

185.167.164.49
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24

Protocol

Server

185.167.164.49 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cadb9feb4a1b9c1100d9e40b4fbdc6554134e015178c250c1509cc799a21ff26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 706
expires: -1

Redirect headers

pragma: no-cache
date: Sat, 14 Sep 2024 00:25:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
content-type: text/html; charset=utf-8
location: https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H3 200 db7349b994413162218df5c920535415.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 103 KB
35 KB 21ms
21ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0126/2289.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df9f1f8f4deeec8193dbcf3074a9e4767db05cc6c3b4dca6a9cafff884fb0816

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 06 Sep 2024 19:46:55 GMT
server: cloudflare
age: 379656
cf-polished: origSize=105321
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 8c2c3d4608465c02-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 98ms
98ms Stylesheet
text/css 3.74.18.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.74.18.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-74-18-239.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 64f8879f35ad342dd6c59399f171d6eee9bfa7ddb81507ecebdd44d47ef711ec

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Sep 2024 00:25:21 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 118ms
103ms Fetch
image/jpeg 3.74.18.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.74.18.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-74-18-239.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Sep 2024 00:25:21 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 main.MTkzZDVlN2M0MA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 335 KB
93 KB 16ms
16ms Script
application/javascript 23.213.161.215
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKKRU9JC77UA6J84RSQ0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.215 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-215.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6eade210358ca6b41631cf5c309c6b1a3fa1c043133ef84d5fc6b173ac1c9928

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 1e036dd0
date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202409121306315EB8C4113AF3499EE437
x-tt-trace-id: 00-2409121306315EB8C4113AF3499EE437-2903C3EC956A5A7F-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-218.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01c9fe45a60e9646abe1b3f94d8062bb7a24185b76bba5cb9bf8812a15b870e021b178579f38514e095bda7f5503a78cf16b71b57425321df0c1af9e20f1894f8507a0ae20f8c18dc9a1d2e09478caa3aac1128dd4d2dbb87202aac25c809d4958
server-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3
content-length: 95063

GET
H3 200 802797680067475 Show response
connect.facebook.net/signals/config/ 23 KB
4 KB 78ms
78ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/802797680067475?v=2.9.167&r=stable&domain=www.gesa.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C130%2C159%2C191%2C193%2C119%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C192%2C123%2C124%2C142%2C169%2C155%2C115%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

1736c20a3a770680f2102cff4f885ddbaf8cb92420977fae6a69c67d47cc13c5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
document-policy: force-load-at-top
x-fb-server-load: 27
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=83, mss=1232, tbw=83731, tp=80, tpl=0, uplat=68, ullat=0
pragma: public
x-fb-debug: AXM4/Ql4t2YgmruLkNGr/p+QCUiFS1cCLHAE+jXn9Wra2WYZTOgKHozJbosvIwtvfwpwbCmVBXidr3BvkDwR9A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 www.gesa.com.json Show response
script.crazyegg.com/pages/data-scripts/0126/2289/sampling/ 150 B
358 B 20ms
20ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0126/2289/sampling/www.gesa.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a533b6bf7ec3e66a1d9b30b68aca09e3b290d1ec27315de8175a280771febc14

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 33824
ce-version: 11.5.282
alt-svc: h3=":443"; ma=86400
content-length: 144
last-modified: Fri, 13 Sep 2024 15:01:37 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8c2c3d467bf935ee-FRA

GET
H2 200 identify_7bf75739.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 13ms
12ms Script
application/javascript 23.213.161.215
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.215 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-215.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 1e036ee5
date: Sat, 14 Sep 2024 00:25:21 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024083002252950025D613AEAED5E2E70
x-tt-trace-id: 00-24083002252950025D613AEAED5E2E70-5FCAA6CF46C69E27-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-218.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0143abac0f4003bd96af5c29253b82c47e8db99c3db24377a0ec0f593a97ff9053ed8bacb2facd45510bd70fd5888da7ef0bb467635bf5910beb0397f1ea6f235de9eceeaeab5dc847218a3c21479232eaedc14dee6e452a6b12499eec72aa4719
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length: 39330

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
879 B 157ms
156ms Ping
text/plain 23.213.161.215
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.215 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-215.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 78728023.1e036f05
date: Sat, 14 Sep 2024 00:25:21 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240914002521D1FA0C6316986559CAF8-35B07454D7400420-00
x-cache: TCP_MISS from a23-213-160-218.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
x-parent-response-time: 139,23.213.160.218
server-timing: cdn-cache; desc=MISS, edge; dur=106, origin; dur=39, inner; dur=35
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240914002521D1FA0C6316986559CAF8
x-cache-remote: TCP_MISS from a23-48-100-103.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 39,23.48.100.103
x-tt-trace-host: 017e34349fe8a72d9de25156a4db0349fe5e0692421def51874b41a0f91e03e95417f79292fd6e48844b5896932dd1702a9e157c6d2471c90809f2770bd9079badc5d9ba0dec65b9891398de7b50c249f3894623c6fce5874476fd5a60642df1cca21cc8e3c76b603a440ccd2f3f722830
access-control-allow-headers: Authorization,*
expires: Sat, 14 Sep 2024 00:25:21 GMT

GET
H2 200 clock Show response
tracking.crazyegg.com/ 36 B
143 B 128ms
57ms XHR
text/plain 34.248.190.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1&tk=3dc77046ecb9729f0f22244aa7e8bc2a&u=1262289&s=449847&p=%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&v=f163debc9b92cf437e07fa200951381af767d7ec&f=gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5&ul=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.190.127 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-190-127.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: ca95998f89c7df2734c9a79dbd61a173c93f6e9808f4a7eabd7f8404db8d6760

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Sep 2024 00:25:21 GMT
cache-control: no-store
server: awselb/2.0
content-length: 36
content-type: text/plain

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ 19 B
462 B 49ms
8ms XHR
application/json 52.85.65.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.65.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-65-99.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 01:43:28 GMT
via: 1.1 7e8fb5897171311635245be9d021a224.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P6
age: 31099314
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: IKUj_UA0OUNl1oFToVBzfFlgU9rCaw_-gnJjb2WvQJsffLEpyWdI2A==

GET 6fc918de-c1cf-47f4-8a3f-08200b8d4cb6
https://www.gesa.com/ Frame 0
0

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ 19 B
459 B 32ms
6ms XHR
application/json 108.138.36.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-92.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 13 Sep 2024 23:50:14 GMT
via: 1.1 f52fb277cecd3d7de14d996c1f683de2.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P2
age: 2108
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: 8UPEe1P2pVBK6zc9-mgF434-5IIypA2qYyhU6t6PGqOFx8iKVyAFyg==

GET
H3 200 649860135726018 Show response
connect.facebook.net/signals/config/ 40 KB
7 KB 87ms
87ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/649860135726018?v=2.9.167&r=stable&domain=www.gesa.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C130%2C159%2C191%2C193%2C119%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C192%2C123%2C124%2C142%2C169%2C155%2C115%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

