www.simons.ca Open in urlscan Pro
104.17.217.25 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://simons.cheetah-reach.com/el/2527321690/2021-11/1865/en/d/5a876bc4a797989cb69361e9fb5aec493aab981b/0/39?subscribed=1&eid=B...
Effective URL:
https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsecti...
Submission: On November 16 via api (November 16th 2021, 12:05:11 am UTC) from US — Scanned from DE

Summary HTTP 224 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 38 IPs in 5 countries across 27 domains to perform 224 HTTP transactions. The main IP is 104.17.217.25, located in and belongs to CLOUDFLARENET, US. The main domain is www.simons.ca.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 24th 2021. Valid for: a year.

This is the only time www.simons.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:4807	13335 (CLOUDFLAR...) (CLOUDFLARENET)
42	104.17.217.25 104.17.217.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
45	104.17.218.25 104.17.218.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.111.230.79 104.111.230.79	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	143.204.98.41 143.204.98.41	16509 (AMAZON-02) (AMAZON-02)
3	143.204.98.64 143.204.98.64	16509 (AMAZON-02) (AMAZON-02)
1	34.201.199.121 34.201.199.121	14618 (AMAZON-AES) (AMAZON-AES)
2	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5914	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.249.72 35.186.249.72	15169 (GOOGLE) (GOOGLE)
1 2	142.250.74.198 142.250.74.198	15169 (GOOGLE) (GOOGLE)
1	143.204.98.124 143.204.98.124	16509 (AMAZON-02) (AMAZON-02)
56	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
5	151.101.1.21 151.101.1.21	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
9	143.204.98.31 143.204.98.31	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c1b::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	54.154.232.8 54.154.232.8	16509 (AMAZON-02) (AMAZON-02)
7	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
3	151.101.1.35 151.101.1.35	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	2600:1f18:f8a... 2600:1f18:f8a:b704:e516:f71b:f667:9bcf	14618 (AMAZON-AES) (AMAZON-AES)
1	162.247.243.147 162.247.243.147	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	52.205.107.170 52.205.107.170	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1f18:f8a... 2600:1f18:f8a:b702:d69:3533:4c56:441c	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.98.101 143.204.98.101	16509 (AMAZON-02) (AMAZON-02)
224	38

1 2606:4700:20::ac43:4807 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

simons.cheetah-reach.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 104.17.217.25 (None, )

ASN13335 (CLOUDFLARENET, US)

www.simons.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jscdn.simons.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
csscdn.simons.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imarcomcdn.simons.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 104.17.218.25 (None, )

ASN13335 (CLOUDFLARENET, US)

imagescdn.simons.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.230.79 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-230-79.deploy.static.akamaitechnologies.com

appleid.cdn-apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-41.fra50.r.cloudfront.net

cdn.noibu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-64.fra50.r.cloudfront.net

api.heyday.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.201.199.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-201-199-121.compute-1.amazonaws.com

www.offlinx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5914 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.249.72 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 72.249.186.35.bc.googleusercontent.com

d.impactradius-event.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.74.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f6.1e100.net

4863916.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-124.fra50.r.cloudfront.net

cl.avis-verifies.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

56 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.1.21 (United States)

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 143.204.98.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-31.fra50.r.cloudfront.net

webchat.heyday.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c1b::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.232.8 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-232-8.eu-west-1.compute.amazonaws.com

simons-ca.c2ukkg.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.35 (United States)

ASN54113 (FASTLY, US)

t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:f8a:b704:e516:f71b:f667:9bcf (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

beacon.riskified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.147 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.205.107.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-107-170.compute-1.amazonaws.com

img.riskified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:f8a:b702:d69:3533:4c56:441c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

c.riskified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-101.fra50.r.cloudfront.net

assets.heyday.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
87	simons.ca www.simons.ca jscdn.simons.ca csscdn.simons.ca imagescdn.simons.ca imarcomcdn.simons.ca	2 MB
56	facebook.com www.facebook.com	313 KB
13	heyday.ai api.heyday.ai webchat.heyday.ai assets.heyday.ai	464 KB
8	riskified.com beacon.riskified.com img.riskified.com c.riskified.com	15 KB
8	paypal.com www.paypal.com t.paypal.com	11 KB
7	paypalobjects.com www.paypalobjects.com	101 KB
5	facebook.net connect.facebook.net	285 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	228 KB
4	doubleclick.net 1 redirects 4863916.fls.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	3 KB
4	google-analytics.com www.google-analytics.com	55 KB
4	googletagmanager.com www.googletagmanager.com	225 KB
4	google.com www.google.com adservice.google.com	2 KB
3	google.de www.google.de adservice.google.de	1 KB
3	bing.com bat.bing.com	11 KB
2	cloudflare.com cdnjs.cloudflare.com	23 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	nr-data.net bam-cell.nr-data.net	711 B
1	newrelic.com js-agent.newrelic.com	13 KB
1	c2ukkg.net simons-ca.c2ukkg.net	922 B
1	googleadservices.com www.googleadservices.com	15 KB
1	avis-verifies.com cl.avis-verifies.com	453 B
1	impactradius-event.com d.impactradius-event.com	13 KB
1	jsdelivr.net cdn.jsdelivr.net	4 KB
1	offlinx.com www.offlinx.com	446 B
1	noibu.com cdn.noibu.com	27 KB
1	cdn-apple.com appleid.cdn-apple.com	17 KB
1	cheetah-reach.com 1 redirects simons.cheetah-reach.com	731 B
224	27