925d84147330b584587658555aeafcdd28632cf4a9d7e72704aa36c6e3199e0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
document-policy: force-load-at-top
x-fb-server-load: 20
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=85, mss=1232, tbw=87729, tp=87, tpl=0, uplat=78, ullat=0
pragma: public
x-fb-debug: /HGaPm4d7CH2QCJugThKY34z969MHEUvtbkEJnsbuedN0Jw8R91ckB0bUTV8ocLmCh+2BU5wCmafgXypkdn3lQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 185 B
377 B 100ms
100ms XHR
text/plain 3.74.18.239
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=CHqG--Quapl1h0Ans2jxHw&is_js=true&landing_url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&t=Page%20not%20found%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&tip=fdytEAG5IXHFHPETVOPiAdAedGkRSHw2ue7yCdl94tg&host=https%3A%2F%2Fwww.gesa.com&sa_conv_data_css_value=%270-da7d6bcf-5dc2-5717-6294-7fa89dbc25eb%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9da7d6bcf5dc2571762947fa89dbc25eb515f0529&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIMFn-xNZZ3kWBfdn8VHW58OIKLD54nyysLgOxbXH-AKOENYBGAQg8a-TtwYwAToEED3EAEIE3zkZeg.p5hvgI93Lf9h6EjEA88%252FJZ529iBZAQK0b1qQfqkHbeg&sa-user-id-v2=s%253A2n1rz13CVxdilH-onbwl61FfBSk.1tYdKiQ%252BwH%252FFy3dvEHYHpbb9F1oV03WXiFCOWA%252FgQ9Y&sa-user-id=s%253A0-da7d6bcf-5dc2-5717-6294-7fa89dbc25eb.WmsJX%252Fnx%252FSZ%252FgOivbXPuzl7MxyIA7GJp%252FEFsROgcCTE
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.74.18.239 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-74-18-239.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: ab3598e2d6ad2d1e9feef533adf3665cd58c4eeb1916ae652d2c42794bf0a801

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: https://www.gesa.com
date: Sat, 14 Sep 2024 00:25:21 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 185
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H/1.1 200
OK tv2track.php
collector-37937.tvsquared.com/ 42 B
276 B 104ms
104ms Image
image/gif 3.132.11.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-37937.tvsquared.com/tv2track.php?action_name=Page%20not%20found%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&idsite=TV-6327096327-1&rec=1&r=090880&h=2&m=25&s=21&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&_id=395224afbe7b2cdd&_idts=1726273522&_idvc=0&_idn=1&_viewts=&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=2037
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.132.11.109 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-132-11-109.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif
Date: Sat, 14 Sep 2024 00:25:21 GMT
Server: nginx
Connection: keep-alive
Request-Id: f42774a4-49a3-4d11-9e94-8c651ee7b54c
Content-Length: 42
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'

GET
H3 200 641680242592103 Show response
connect.facebook.net/signals/config/ 24 KB
3 KB 59ms
59ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/641680242592103?v=2.9.167&r=stable&domain=www.gesa.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C130%2C159%2C191%2C193%2C119%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C192%2C123%2C124%2C142%2C169%2C155%2C115%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144%2C111%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C128%2C153

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

f8a443c0537c771f44c861236a766d29b4d309d2671d327718dfd57f23210338

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
document-policy: force-load-at-top
x-fb-server-load: 27
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=85, mss=1232, tbw=94751, tp=95, tpl=0, uplat=49, ullat=0
pragma: public
x-fb-debug: XHgj6uTnvUgQlcLXTuFrRXb9w55rjGe4YqxI8TZC3J79bXH6g9vbLw7umnMEFv3VDvEnzEjM/b8i3iFBsDYNbg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de Show response
api.alpharank.io/api/pixel/script/ 45 KB
45 KB 371ms
370ms Script
text/javascript 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de?c=n&t=1726358400000
Requested by: Host: api.alpharank.io
URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 4a25be1f0513a03c0595d7adc16dbd4402afaa9f00fdcb2564b53613eba2ad8b

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 14 Sep 2024 00:25:21 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"b34c-5l4RE/4mt4MMmx9MJ5iDiT4UXqA"
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: undefined
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 45900