	Domain	Requested by
56	www.facebook.com	connect.facebook.net www.simons.ca www.facebook.com
45	imagescdn.simons.ca	www.simons.ca imagescdn.simons.ca
30	csscdn.simons.ca	www.simons.ca csscdn.simons.ca
9	webchat.heyday.ai	api.heyday.ai webchat.heyday.ai
7	www.paypalobjects.com	www.paypal.com www.paypalobjects.com
6	imarcomcdn.simons.ca	www.simons.ca
5	img.riskified.com
5	www.paypal.com	www.simons.ca www.paypalobjects.com
5	connect.facebook.net	www.simons.ca connect.facebook.net imagescdn.simons.ca
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.simons.ca
4	fonts.gstatic.com	fonts.googleapis.com
4	www.googletagmanager.com	www.simons.ca imagescdn.simons.ca www.googletagmanager.com
3	t.paypal.com	www.simons.ca
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.simons.ca
3	api.heyday.ai	www.googletagmanager.com webchat.heyday.ai
3	www.google.com	www.simons.ca
3	jscdn.simons.ca	www.simons.ca
3	www.simons.ca	jscdn.simons.ca
2	c.riskified.com	beacon.riskified.com
2	www.google.de	www.simons.ca
2	4863916.fls.doubleclick.net	1 redirects imagescdn.simons.ca
2	cdnjs.cloudflare.com	jscdn.simons.ca
2	fonts.googleapis.com	www.simons.ca imagescdn.simons.ca
1	assets.heyday.ai
1	bam-cell.nr-data.net	js-agent.newrelic.com
1	beacon.riskified.com	imagescdn.simons.ca
1	js-agent.newrelic.com	www.simons.ca
1	adservice.google.de	adservice.google.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	simons-ca.c2ukkg.net	d.impactradius-event.com
1	adservice.google.com	4863916.fls.doubleclick.net
1	stats.g.doubleclick.net	www.google-analytics.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.gstatic.com	www.google.com
1	cl.avis-verifies.com	jscdn.simons.ca
1	d.impactradius-event.com	www.simons.ca
1	cdn.jsdelivr.net	imagescdn.simons.ca
1	www.offlinx.com	www.simons.ca
1	cdn.noibu.com	www.googletagmanager.com
1	appleid.cdn-apple.com	www.simons.ca
1	simons.cheetah-reach.com	1 redirects
224	41

This site contains links to these domains. Also see Links.

Domain
www.simonscareers.ca
instagram.com
www.instagram.com
www.facebook.com
pinterest.com
www.youtube.com
ca.linkedin.com
www.verified-reviews.com

Subject Issuer	Validity	Valid
www.simons.ca Go Daddy Secure Certificate Authority - G2	`2021-08-24` - `2022-08-28`	a year	crt.sh
simons.ca Cloudflare Inc ECC CA-3	`2021-05-10` - `2022-05-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
appleid.cdn-apple.com Apple Public EV Server RSA CA 2 - G1	`2021-01-19` - `2022-02-18`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-24` - `2021-11-22`	3 months	crt.sh
cdn.noibu.com Amazon	`2021-06-07` - `2022-07-06`	a year	crt.sh
heyday.ai Amazon	`2021-10-05` - `2022-11-03`	a year	crt.sh
www.offlinx.com Entrust Certification Authority - L1K	`2020-01-13` - `2022-03-25`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.impactradius-event.com Sectigo RSA Domain Validation Secure Server CA	`2021-01-06` - `2022-01-06`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
cl.avis-verifies.com Amazon	`2021-07-31` - `2022-08-29`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-11-02` - `2022-03-15`	4 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
rlm6px.net Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
t.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-09-21` - `2022-10-22`	a year	crt.sh
www.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.riskified.com Amazon	`2021-04-20` - `2022-05-19`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 9 frames:

Primary Page: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Frame ID: BC184EC31D6C9F9EF0F304F70188774B
Requests: 153 HTTP requests in this frame

Frame: https://4863916.fls.doubleclick.net/activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195
Frame ID: A29FE21FF9D32C85A855869300DF2CCA
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Frame ID: B750030AB0A43C09BDA679F8DA2EC96E
Requests: 26 HTTP requests in this frame

Frame: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Frame ID: 744681E9DEAB1A693BA1558587BDE3E0
Requests: 26 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/
Frame ID: 32AFBFEAE6D095D99AA1C49B1A933B95
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/
Frame ID: F4B087E8E295FBC9AE34D7F64E514874
Requests: 1 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/offers/index.html
Frame ID: 1636AE6B6E5128A6AE05CE84E031FEC7
Requests: 5 HTTP requests in this frame

Frame: https://www.paypalobjects.com/muse/analytics/index.html
Frame ID: 3C25E72978ABEA48C6FCD1725BB43826
Requests: 3 HTTP requests in this frame

Frame: https://webchat.heyday.ai/
Frame ID: C1268D0508C0139183F2FD77FCE361C0
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Simons

Page URL History Show full URLs

https://simons.cheetah-reach.com/el/2527321690/2021-11/1865/en/d/5a876bc4a797989cb69361e9fb5aec493aab981b/0/3... HTTP 302
https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile... Page URL

Page Statistics

224
Requests

100 %
HTTPS

50 %
IPv6

27
Domains

41
Subdomains

38
IPs

5
Countries

3820 kB
Transfer

9437 kB
Size

47
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.simonscareers.ca/en
Title: Careers

Search URL Search Domain Scan URL

URL: http://instagram.com/maisonsimons

Search URL Search Domain Scan URL

URL: https://www.instagram.com/simonshomme
Title: SimonsHomme

Search URL Search Domain Scan URL

URL: http://www.facebook.com/simons.ca

Search URL Search Domain Scan URL

URL: http://pinterest.com/maisonsimons

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/simons

Search URL Search Domain Scan URL

URL: https://ca.linkedin.com/company/maisonsimons

Search URL Search Domain Scan URL

URL: https://www.verified-reviews.com/reviews/simons.ca
Title: 4.7 / 12061 ratings

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://simons.cheetah-reach.com/el/2527321690/2021-11/1865/en/d/5a876bc4a797989cb69361e9fb5aec493aab981b/0/39?subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ HTTP 302
https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://4863916.fls.doubleclick.net/activityi;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195 HTTP 302
https://4863916.fls.doubleclick.net/activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195

224 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.jsp Show response
www.simons.ca/simons/profile/
Redirect Chain

https://simons.cheetah-reach.com/el/2527321690/2021-11/1865/en/d/5a876bc4a797989cb69361e9fb5aec493aab981b/0/39?subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&ut...

81 KB
18 KB

606ms
523ms

Document
text/html

104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / JSP/2.2

Resource Hash

b841fc1d7577dcc99d8bb754f41a023b2da6cbc1a42a06440f8f0c837bba0fe0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.simons.ca
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
x-atg-version: version=QVRHUGxhdGZvcm0vMTEuMnAy
x-powered-by: JSP/2.2
pragma: no-cache
cache-control: no-cache
expires: Tue, 04 Dec 1993 21:29:02 GMT
content-language: en-CA
x-route: simons
content-security-policy: frame-ancestors 'self' *.simons.ca
x-frame-options: SAMEORIGIN
x-xss-protection: 1
strict-transport-security: max-age=16070400; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6aec77343fdc000a-MAN
content-encoding: br

Redirect headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-type: text/html; charset=UTF-8
location: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
vhost: emarketing
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjo64Plk8ILILPRLkeuNqEcl3lIRl5GAVlAUsT%2FfYqMbIrPLTkg6okkZi3Kz0MUIl86s7Xy2qqfFj%2BP%2BaMaOQnE8P6d9un92tJSUQKuE1rmQo6TyXPd3oMSzoiOhicp56bE%2FlHLxZ9Y1AEn3m3blX9dxZXIjAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6aec7730cdc65a31-MXP

GET
H2 200 simons_head.js Show response
jscdn.simons.ca/simons/js/ 114 KB
41 KB 115ms
46ms Script
application/javascript 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jscdn.simons.ca/simons/js/simons_head.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2492b1c9759c2d59cd8a59519bc892ce4a643a87a632532cbe85644b60b86f69

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 17318
cf-polished: origSize=117114
last-modified: Mon, 25 Oct 2021 22:45:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"6177337e-1c97a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec77380a2b35e3-MAN
expires: Wed, 24 Nov 2021 00:05:05 GMT

GET
H2 200 simons_head.css
csscdn.simons.ca/simons/css/ 225 KB
63 KB 129ms
47ms Stylesheet
text/css 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03c2421c2aacaf35c291c115a9afa2ce8009723e26b87ad3d65501bbc703923f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 25409
cf-polished: origSize=265328
last-modified: Mon, 25 Oct 2021 22:45:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"6177337e-40c70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec77382aef35c5-MAN
expires: Wed, 24 Nov 2021 00:05:05 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
967 B 41ms
17ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,300i,400,700,900

Requested by

Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

29a6e466390a2fcf99baf8c16c9bcf9d2cacb93dcc3d5c4799ba345cc46ff54a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 00:05:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Nov 2021 00:05:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Nov 2021 00:05:05 GMT