GET 8eb5be58-d1d3-4293-a8c6-e029f70b7d3e
https://www.gesa.com/ Frame 0
0

GET
H2 200 /
www.facebook.com/tr/ 0
32 B 28ms
9ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=309829729581526&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com&rl=&if=false&ts=1726273521911&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12316&fbp=fb.1.1726273521400.5438473104&cs_est=true&pm=1&hrl=4276e8&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&cs_cc=1&cas=2051438564888032%2C2582691048423790&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1297, tbw=2878, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
852 B 193ms
173ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=309829729581526&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com&rl=&if=false&ts=1726273521911&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12316&fbp=fb.1.1726273521400.5438473104&cs_est=true&pm=1&hrl=4276e8&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&cs_cc=1&cas=2051438564888032%2C2582691048423790&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Sat, 14 Sep 2024 00:25:22 GMT
document-policy: force-load-at-top
x-fb-server-load: 28
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414288318625540059", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1297, tbw=6637, tp=-1, tpl=-1, uplat=166, ullat=0
pragma: no-cache
x-fb-debug: 2/IPi8JQV6v2YoEJPW3sM349J0VenJdKaN+aRO3NeN/KN7GbDqRIAfaRC1tT4HfqypqmNqqEDhYmhgsGCF+Haw==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414288318625540059"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 28ms
9ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=802797680067475&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com&rl=&if=false&ts=1726273521914&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12316&fbp=fb.1.1726273521400.5438473104&pm=1&hrl=3a999d&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&cs_cc=1&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1297, tbw=2878, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
852 B 195ms
175ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=802797680067475&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com&rl=&if=false&ts=1726273521914&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12316&fbp=fb.1.1726273521400.5438473104&pm=1&hrl=3a999d&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&cs_cc=1&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Sat, 14 Sep 2024 00:25:22 GMT
document-policy: force-load-at-top
x-fb-server-load: 16
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414288316752799030", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1297, tbw=7511, tp=-1, tpl=-1, uplat=168, ullat=0
pragma: no-cache
x-fb-debug: 3TgY5xr0QkTnwEL6lxdUVcTzl8hSsZedOcpdXIw8fzD7lyTKYKpX75dGQCQYHvnjGLxkIEfdVuwTO/hfCEqC/g==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414288316752799030"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
32 B 29ms
9ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=649860135726018&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&rl=&if=false&ts=1726273521917&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1726273521400.5438473104&cs_est=true&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1297, tbw=2878, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 157ms
138ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=649860135726018&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&rl=&if=false&ts=1726273521917&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1726273521400.5438473104&cs_est=true&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x6c259bbdcfe64bb0","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:5874616755928707","7830:5874616755928707","10853:5874616755928707","41:5874616755928707","8046:5874616755928707"]},"debug_reporting":true,"debug_key":"230348390391331607"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Sat, 14 Sep 2024 00:25:22 GMT
x-fb-server-load: 36
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414288317001827970", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1297, tbw=3453, tp=-1, tpl=-1, uplat=130, ullat=0
pragma: no-cache
x-fb-debug: sA5aTiQjZ/JFZj/zxAyFJCNyUzu1LFTV0NncsrhZ4XMcsIZoHYm5h9bDJ0PW97kIpNqIte2xS2D4wKalVq/ZMg==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414288317001827970"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
102 B 9ms
8ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=641680242592103&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&rl=&if=false&ts=1726273521917&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1726273521400.5438473104&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=14, mss=1297, tbw=3307, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 14 Sep 2024 00:25:21 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
851 B 179ms
179ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=641680242592103&ev=PageView&dl=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&rl=&if=false&ts=1726273521917&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=12318&fbp=fb.1.1726273521400.5438473104&ler=empty&cdl=API_unavailable&it=1726273521419&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Sat, 14 Sep 2024 00:25:22 GMT
document-policy: force-load-at-top
x-fb-server-load: 19
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414288317927516367", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=14, mss=1297, tbw=8385, tp=-1, tpl=-1, uplat=171, ullat=0
pragma: no-cache
x-fb-debug: n4sNy2HAZY+vNQyr+cpngSslB56MODF6Up2NPIf+5iceGQOu77js/Do/JBVWuTQ9Ddg09TW/hPoFY0G8p49gcg==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414288317927516367"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
876 B 182ms
178ms Ping
text/plain 23.213.161.215
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.215 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-215.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 30562768.1e0373c2
date: Sat, 14 Sep 2024 00:25:22 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240914002522531E72E2C3BE934E47E7-68FBB87E44B82D5F-00
x-cache: TCP_MISS from a23-213-160-218.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
x-parent-response-time: 124,23.213.160.218
server-timing: cdn-cache; desc=MISS, edge; dur=131, origin; dur=30, inner; dur=27
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240914002522531E72E2C3BE934E47E7
x-cache-remote: TCP_MISS from a23-55-100-84.deploy.akamaitechnologies.com (AkamaiGHost/11.6.3-e8c44af76fbf2725bc66e35706b8e3bb) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 30,23.55.100.84
x-tt-trace-host: 017e34349fe8a72d9de25156a4db0349fe7d120fc7d1e832acf155c0abfd0a9735c9848a8ea836e769bc87bdfecc1ac2af16b17574ac1bb95ce34fa18d7811ba0cd1c557f849f87efda4c509441d407faf4d07e41f8a4b14b427bb2756a77a7903b5eb91cf2a4af86c6281030c50cfd545
access-control-allow-headers: Authorization,*
expires: Sat, 14 Sep 2024 00:25:22 GMT

GET
H2 200 pixels
c1.adform.net/imatch/ Frame 36B1 0
0 94ms
20ms Document
text/html 37.157.6.232
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/imatch/pixels?bt=0&uid=6205908680845729888&agencyId=7028&advertiserId=2079361&src=tp&rnd=141187

Requested by

Host: a2.adform.net
URL: https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.232 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 14 Sep 2024 00:25:22 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 /
a1.seadform.net/serving/cookie/sync/ 35 B
467 B 130ms
21ms Image
image/gif 37.157.6.233
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a1.seadform.net/serving/cookie/sync/?uid=6205908680845729888&stamp=1koJ_0ziFW8DvP-67D9Y4w2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.233 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 14 Sep 2024 00:25:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
content-type: image/gif
cache-control: private

GET
H2 200 visitor.php Show response
app.leadsrx.com/ 112 B
543 B 261ms
261ms XHR
text/html 54.191.174.242
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.leadsrx.com/visitor.php?acctTag=huzooe43734&tz=-120&ref=&u=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&t=Page%20not%20found%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&lc=null&anon=0&vin=null

Requested by

Host: app.leadsrx.com
URL: https://app.leadsrx.com/visitor.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.191.174.242 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-191-174-242.us-west-2.compute.amazonaws.com

Software

nginx/1.20.1 / PHP/5.6.40

Resource Hash

76ef8763be5097c86fda96458427a57f96c4abd514cb04f4b641bbe1b211f5a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 14 Sep 2024 00:25:22 GMT
x-content-type-options: nosniff
server: nginx/1.20.1
x-powered-by: PHP/5.6.40
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
access-control-allow-origin: https://www.gesa.com
access-control-allow-credentials: true

POST
H/1.1 200
OK pixel.gif
pixel.alpharank.io/ 35 B
543 B 573ms
183ms Ping
application/octet-stream 52.88.183.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.alpharank.io/pixel.gif?id=bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de&duid=4.32.4-zopzt3b2-m11eomsk&fp=23aec6779049bb61fe47d796629a3c1b&ev=pageload&v=4.32.4&dl=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&ts=1726273521850&de=UTF-8&sr=1600x1200&vp=1600x1200&cd=24&dt=Page%20not%20found%20%7C%20Washington%20Credit%20Union%20%7C%20Loans%20%7C%20Savings%20Accounts%20%7C%20Gesa&bn=Chrome%20128&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F128.0.0.0%20Safari%2F537.36&tz=-120
Requested by: Host: api.alpharank.io
URL: https://api.alpharank.io/api/pixel/script/bc04200588d29fe97c0c8a783f268d7d6ecf1d2de1d1d417f28d36799e47de?c=n&t=1726358400000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.183.153 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-183-153.us-west-2.compute.amazonaws.com
Software: nginx/1.12.2 / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://www.gesa.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sat, 14 Sep 2024 00:25:23 GMT
Server: nginx/1.12.2
X-Powered-By: Express
ETag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://www.gesa.com
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 35

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.gesa.com
URL: blob:https://www.gesa.com/6fc918de-c1cf-47f4-8a3f-08200b8d4cb6

Domain: www.gesa.com
URL: blob:https://www.gesa.com/8eb5be58-d1d3-4293-a8c6-e029f70b7d3e