GET
H2 200 2021-11-08_12-43-53.css
imagescdn.simons.ca/imarcom/css/unified/ 394 KB
92 KB 91ms
43ms Stylesheet
text/css 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 729a551f424a2974bd77ca12794a990f750a58fe9adc0d7c56169a5d1875be08

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 627361
cf-polished: origSize=475003
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
cf-bgj: minify
server: cloudflare
etag: W/"442f0af1cac61c3656e7f04e8a12abdf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7737e9abedf7-CDG
expires: Wed, 24 Nov 2021 00:05:05 GMT

GET
H2 200 2021-11-08_12-43-53.js Show response
imagescdn.simons.ca/imarcom/js/head/ 3 KB
2 KB 90ms
42ms Script
application/javascript 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/js/head/2021-11-08_12-43-53.js?__=1eb0b7936e638827a83ce868043ab567
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e6b861ee1c3ec0f833fbd061a72e05067e251b39d4d9935623a36ce0da06e59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 627361
cf-polished: origSize=3699
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
cf-bgj: minify
server: cloudflare
etag: W/"1eb0b7936e638827a83ce868043ab567"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7737e9adedf7-CDG
expires: Wed, 24 Nov 2021 00:05:05 GMT

GET
H2 200 logo_simons-en.png
imagescdn.simons.ca/imarcom/images/ 2 KB
2 KB 53ms
50ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/logo_simons-en.png?__=277d0779d469920f3d44c2849d32377b
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9bcdbee0dc3f16a7a66529964f6bbf7ab3ad8080dbbe3a2a8d8e5df152f4757

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=5000
last-modified: Wed, 10 Nov 2021 21:08:45 GMT
content-disposition: inline; filename="logo_simons-en.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"277d0779d469920f3d44c2849d32377b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca5dedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 logo_print.png
imagescdn.simons.ca/simons/css/images/ 10 KB
10 KB 50ms
47ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/simons/css/images/logo_print.png?version=1593
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfaf611f57352c8aed11d94f8b336f5bc704d4dc650e82d08028095a1457f717

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=23227
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="logo_print.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-5abb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca5fedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 account.css
csscdn.simons.ca/simons/css/ 48 KB
8 KB 41ms
41ms Stylesheet
text/css 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://csscdn.simons.ca/simons/css/account.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfbd0f623d9cdbb97a6af1fee751ed39c9d96a41cce4dc5f969b3cd8f1526982

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 13468
cf-polished: origSize=54136
last-modified: Mon, 25 Oct 2021 22:44:56 GMT
cf-bgj: minify
server: cloudflare
etag: W/"61773368-d378"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec77386b4535c5-MAN
expires: Wed, 24 Nov 2021 00:05:05 GMT

GET
H2 200 rewards_logo-brown.png
csscdn.simons.ca/simons/css/images/ 228 B
435 B 41ms
39ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/rewards_logo-brown.png?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8163cbca63c70dd145c3aec975f758b1506c5084db628bc5c916b5ae6f603916

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13469
cf-polished: origFmt=png, origSize=1142
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="rewards_logo-brown.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-476"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738cbb335c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 apple_sign_in_button-en.png
csscdn.simons.ca/simons/css/images/ 524 B
662 B 42ms
39ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/apple_sign_in_button-en.png?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b47f73b6230785ea5222dea9ac5d77f15e60eed62c8c973165b2d1a8fb2140f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 372640
cf-polished: origFmt=png, origSize=1551
last-modified: Mon, 25 Oct 2021 22:44:56 GMT
content-disposition: inline; filename="apple_sign_in_button-en.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"61773368-60f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738cbb435c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 hand.png
imarcomcdn.simons.ca/imarcom/images/login_2017/ 177 KB
178 KB 72ms
60ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imarcomcdn.simons.ca/imarcom/images/login_2017/hand.png?__=231b685ef32df880ec67b98744064293
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0403358ce75bce9316ae68db3e2a88013a97fa250d6de314eab35312ef4f1daa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=276210
x-amz-storage-class: INTELLIGENT_TIERING
last-modified: Fri, 20 Aug 2021 02:34:44 GMT
content-disposition: inline; filename="hand.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"231b685ef32df880ec67b98744064293"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738db3a35e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 right_banner_en.jpg
imarcomcdn.simons.ca/imarcom/images/login_2017/ 83 KB
84 KB 72ms
60ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imarcomcdn.simons.ca/imarcom/images/login_2017/right_banner_en.jpg?v2=&__=22457178897d60aa45dca234344c7821
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ba8bf34326335e47c9386cfe2d6cbb4b689bff84d1828ea5fdc5a8f826aabd1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=jpeg, origSize=128943
last-modified: Fri, 20 Aug 2021 02:34:44 GMT
content-disposition: inline; filename="right_banner_en.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"22457178897d60aa45dca234344c7821"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738db3c35e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 the-simons.png
imarcomcdn.simons.ca/imarcom/images/login_2017/ 2 KB
2 KB 71ms
60ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imarcomcdn.simons.ca/imarcom/images/login_2017/the-simons.png?__=fcafe763c55d41f035b03cfd60812cfc
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9621765b803e84e34f03982925163a517ae8d8566e9e9ec073a53b0b78ba2f46

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=6445
last-modified: Fri, 20 Aug 2021 02:34:44 GMT
content-disposition: inline; filename="the-simons.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"fcafe763c55d41f035b03cfd60812cfc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738db3835e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 smallLeaf.png
imarcomcdn.simons.ca/imarcom/images/login_2017/ 92 B
283 B 71ms
60ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imarcomcdn.simons.ca/imarcom/images/login_2017/smallLeaf.png?__=b7bd00d151b4de05677deee1cb8db7a5
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e579549524c1f18186762b4ed03619f6fbc4d2733b0b9316daa7a50ad948985c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=1041
last-modified: Fri, 20 Aug 2021 02:34:44 GMT
content-disposition: inline; filename="smallLeaf.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"b7bd00d151b4de05677deee1cb8db7a5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738db3735e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 greenLeaf.png
imarcomcdn.simons.ca/imarcom/images/login_2017/ 324 B
461 B 71ms
60ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imarcomcdn.simons.ca/imarcom/images/login_2017/greenLeaf.png?__=eb487923b0a0c1d3a65dd900a6363b3c
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 951aa69ed3915e33bf3b0e1b554a522c8b554ff51a261459cbd019a993758722

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=1633
last-modified: Fri, 20 Aug 2021 02:34:44 GMT
content-disposition: inline; filename="greenLeaf.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"eb487923b0a0c1d3a65dd900a6363b3c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738db3b35e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H/1.1 200
OK appleid.auth.js Show response
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 42 KB
17 KB 143ms
22ms Script
application/javascript 104.111.230.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.230.79 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-230-79.deploy.static.akamaitechnologies.com

Software

Apple /

Resource Hash

60e60bf2583cf7444b00a4b0b8d46de5fd5816f768fc72fd71c643357132df69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Last-Modified: Mon, 25 Oct 2021 20:41:52 GMT
Server: Apple
ETag: W/"42671-1635194512097"
Vary: accept-encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400,stale-while-revalidate=86400
Date: Tue, 16 Nov 2021 00:05:06 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17247

GET
H2 200 login.js Show response
jscdn.simons.ca/simons/js/ 6 KB
1 KB 42ms
41ms Script
application/javascript 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jscdn.simons.ca/simons/js/login.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26371e57f9c8209580fb223890eeb7f09e899c39340f205ec4d9504cb13212b6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 13469
cf-polished: origSize=8034
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
cf-bgj: minify
server: cloudflare
etag: W/"6177336a-1f62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738cb1135e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 newsletter-icon.svg
imagescdn.simons.ca/imarcom/images/footer-2018/ 2 KB
1 KB 61ms
59ms Image
image/svg+xml 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/footer-2018/newsletter-icon.svg?__=20ef341491fa600c093561faf1a5cb56
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bf8922b6cb0bd95c8c4fa90584b2738f8e44e22092c0e57c0fd806b3348ed89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 09 Sep 2021 11:00:44 GMT
server: cloudflare
age: 938384
etag: W/"20ef341491fa600c093561faf1a5cb56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca61edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 footer-cards-en.png
imagescdn.simons.ca/imarcom/images/footer-2020/ 6 KB
6 KB 45ms
44ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/footer-2020/footer-cards-en.png?__=5d7b1569e7484963c251d71f85067f5f
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17919ee236fdf074e1d23ee9089e17ddbe16f03802cefd2f3a366ced62c8b811