Verdicts & Comments Add Verdict or Comment

146 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

84 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.gesa.com/	1970-01-21 09:07:13	Name: _evga_6d54 Value: {%22uuid%22:%22eb7dbe7754cfd829%22}
.gesa.com/	1970-01-21 09:07:13	Name: _sfid_0e63 Value: {%22anonymousId%22:%22eb7dbe7754cfd829%22%2C%22consents%22:[]}
.gesa.com/	1970-01-21 01:40:49	Name: _gcl_au Value: 1.1.1545146375.1726273521
www.gesa.com/	1970-01-20 23:31:17	Name: pys_session_limit Value: true
www.gesa.com/	1969-12-31 23:59:59	Name: pys_start_session Value: true
www.gesa.com/	1970-01-20 23:41:18	Name: pys_first_visit Value: true
www.gesa.com/	1970-01-20 23:41:18	Name: pysTrafficSource Value: direct
www.gesa.com/	1970-01-20 23:41:18	Name: pys_landing_page Value: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
www.gesa.com/	1970-01-20 23:41:18	Name: last_pysTrafficSource Value: direct
www.gesa.com/	1970-01-20 23:41:18	Name: last_pys_landing_page Value: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/
www.gesa.com/	1970-01-20 23:41:18	Name: _fbp Value: fb.1.1726273521400.5438473104
tags.srv.stackadapt.com/	1970-01-21 08:16:49	Name: sa-user-id Value: s%3A0-da7d6bcf-5dc2-5717-6294-7fa89dbc25eb.WmsJX%2Fnx%2FSZ%2FgOivbXPuzl7MxyIA7GJp%2FEFsROgcCTE
.srv.stackadapt.com/	1970-01-21 08:16:49	Name: sa-user-id Value: s%3A0-da7d6bcf-5dc2-5717-6294-7fa89dbc25eb.WmsJX%2Fnx%2FSZ%2FgOivbXPuzl7MxyIA7GJp%2FEFsROgcCTE
tags.srv.stackadapt.com/	1970-01-21 08:16:49	Name: sa-user-id-v2 Value: s%3A2n1rz13CVxdilH-onbwl61FfBSk.1tYdKiQ%2BwH%2FFy3dvEHYHpbb9F1oV03WXiFCOWA%2FgQ9Y
.srv.stackadapt.com/	1970-01-21 08:16:49	Name: sa-user-id-v2 Value: s%3A2n1rz13CVxdilH-onbwl61FfBSk.1tYdKiQ%2BwH%2FFy3dvEHYHpbb9F1oV03WXiFCOWA%2FgQ9Y
tags.srv.stackadapt.com/	1970-01-21 08:16:49	Name: sa-user-id-v3 Value: s%3AAQAKIMFn-xNZZ3kWBfdn8VHW58OIKLD54nyysLgOxbXH-AKOENYBGAQg8a-TtwYwAToEED3EAEIE3zkZeg.p5hvgI93Lf9h6EjEA88%2FJZ529iBZAQK0b1qQfqkHbeg
.srv.stackadapt.com/	1970-01-21 08:16:49	Name: sa-user-id-v3 Value: s%3AAQAKIMFn-xNZZ3kWBfdn8VHW58OIKLD54nyysLgOxbXH-AKOENYBGAQg8a-TtwYwAToEED3EAEIE3zkZeg.p5hvgI93Lf9h6EjEA88%2FJZ529iBZAQK0b1qQfqkHbeg
.tiktok.com/	1970-01-21 08:52:49	Name: _ttp Value: 2m2T9m9c3osFJlDMzpNc1sdhAi9
gesacu.us-1.evergage.com/	1970-01-20 23:41:18	Name: AWSALBTGCORS Value: u3e2KyWVgetlFKegBK9Xq3kbpo1khQwh/zvJZxUXI2O+2TnYnfh+yMTDSqCYHAY9U2hn0rxUU2AWQyH8tselx3ben0xWi/4A41H5FrjyvDPnvFcjrjC4SHOOpi54zC/Xrks/jnEURcZVvliO5N4UN76k/iqp4sWtneTEqqosepYFs3RlfIw=
.gesa.com/	1970-01-21 09:07:13	Name: _ga_H1S93VJW48 Value: GS1.1.1726273521.1.0.1726273521.60.0.0
.gesa.com/	1970-01-21 09:07:13	Name: _ga Value: GA1.1.821488507.1726273521
www.gesa.com/	1970-01-21 08:16:49	Name: sa-user-id Value: s%253A0-da7d6bcf-5dc2-5717-6294-7fa89dbc25eb.WmsJX%252Fnx%252FSZ%252FgOivbXPuzl7MxyIA7GJp%252FEFsROgcCTE
www.gesa.com/	1970-01-21 08:16:49	Name: sa-user-id-v2 Value: s%253A2n1rz13CVxdilH-onbwl61FfBSk.1tYdKiQ%252BwH%252FFy3dvEHYHpbb9F1oV03WXiFCOWA%252FgQ9Y
www.gesa.com/	1970-01-21 08:16:49	Name: sa-user-id-v3 Value: s%253AAQAKIMFn-xNZZ3kWBfdn8VHW58OIKLD54nyysLgOxbXH-AKOENYBGAQg8a-TtwYwAToEED3EAEIE3zkZeg.p5hvgI93Lf9h6EjEA88%252FJZ529iBZAQK0b1qQfqkHbeg
.gesa.com/	1970-01-21 08:52:49	Name: _tt_enable_cookie Value: 1
.gesa.com/	1970-01-21 08:52:49	Name: _ttp Value: GWahGhWR0sJzYI-qoOJ2BdZ6DV5
.gesa.com/	1969-12-31 23:59:59	Name: _ce.irv Value: new
.gesa.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.gesa.com/	1970-01-20 23:32:39	Name: _ce.clock_event Value: 1
.linkedin.com/	1970-01-20 23:32:39	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2925:u=1:x=1:i=1726273521:t=1726359921:v=2:sig=AQFwZJlGOrn7dAOzJNtRibA6fraaVrPC"
www.gesa.com/	1970-01-21 09:07:13	Name: _tq_id.TV-6327096327-1.ab9a Value: 395224afbe7b2cdd.1726273522.0.1726273522..
.linkedin.com/	1970-01-21 08:16:49	Name: bcookie Value: "v=2&06f9cbae-d5a8-4d8d-877c-c445264b627f"
.linkedin.com/	1970-01-21 03:50:25	Name: li_gc Value: MTswOzE3MjYyNzM1MjE7MjswMjHzIJBCOwzTi6iOnrnEeJjEUoDdBYZdTrodthRdWf1PFg==
www.gesa.com/	1970-01-21 03:50:29	Name: pbid Value: 7e48d0ccc252cb04156b0df67461f30a04bd134c07a4e63e1de201768fca419c
.gesa.com/	1970-01-20 23:32:39	Name: _ce.clock_data Value: 20%2C81.95.5.41%2C1%2C9d1d68e5c1dc3c213377efe8cbc2564a%2CChrome%2CDE
.gesa.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.gesa.com/	1970-01-21 08:16:49	Name: _ce.s Value: v~f163debc9b92cf437e07fa200951381af767d7ec~lcw~1726273521859~lva~1726273521721~vpv~0~v11.fhb~1726273521856~v11.lhb~1726273521856~v11.cs~449847~v11.s~d40f8130-722f-11ef-bc30-3f7f718d80fc~lcw~1726273521864
.gesa.com/	1970-01-21 01:40:49	Name: _fbp Value: fb.1.1726273521400.5438473104
.adform.net/	1970-01-21 00:14:25	Name: C Value: 1
.adform.net/	1970-01-21 00:57:37	Name: uid Value: 6205908680845729888
.adform.net/	1970-01-20 23:32:39	Name: CM Value: 1\|1
.adform.net/	1970-01-20 23:51:23	Name: CM14 Value: 1726359922_1726273522_1726273522_1_Hu7u4e4e4R7u4e4REREeEREREAAA4Q
.seadform.net/	1970-01-21 00:57:41	Name: uid Value: 6205908680845729888
.eyeota.net/	1970-01-20 23:31:14	Name: SERVERID Value: 21082~DM
.casalemedia.com/	1970-01-21 08:16:49	Name: CMID Value: ZuTX8rmqPVcAACGqAH81mQAA
.casalemedia.com/	1970-01-21 01:40:49	Name: CMPS Value: 3186
.casalemedia.com/	1970-01-21 01:40:49	Name: CMPRO Value: 3186
.semasio.net/	1970-01-21 08:16:49	Name: SEUNCY Value: E09C7219D35F7AEA
cm.adsafety.net/	1970-01-21 08:16:49	Name: UID Value: CM1202409140064009a9e1a5bc2bc57d
.adsafety.net/	1970-01-21 08:16:49	Name: cm_uid Value: CM1202409140064009a9e1a5bc2bc57d
.adnxs.com/	1970-01-21 09:07:13	Name: receive-cookie-deprecation Value: 1
tags.adsafety.net/	1970-01-21 08:16:49	Name: UID Value: ac5b8c15d5c7037765d8a5dfd82aca5c
tags.adsafety.net/	1970-01-21 08:16:49	Name: DID Value: ac5b8c15d5c7037765d8a5dfd82aca5c
tags.adsafety.net/	1970-01-21 08:16:49	Name: IDT Value: 100
tags.adsafety.net/	1970-01-21 08:16:49	Name: cookie_ver Value: 2
tags.adsafety.net/	1970-01-21 00:14:25	Name: block_reset Value: 1
.adsafety.net/	1970-01-21 08:16:49	Name: ct_uid Value: ac5b8c15d5c7037765d8a5dfd82aca5c
.adsafety.net/	1970-01-21 08:16:49	Name: ct_did Value: ac5b8c15d5c7037765d8a5dfd82aca5c
.adsafety.net/	1970-01-21 08:16:49	Name: ct_idt Value: 100
.leadsrx.com/	1970-01-21 08:16:49	Name: _lab Value: 3377701398653171
.leadsrx.com/	1970-01-21 08:16:49	Name: _lab_lastTouch Value: direct
.gesa.com/	1970-01-21 08:16:49	Name: _lab Value: 3377701398653171
cm.adsafety.net/	1970-01-21 08:16:49	Name: permanent Value: 1
ads.smartstream.tv/	1970-01-21 08:16:49	Name: DID Value: ac5b8c15d5c7037765d8a5dfd82aca5c
ads.smartstream.tv/	1970-01-21 08:16:49	Name: idt Value: 100
ads.smartstream.tv/	1970-01-21 08:16:49	Name: permanent Value: 1
ads.smartstream.tv/	1970-01-21 00:14:25	Name: cm_uid Value: CM1202409140064009a9e1a5bc2bc57d
.agkn.com/	1970-01-21 08:16:49	Name: ab Value: 0001%3ApxO3sXuERpjtVLyqH0SRA7uLeqj42TwJ
.adfarm1.adition.com/	1970-01-21 01:40:49	Name: UserID1 Value: 7414288320951351663
.doubleclick.net/	1970-01-21 08:52:49	Name: IDE Value: AHWqTUkNEMt_-xoUyOPo0GTZZFwwIq1SZm6JfgWCYXNeSrFY09vvSBgpFwDouLqUZsU
cm.adsafety.net/	1970-01-21 08:16:49	Name: cache0 Value: KzFHSk9wMUZsMkpMMjlsMzBXenlaNkZ4MUgwRklzTkliUi9GVmtiaWM2Rk9TQUFvWVk4cjZsUHNsSmtEUU5vUkt1dkF6SmlrN3hpeS8xc2dlUnMyb0lQcDdaTmdPQVgxcUlmRHJ4MUc4UE8yZjJzU0lEOGlFNlBMczY5MEJ2ZFRzNVhObExxcUF6OS9PRFVGaUJheThpWVJrc0h2RU1OaERZc0c1M0xhMjdlYSsrdUlJTEhNV0llNFQyN3RKaXprdm1LQUkyQjF2dml2dmtpM1dtaHd4SnQyZEdPM2dwM25mZWk0VTNjUVFDcTJFYVBUajBNSVZ2bG5JQXY3TTNDTjRkc1FTSWcxblVBZW8vQVJJV3ZNMk5Ia3FqOTQ4R2R1SnlhR0wxWWFWbDFMZXltcVMveldkNU9WNlJYZFdaRy9aSjFVNTk1K2N1VVdXMTFuM25RclUwQU5teWZHL1MxTzhXd0o1MmdnT3lyNm14cVR6NVF2akdXd0pERExZSnRvcVpkYnFZanpvZW1nVjdvMWRSc05zYmdvaEFPRDV5dkkvSlg5dEtWMThGcjVybEo5d1RwU3YwUmlPM2RLcGYyR1Bnakg4eUJLTWllb2FPWmM1bnFURWxyTWFlWUNNT0J6eHJjdDliNTlIUDZTVDZ5K0xsaFNrWTlwMmVGVkt4Q1dUaUo1M25teER1VlJFNW9FSVgzMHNzMnl3NlQ0eWN5bnRROHc4QUZvRGdBU1dkcDFEWk51ditmS1hHeEs5S3FVU2pqRVpXUHNYbHNtb1VpWnI0YTVTZGdVdXAxKy9WWDgzZUJnWCtLa0JsTElSaVV4VEUrSlJ2Z2Y5bVlIQm9nSTN0RGNwdzJDK0ZIU2hWTzN5c0cxVC9reHFXV3plQ2tXaTVkUTdkUEZYMjA9
.demdex.net/	1970-01-21 03:50:25	Name: demdex Value: 31148550641474138442985720738198237309
.w55c.net/	1970-01-21 09:00:01	Name: wfivefivec Value: ABv7iQSf1SPgBk5
.w55c.net/	1970-01-21 00:14:25	Name: matchadform Value: 5
.dpm.demdex.net/	1970-01-21 03:50:25	Name: dpm Value: 31148550641474138442985720738198237309
.weborama.fr/	1970-01-21 08:57:08	Name: AFFICHE_W Value: BY2EpYZ9UpQF99
.onaudience.com/	1970-01-20 23:32:39	Name: done_redirects161 Value: 1
.onaudience.com/	1970-01-21 08:16:49	Name: cookie Value: 1ee2880a44d6f461
.onaudience.com/	1970-01-20 23:32:39	Name: done_redirects147 Value: 1
www.gesa.com/	1970-01-21 09:07:13	Name: __arank_duid Value: 4.32.4-zopzt3b2-m11eomsk
.bluekai.com/	1970-01-21 03:51:51	Name: bku Value: aG/99wnU8sSOfMz5
.bluekai.com/	1970-01-21 03:51:51	Name: bkpa Value: KJy9/Qe5d02pSUHknp1p1p90wtkAwER01eD81eQtme9TBeDl1MATmeQe9JlSYWX=
.onaudience.com/	1970-01-20 23:32:39	Name: done_redirects252 Value: 1
pixel.alpharank.io/	1970-01-21 09:07:13	Name: __arank.uid__ Value: 12fa8ef2-feee-4340-af1c-e8650c54447f