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=9533
last-modified: Wed, 03 Nov 2021 19:43:06 GMT
content-disposition: inline; filename="footer-cards-en.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"5d7b1569e7484963c251d71f85067f5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca63edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons_foot_en.js Show response
jscdn.simons.ca/simons/js/ 501 KB
135 KB 50ms
48ms Script
application/javascript 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jscdn.simons.ca/simons/js/simons_foot_en.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c746f928daf4ae8e420af0ebe89765e47f0eb46a412643692847073981700e94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 17319
cf-polished: origSize=564744
last-modified: Mon, 25 Oct 2021 22:45:18 GMT
cf-bgj: minify
server: cloudflare
etag: W/"6177337e-89e08"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738cb1c35e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 2021-11-10_15-18-05.js Show response
imagescdn.simons.ca/imarcom/js/utils/ 33 KB
9 KB 59ms
56ms Script
application/javascript 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/js/utils/2021-11-10_15-18-05.js?__=3cbd2e58859c9db1cc145cc1641de605
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9db5cadcc1af72912749ac4447c230dc653d13742fbd65d26715e24beaf5c4f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 331651
cf-polished: origSize=52247
last-modified: Wed, 10 Nov 2021 20:18:32 GMT
cf-bgj: minify
server: cloudflare
etag: W/"3cbd2e58859c9db1cc145cc1641de605"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca55edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 2021-11-10_15-18-07.js Show response
imagescdn.simons.ca/imarcom/js/dic.en/ 12 KB
3 KB 55ms
52ms Script
application/javascript 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/js/dic.en/2021-11-10_15-18-07.js?__=69d8e43ac962f3dcd59807911aeda8f7
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eccfa2bd7cc6ed65e9fd903759e40fe4d70fed32c0b118cab602501b1f9589af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 445480
cf-polished: origSize=13199
last-modified: Wed, 10 Nov 2021 20:18:32 GMT
cf-bgj: minify
server: cloudflare
etag: W/"69d8e43ac962f3dcd59807911aeda8f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca57edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 2021-11-10_15-18-05.js Show response
imagescdn.simons.ca/imarcom/js/unified/ 944 KB
236 KB 65ms
62ms Script
application/javascript 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/js/unified/2021-11-10_15-18-05.js?__=e692663af9018930bbb07f047cc02943
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d2768a911c7e236fff7ab8f2aa6977707cbf48c6e4697091c6c99f0a23dcf7e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 331651
cf-polished: origSize=1174417
last-modified: Wed, 10 Nov 2021 20:18:32 GMT
cf-bgj: minify
server: cloudflare
etag: W/"e692663af9018930bbb07f047cc02943"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca5aedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 remarketing.js Show response
imagescdn.simons.ca/imarcom/js/ 6 KB
2 KB 51ms
48ms Script
application/javascript 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/js/remarketing.js?__=cb5589655ed8809308fee36773428269
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1d0e0d53e4d6659b47f5999a5650d1c7d4aa5a046a50a5154fc11f9c62d5064

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
age: 929994
cf-polished: origSize=15400
last-modified: Thu, 04 Nov 2021 16:23:46 GMT
cf-bgj: minify
server: cloudflare
etag: W/"cb5589655ed8809308fee36773428269"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca5bedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
969 B 46ms
16ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c0e56b4c6d6603c198bb6f92d0cf363bef3c7e9d7d95080494263e8946b57b1c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 224 KB
68 KB 42ms
15ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PHRQWH9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f24cdb8b74c11d931abe60849f30e6543c490813311e92603698b7a04bccaae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 68807
x-xss-protection: 0
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
934 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,900|Noto+Serif:400,700|Oswald:400

Requested by

Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ced4f18f0603db2d15a5836d88a5ba7afbaf6604318e6b3f15a7d4ff94876ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Nov 2021 00:05:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Nov 2021 00:05:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 90 KB
35 KB 49ms
21ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1653632-1

Requested by

Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/js/head/2021-11-08_12-43-53.js?__=1eb0b7936e638827a83ce868043ab567

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96fb684a980ad437d26a62aed94c39d5ff36edbe79045526169012fd3b67581d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36153
x-xss-protection: 0
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 can-flag.png
imagescdn.simons.ca/imarcom/images/top_nav/ 2 KB
2 KB 49ms
48ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/can-flag.png?__=fb3571e130ec2b094c5afc29ac348c7f
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6b92236a527dcb75210ffe51d9d1a242013d89d80dc0e38a06937f3170f71092

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=3988
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="can-flag.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"fb3571e130ec2b094c5afc29ac348c7f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca6eedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 usa-flag.png
imagescdn.simons.ca/imarcom/images/top_nav/ 2 KB
3 KB 52ms
51ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/usa-flag.png?__=614ced6d91186a049a5b732352397f04
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a73cd60e358dcf7b48c5b160cdc15711c9f282722a0c6450d25f8e5c7e684711

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=4107
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="usa-flag.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"614ced6d91186a049a5b732352397f04"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca6fedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 clef.png
imagescdn.simons.ca/imarcom/images/top_nav/ 520 B
756 B 68ms
68ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/clef.png?__=7383ca476c81035de3f4e21f175bb39e
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5d0019c0b46fe0fb14491d2b67390e5ec60949c44c16098d3ad9addb8da8f30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=1837
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="clef.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"7383ca476c81035de3f4e21f175bb39e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca72edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 horloge.png
imagescdn.simons.ca/imarcom/images/top_nav/ 284 B
426 B 50ms
49ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/horloge.png?__=92ac93623fca422e525f749cb3276cb5
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 43582dd137c567fc42e76a9a089d41db94df3b9f264efa73fcab4de1d115be7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331492
cf-polished: origFmt=png, origSize=1543
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="horloge.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"92ac93623fca422e525f749cb3276cb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca73edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 bag.png
imagescdn.simons.ca/imarcom/images/top_nav/ 424 B
557 B 68ms
68ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/bag.png?__=968a52a14c305f090452d55e5c3fd656
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3239690e0a0699fe75f1cc71b92359c13c0692f9d9c7d83a00e45d5d0a27d553

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331492
cf-polished: origFmt=png, origSize=1587
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="bag.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"968a52a14c305f090452d55e5c3fd656"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738ca74edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
24 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 21:26:28 GMT
x-content-type-options: nosniff
age: 9518
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 15 Nov 2022 21:26:28 GMT