33 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 4) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-jRhBjpDaqXw3gLHYqzZOxtjq/sh8XkgWI6SnyCG4h+0='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-jFlrNfYsT5Ld3shRSlmYeDFgvN3fHZO5/ad9wyIWpZ8='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to load the script 'https://script.crazyegg.com/pages/scripts/0126/2289.js' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-izBYKIZaQcYa/w+pnv1kI9mxMzv8qRJ2MHso6UT2kzs='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-nEn8Cg4HsSa56JfIpqS7r1nDsjXrYGKpalHWU9iFmHY='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-tFuq7hAIyERAvlgtzjjnU5XAJyhYIbLKJyvDmUbvTNc='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-8W0JCDEEZFQGj6Da5fbswT5Yj4PTN61fYbD3bUJpl/0='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-+jnwRILa77aka+jPtP8UEw8XoZeM9JnqVCQ/F4ufozY='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-MTFL685(Line 788) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Either the 'unsafe-inline' keyword, a hash ('sha256-eRmdpI0PshfCFwAcEbhBg5HaJZ6N+Zb1kuEg+qptAs4='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	(Line 1) Message: [Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKKRU9JC77UA6J84RSQ0&lib=ttq' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Message: [Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-H1S93VJW48&cid=821488507.1726273521&gtm=45je4990v896984732z879611690za200zb79611690&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=1244422319' because it violates the following Content Security Policy directive: "img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:".
security	error	URL: https://script.crazyegg.com/pages/scripts/0126/2289.js Message: [Report Only] Refused to connect to 'https://script.crazyegg.com/pages/data-scripts/0126/2289/site/www.gesa.com.json?t=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://tools.luckyorange.com/core/lo.js?site-id=db3541a4 Message: [Report Only] Refused to connect to 'https://settings.luckyorange.com/db3541a4' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://tools.luckyorange.com/core/lo.js?site-id=db3541a4 Message: [Report Only] Refused to connect to 'https://settings.luckyorange.com/db3541a4' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://s2.adform.net/banners/scripts/st/trackpoint-async.js(Line 134) Message: [Report Only] Refused to load the script 'https://a2.adform.net/Serving/TrackPoint/?pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://script.crazyegg.com/pages/scripts/0126/2289.js Message: [Report Only] Refused to load the script 'https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKKRU9JC77UA6J84RSQ0&lib=ttq(Line 3) Message: [Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js Message: [Report Only] Refused to connect to 'https://script.crazyegg.com/pages/data-scripts/0126/2289/sampling/www.gesa.com.json?t=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js(Line 1) Message: [Report Only] Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js(Line 1) Message: [Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js(Line 1) Message: [Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js Message: [Report Only] Refused to connect to 'https://tracking.crazyegg.com/clock?t=1&tk=3dc77046ecb9729f0f22244aa7e8bc2a&u=1262289&s=449847&p=%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&v=f163debc9b92cf437e07fa200951381af767d7ec&f=gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5&ul=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js Message: [Report Only] Refused to connect to 'https://pagestates-tracking.crazyegg.com/healthcheck' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://script.crazyegg.com/pages/versioned/common-scripts/db7349b994413162218df5c920535415.js Message: [Report Only] Refused to connect to 'https://assets-tracking.crazyegg.com/healthcheck' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Message: [Report Only] Refused to load the image 'https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4860388&time=1726273521561&url=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&tm=gtmv2&e_ipv6=AQKzNJu3pCsM6AAAAZHt64f1hAv_FX_2FXLuORv5wh9GRYYw4rtVSrQH-yJQVNO4Lg' because it violates the following Content Security Policy directive: "img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:".
security	error	URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Message: [Report Only] Refused to load the script 'https://a2.adform.net/Serving/TrackPoint/?CC=1&pm=2179965&ADFdivider=%7C&ord=290278695841&ADFtpmode=2&loc=https%3A%2F%2Fwww.gesa.com%2Fresources%2Fforms%2F-and%2F-tax%2F-information%2F-5%2F&Set1=de-DE%7Cde-DE%7C1600x1200%7C24' because it violates the following Content Security Policy directive: "script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.evgnet.com/beacon/gesacu/gesa_prod/scripts/evergage.min.js https://d10lpsik1i8c69.cloudfront.net https://secure.node7seat.com/js/219777.js https://connect.facebook.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.redditstatic.com/ads/pixel.js https://app.truconversion.com/ https://tags.srv.stackadapt.com/events.js https://app.leadsrx.com/visitor.js https://collector-37937.tvsquared.com/tv2track.js https://acsbapp.com https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://qvdt3feo.com/events.js https://api.alpharank.io https://tools.luckyorange.com 'nonce-d208ab1ac8'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js(Line 1) Message: [Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel/act' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTkzZDVlN2M0MA.js(Line 1) Message: [Report Only] Refused to connect to 'https://analytics.tiktok.com/api/v2/pixel/act' because it violates the following Content Security Policy directive: "connect-src 'self' https://analytics.google.com https://.analytics.google.com https://stats.g.doubleclick.net/g/collect https://app.leadsrx.com https://gesacu.us-1.evergage.com https://pixel.alpharank.io https://px.ads.linkedin.com https://pubsub.googleapis.com https://.luckyorange.net wss://*.visitors.live wss://visitors.live https://cdn.acsbapp.com https://www.redditstatic.com https://tags.srv.stackadapt.com".
security	error	URL: https://www.gesa.com/resources/forms/-and/-tax/-information/-5/ Message: [Report Only] Refused to load the image 'https://a1.seadform.net/serving/cookie/sync/?uid=6205908680845729888&stamp=1koJ_0ziFW8DvP-67D9Y4w2' because it violates the following Content Security Policy directive: "img-src 'self' https://collector-37937.tvsquared.com https://d10lpsik1i8c69.cloudfront.net https://px.ads.linkedin.com https://www.google.com/pagead/1p-user-list/ https://alb.reddit.com/rp.gif https://www.facebook.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://ssl.gstatic.com/ data:".
security	error	URL: https://a2.adform.net/ Message: [Report Only] Refused to frame 'https://c1.adform.net/' because it violates the following Content Security Policy directive: "frame-src 'self' https://td.doubleclick.net/".
security	error	URL: https://a2.adform.net/ Message: [Report Only] Refused to frame 'https://c1.adform.net/' because it violates the following Content Security Policy directive: "frame-src 'self' https://td.doubleclick.net/".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.seadform.net
a2.adform.net
analytics.tiktok.com
api.alpharank.io
app.leadsrx.com
app.truconversion.com
assets-tracking.crazyegg.com
c1.adform.net
cdn.evgnet.com
collector-37937.tvsquared.com
connect.facebook.net
gesacu.us-1.evergage.com
pagestates-tracking.crazyegg.com
pixel.alpharank.io
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s2.adform.net
script.crazyegg.com
secure.node7seat.com
settings.luckyorange.com
snap.licdn.com
static.cloudflareinsights.com
stats.g.doubleclick.net
tags.srv.stackadapt.com
tools.luckyorange.com
tracking.crazyegg.com
www.facebook.com
www.gesa.com
www.google.de
www.googletagmanager.com
www.gesa.com
104.19.147.8
108.138.36.92
13.107.42.14
142.250.186.99
151.101.0.114
157.240.251.9
185.167.164.49
2001:4860:4802:34::36
23.213.161.215
2600:9000:225b:f600:18:6c16:27c0:93a1
2606:4700:3034::6815:2785
2606:4700::6810:4f49
2620:1ec:21::14
2a00:1450:4001:82a::2008
2a00:1450:400c:c02::9b
2a02:26f0:3500:10::210:a99
2a03:2880:f176:84:face:b00c:0:25de
3.132.11.109
3.74.18.239
34.107.203.234
34.248.190.127
37.157.6.232
37.157.6.233
37.157.6.245
51.11.20.152
52.24.78.187
52.85.65.99
52.88.183.153
54.191.174.242
54.86.249.138
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
00bca6a9271b5e1cbb3965a74f48c1ce0b72bcbf08790aa2cab95f8dc5362153
013c037f68d07cd5a0a595f89995290aec3addca27079bc47ecd128440b06b3a
096003258cb51d14dbe7e4229ee63c5e81f101a4f38d45a13036b62d1671d8f0
10b08cc61521f1a256d584929dfa21d06697f9e0051b750704c7ecab2bd41b49
12b24eda9ccbce1eb304622463584a016cf5008f78c8a1e12cbce48e2759afcc
14e252b67e7b2f8fc2abf948bc6fe6410043abe7c47f7ffed0fecbd51365861a
1736c20a3a770680f2102cff4f885ddbaf8cb92420977fae6a69c67d47cc13c5
1c91f391bb3bd4f6dc9a1b1d5208b575630f75cdc8bb5a0f7d272de485b941e7
1ee3b1db07661a9cc8b0fdff20fc508bf14336eadf704d42384e368b0a3ecb7b
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
246faa0aca51a7be47ae13827bffdec1f0e69699d291c727646b56e83ee1fd0e
259411854d366c7e5a8ea50c55f590a6c2d215c9cb8d04b332e8eefe8c25e191
27c3bae726c78894582c23e5b507dda2dacd2c5c8aa9afe17ae179519e4ba3e0
2ab9f0ba818ae073994633579fa00714fed1584c30210dfe040c0f380f1df531
2cb546fbdda7995d374fffa4b2f6530bbcf57d014639ddf76de45df43d593045
34bbd1c367ffc7d80fcff86c7e5f8777e70f4911bb324e8ecfc7dd3604a96e68
37045bf0d243623db4f2e99567c986944957b336dafa6368f4f75bcbad6fc4fa
39c3ebb5890daa804f17c9a76bf96af7a27d4194c647204a6dba077a3bd5fef0
3e77dafe902b5371d42c7e236b778a91874bfb8bdb2dc82b3ee3d4803d20fd9d
3ea0ae12147c76e3b4e6ad26bfb580121295c8aa91480dee7b7e579dd00eb23d
41788f27f61aab4174275eb5fbbbcaffde0f4f0f07e6900592affad38e09b154
43f92926fd6c2ae121fb4df766fa966c8fdc4f898190e1e785c701e73c5b2013
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44594e9a79fe9dabbff6213e64700100d4fa0967a365452a01aba0223d596711
47e925d13492d065185476f059ef78e3035aebef7bd51420e0c85f343cbca791
49ae7e3bcac8eda5151670882e94705d657e672825aa6678105fca6cd824ffcd
4a25be1f0513a03c0595d7adc16dbd4402afaa9f00fdcb2564b53613eba2ad8b
4a518bd1723da2b6011895ad68059361ebb4cb80de3eec9145eacee89ddd9745
4a7fdd491f449c314d884b9b9b6d11cfe037179d84e567a62e1e19584881e3e9
4aa32d0514a3b91ba50923356ee6a61e475656074d1671e78558313759a82215
4ad88e6a32db51a41cff1741970ca95b3e433fbfb8be269c72f881a42f2b88c6
4aeb13170397b464cffff3b52ea86aba5ded26fda9e531d8a3dc264d6cc3ccae
4af105297c5b49ca668eaa0774c0eb479e907175f12ccc30e9c038dd7b6fcaf0
51351fc299066f9f6ec2e7ca2a85adad4bc2693d11469515ba23d796904e1621
533e264cc615ee4601da8d2c1dee4a8987319e53d4d7162272f067fbbf250020
5491e6347e06782a875a30960c3123a9918615eb631bceaa48bbbd1910ec782f
54ce8999aee272d8bfed2e1894235f82826e738b22de370cc76692f271d16820
58a752f5a1298d0757f7953670951352ab722958e4332e1f1f20a315f836e6e5
5ceb0c2088d29cecbe3ee571dc3cf6fec764bbb7c73f0e22c73007149a2ce68d