GET
H2 200 icon.woff2
imagescdn.simons.ca/imarcom/css/fonts/ 38 KB
38 KB 97ms
43ms Font
binary/octet-stream 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://imagescdn.simons.ca/imarcom/css/fonts/icon.woff2?e2l55x=&__=5a1f4b2402ee97ec39fe3f9211d8130a
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 109405bb41196e75f45961b8899ab7a1d1e7959db1c6d68d00b1d6b53da8ecac

Request headers

Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Wed, 03 Nov 2021 19:42:45 GMT
server: cloudflare
age: 1049689
etag: "5a1f4b2402ee97ec39fe3f9211d8130a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: binary/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec77392c1854d6-MAN
content-length: 38764
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
23 KB 36ms
13ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 04:27:49 GMT
x-content-type-options: nosniff
age: 329837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 12 Nov 2022 04:27:49 GMT

GET
H2 200 menu Show response
www.simons.ca/en/ 58 KB
8 KB 406ms
405ms XHR
text/html 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simons.ca/en/menu

Requested by

Host: jscdn.simons.ca
URL: https://jscdn.simons.ca/simons/js/simons_head.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73b2ddc1f58df724d327c9d6c73358af6c2481b3de05de890a8d6ff73d74caed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.simons.ca
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept: */*
Referer: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
x-nfe: 1
content-security-policy: frame-ancestors 'self' *.simons.ca
strict-transport-security: max-age=16070400; includeSubDomains
cf-ray: 6aec7738ec4a000a-MAN
x-xss-protection: 1

GET
H2 200 dot_40.png
csscdn.simons.ca/simons/css/images/ 34 B
168 B 41ms
37ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/dot_40.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98c28e555bcb2298195f1689f1ff9b9597ba5851b6edfe074ab0e2369ed761db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=929
content-disposition: inline; filename="dot_40.webp"
content-length: 34
last-modified: Mon, 25 Oct 2021 22:44:56 GMT
server: cloudflare
etag: "61773368-3a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738ebe535c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box-fafafa-x.png
csscdn.simons.ca/simons/css/images/ 88 B
218 B 43ms
38ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box-fafafa-x.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5574b3bc1af391a0027b7bd6db7c2abdbb9bf84007935ade40a0e22c010deac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13469
cf-polished: origFmt=png, origSize=1044
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="shadow_box-fafafa-x.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-414"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738fbea35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 404 shadow_box-fafafa-square.png
imagescdn.simons.ca/imarcom//images/login_2017/ 0
0 595ms
591ms Image
text/html 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom//images/login_2017/shadow_box-fafafa-square.png?__=a3fb6c8b0366eaca43fa42a79354e2a2
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 shadow_box-fafafa-y.png
csscdn.simons.ca/simons/css/images/ 90 B
220 B 43ms
39ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box-fafafa-y.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4bb0ad8a1150767d4ae99ef113703e6e77957ad220d78edc7150a4c7af49aa89

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 372640
cf-polished: origFmt=png, origSize=1036
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="shadow_box-fafafa-y.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-40c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7738fbec35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 password_eye.png
csscdn.simons.ca/simons/css/images/ 118 B
251 B 47ms
42ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/password_eye.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be8acbc831b2f91f24daa55a3242f5c17083f9dd00ae17b73c905970d21c640c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13469
cf-polished: origFmt=png, origSize=319
content-disposition: inline; filename="password_eye.webp"
content-length: 118
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-13f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbed35c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_n-7d622e.png
csscdn.simons.ca/simons/css/images/ 48 B
294 B 44ms
40ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_n-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7316bcb776a21a6b30a30d05bd3639167107ccc7193cde53b239a76577ab1bdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=164
content-disposition: inline; filename="shadow_box_n-7d622e.webp"
content-length: 48
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbee35c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_ne-7d622e.png
csscdn.simons.ca/simons/css/images/ 68 B
201 B 40ms
36ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_ne-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15816f03254f95dc17f2afabb875ae13f532b12d2d34a2c9c6e486db1f648193

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 372640
cf-polished: origFmt=png, origSize=191
content-disposition: inline; filename="shadow_box_ne-7d622e.webp"
content-length: 68
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf035c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_e-7d622e.png
csscdn.simons.ca/simons/css/images/ 42 B
174 B 42ms
39ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_e-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7bc011db3460631fe472190547a97f0ca2aa502cb5eae3d1e0ed4ab038fddfa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13469
cf-polished: origFmt=png, origSize=169
content-disposition: inline; filename="shadow_box_e-7d622e.webp"
content-length: 42
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf135c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_se-7d622e.png
csscdn.simons.ca/simons/css/images/ 54 B
188 B 43ms
40ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_se-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e42e012a2994f478399515cc019f1e20e95062f3d5bef9d02b68b0b993f05500