5d80f13fd7524318f81eb1301170d4d0fbee242c12403c01f3a06c9f681192c7
62eae656d047defc6a444456fb8878aa962ccab6a6841a503fd275cbaeb0b59c
641611b58754d802f2a7672c62a4d15ee0950f47c28f1bb9b2c1f38d9f7bca50
64f8879f35ad342dd6c59399f171d6eee9bfa7ddb81507ecebdd44d47ef711ec
664e150dfc78bd30e122bf293825d9e176a6d509b7571999b29627c0f15efa65
69bba50b17d75423288fd69eb23a6bf3a4ad2b63e762f64bd01c973228204e28
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6eade210358ca6b41631cf5c309c6b1a3fa1c043133ef84d5fc6b173ac1c9928
6f47116b10e3e156f70ab31279c1fa298e34f89ff75af6eea89c2dc092362fa2
73b2fdcf25aa909c7b0f072cf791066350ab834ca1d0d01ef096bb5583318213
75b4d3be4de4fa1248445a80b681c70a7b77d0ed49eb89bd3587d3dfe5086072
75e0fe33a139622cde1d4bacdef52e609e623b514c56b113c69568fa16c23a12
76ef8763be5097c86fda96458427a57f96c4abd514cb04f4b641bbe1b211f5a6
7866661e9747c63d27963b389bd0bbc19c29dc5255cf7393b727368927e9b06c
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4
7a2adf4c1187ff44afb6596a750c078a97b07717364daade11a8c337771832e0
7b354a0e73e811d7d49e6a34cff8a1ca999296498a411ace5efad1c5fc7f58bf
7cac928c21c394956af12602e1ec2362caa32fc52194cc8af6d56828fef9a7b2
7e6c39ab37a92035619ffbf66dd293f6d6980fc1bebdaeb9a0b922775abc32eb
7e84c9f8d71bc6eb2dac2fce59a6caea62da51ffa8cf56b41806f59386ab1322
7e8f70f86d34990e70e0b696310775bc5c4327110a78a08cebf21fc072cab1b2
83059e4c1a5c210e5585d96779fe655170817193d43e247c78dffaae7b7ba3a9
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839f1778ae61732f255a47d811d52937f289177dd84cd024e3341925e14968d2
8667a50fdab17dd946e43e37c6fd1623583b9440bdca887e44cc726e48feedaf
884ec4af3e42aa326e687947185fce05ecdbd42e4a4481de91495ab423a5259c
88bd92a6561a1c265ddd5add029ede12c5acbe96ff6c2d7f0b24c983758466b7
89c3f51110f629231ae765385824fb6df90584e9063db539777b350f868eb859
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8ddc6cbdb63a791bfc33f40d4b0a250a18e85e0ae93f72389ebda9242bef010d
8fede52ccf357147ddc53de46b2e80ac24b0b7bc647ee972fc594b8918955546
91a3339b07de08015a56df21b72633829c029c61effd4b1ab42107ff7aabcde8
925d84147330b584587658555aeafcdd28632cf4a9d7e72704aa36c6e3199e0f
9645f6f4ce67e35420d1496ac0a11df7f407cd5fcb775ba3dc40192637b466c5
97ce1e1f5dbfda35ac979b593e79e1673a3e725790339d767e4a6ca6e94a4828
99957faeaf39970f8f1acb07897cfb4f93f46ef7c15d661a2c282d0aa52e029f
9baa5dfd467e7b370ab5de74725204791016c4f2396d63e15ecffc8c8656d92c
9d9ac500a9710375caccde637375fbacca29f594ae05cdf340feb7bf461eb765
a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4
a496ca0aa2b9981aef70474b2219472dcf25db655779c48e3ab018e268857558
a533b6bf7ec3e66a1d9b30b68aca09e3b290d1ec27315de8175a280771febc14
a7cce058ee1449cd55e1e5ffa2bf967d5045c91c67fed9f13740be01b0ad1937
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab3598e2d6ad2d1e9feef533adf3665cd58c4eeb1916ae652d2c42794bf0a801
b00905cd947bbb9ea809e3ec81c20957169ac25edd4356e50226f0c097078f1b
b091fb04aeb43da4cec3392a4de451d0f6b97a91235e0dc68560bc271c2b83c8
b10604af435fcda6674878212b06d1b8d557aee0f5c877dc5befab22ebf71c9a
b23f49f504faa32aac548b6662ffd64412f6738496fab8be38da46c5b7121804
b306f23a407ccf859f6f9d1009fc06d1709ba13ce676a43bf7c77ce725e01d54
b358915252ba0e190c01550a54e89bb37c29925c45f71d0244bfed51c188a49c
b48bb25e1fe530912d872438ef532de73c7fddad96fadc6affb18fdbd097c1d6
b774ecfba495efb9191ea702fe68e667b9d1ee6904d88a5c6301f23cbde66b6c
b8166c5475df6a64ab2456e95f64564164ed697d258e8bfed8cebca40efd6fa5
b936db5880aa9b6b2f26a8d32fc2b689fb75f69d971b94194f16dba801221ffe
c14c63c6226ab5e6104ab7bd06206427cc7d09806f381c4be2ce68da643f1907
c3edba055b20ba9ea5fef758edcd02e84007576c3c90c5cf654133001b9332d5
c9702fb282f7460668305673b77e4e30212991aa022fcad56a8bb9b87d4b2908
ca95998f89c7df2734c9a79dbd61a173c93f6e9808f4a7eabd7f8404db8d6760
cadb9feb4a1b9c1100d9e40b4fbdc6554134e015178c250c1509cc799a21ff26
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cbbf83c45cce424c26bb4d929e053d264b713b70b8dcee428343b64e06a22056
cc65806adf6c251323693c9b7adb6b97e19879aa2f5428f2f05c0f08fca18404
cdaa4c91b5bc3dd4ce8e1345b453844dd414602022a182ce2853d87bd4b9a9d3
d2d92ee9c3d13c54f11e88045a5f5ed45550cee1ce7c1b653a9da645d65400fb
d5694b4aa9c53efe0cb6d1a569b18bb0d0f3e01f767c478293282703e8b45321
d5ea45f8ad8b8df8cdebe87f18cfce232468b3e6a028880773a8d09e13789ac8
de6c02a0b87d4a7efebf4c80340bb90c9c9b9815b5f12c9ff45bf9f70e91e607
df9f1f8f4deeec8193dbcf3074a9e4767db05cc6c3b4dca6a9cafff884fb0816
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
f313d12ea6124bd28fc4a6b7163d253bb83d5aeab5edce594880c5c3df475cbc
f40efd80332bc8ca17a3af9c1eb134068063bdb0753f60d070e74e8527db6057
f6eb858ead7f15dcd18541c5433714e0c0966d81b8d009a2d49e5a181e548fbb
f8a443c0537c771f44c861236a766d29b4d309d2671d327718dfd57f23210338
f8aa916be8ee9babafc0055de42bd64e344202fe3223d463d0cc35e1637f1ea1
fe513ef974b767510d0a2b9f1b4d3afa53185b89ab617c869e5e3d6db960192c
ff0a79ec21356d69477f2e854838c684d1a18f82c8c384dc8530efd60392f18b
ff4961dda4383b1a3727e5aa981024c40cb07005f89e3264a3ab423eb356380f

www.gesa.com Open in urlscan Pro 2606:4700:3034::6815:2785 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

132 Requests

97 %HTTPS

30 %IPv6

23 Domains

31 Subdomains

31 IPs

7 Countries

2193 kBTransfer

6817 kBSize

84 Cookies

7 Outgoing links

Page URL History

Redirected requests

132 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.gesa.com Open in urlscan Pro
2606:4700:3034::6815:2785 Public Scan

Screenshot
Live screenshot

Full Image

132
Requests

97 %
HTTPS

30 %
IPv6

23
Domains

31
Subdomains

31
IPs

7
Countries

2193 kB
Transfer

6817 kB
Size

84
Cookies

132 HTTP transactions
11 data transactions