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=192
content-disposition: inline; filename="shadow_box_se-7d622e.webp"
content-length: 54
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf335c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_s-7d622e.png
csscdn.simons.ca/simons/css/images/ 44 B
204 B 43ms
41ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_s-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22c0f5298286f5ccb74834d72cba34c2c35b0e3df8dee75d5fb8b9300acaca70

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=170
content-disposition: inline; filename="shadow_box_s-7d622e.webp"
content-length: 44
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf435c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_sw-7d622e.png
csscdn.simons.ca/simons/css/images/ 70 B
203 B 42ms
40ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_sw-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27d7bd29071b5243b3b291ce3214138da6967f9afd30169d223433d2472759e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 372640
cf-polished: origFmt=png, origSize=181
content-disposition: inline; filename="shadow_box_sw-7d622e.webp"
content-length: 70
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf535c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_w-7d622e.png
csscdn.simons.ca/simons/css/images/ 46 B
184 B 45ms
43ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_w-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d60a686cd7370edab09d15beae24b7fa637b0f4cb76ecda4bf774242afd6fb54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13469
cf-polished: origFmt=png, origSize=161
content-disposition: inline; filename="shadow_box_w-7d622e.webp"
content-length: 46
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-a1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf735c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 shadow_box_nw-7d622e.png
csscdn.simons.ca/simons/css/images/ 52 B
230 B 43ms
41ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/shadow_box_nw-7d622e.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f7ee43137c12f6145726fc8440dd4aefc7d3f0e09819d92d6e622ac219a6f3a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13468
cf-polished: origFmt=png, origSize=169
content-disposition: inline; filename="shadow_box_nw-7d622e.webp"
content-length: 52
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
server: cloudflare
etag: "6177336a-a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec7738fbf835c5-MAN
cf-bgj: imgq:100,h2pri

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 22 KB
22 KB 19ms
17ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 15:26:11 GMT
x-content-type-options: nosniff
age: 31135
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 15 Nov 2022 15:26:11 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 24ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bfcbbacb1a0bf0884943112664226de94917f611c2fc63583b304efaf2c380ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 2084geprfB/yFMYWvTX7Hg==
cross-origin-resource-policy: cross-origin
expires: Tue, 16 Nov 2021 00:15:08 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1684
x-fb-rlafr: 0
x-fb-debug: MqxGWaoMWxoV5JW5E+ytgnxMUtiTVeS+jB/DOodaQc8SCHwql/lp/APw1Stl9Gxaz+6mNrTvp8jC7JGC8ku8JA==
x-fb-trip-id: 917726464
x-fb-content-md5: 00dc6b83a734a3108ea6add0a6bae1f3
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 16 Nov 2021 00:05:06 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "3fd141d55eecd7da64d28748e101a572"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 simons_sprites-large.png
csscdn.simons.ca/simons/css/images/ 2 KB
2 KB 43ms
41ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/images/simons_sprites-large.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc7d8ebd867551f9ed4de2bf6342215664372aa7c664b63d79fc23e9d84b5bfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 13469
cf-polished: origFmt=png, origSize=4697
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="simons_sprites-large.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-1259"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec77391c1535c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 285 KB
82 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=01e7ec0e8686e280c0d75dea2ee02197

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5de18acd47bedbc8975d4fbec40b5ffb9fcf4d6b49295ae6ae7113c056049f43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.simons.ca/
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: TUmbv0HBaIXhjpEc74Shlw==
cross-origin-resource-policy: cross-origin
expires: Tue, 15 Nov 2022 23:27:58 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 82871
x-fb-rlafr: 0
x-fb-debug: e86OSeJDA29NsHSo3iJDL6oVAyRKOMnlPUxIQX1jVZYb5ajCu3YovIqaEW9gWJEUu8bAfKTIX6k/xN59dWwwiw==
x-fb-trip-id: 917726464
x-fb-content-md5: aed2364799995edd0b12f9af63d0cf34
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 16 Nov 2021 00:05:06 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "29257511babfe6e2fc6e2208c68d7f8d"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHRQWH9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 240
date: Tue, 16 Nov 2021 00:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Nov 2021 02:01:06 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 161 KB
60 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TVRY73VP6D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1653632-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4235d8b1ceabaa39bbc2f06499a057897b43e2247ec34112ad983a02bea80479

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60967
x-xss-protection: 0
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 174 KB
62 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5HW3HXB&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHRQWH9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8f92eb643bd16658b0f611e78892a224bef6df29545f127307fc8460cd3d714d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 63349
x-xss-protection: 0
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 collect.js Show response
cdn.noibu.com/ 84 KB
27 KB 136ms
74ms Script
application/javascript 143.204.98.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.noibu.com/collect.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHRQWH9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-41.fra50.r.cloudfront.net
Software: CloudFront /
Resource Hash: c8e98ebe64290167bcf36d402c831b76a41f136e906d6aa0b5e2565018b28f30

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
via: 1.1 80c1ad5f9352d00b95a9da73eb6b6be5.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA50-C1
x-cache: LambdaGeneratedResponse from cloudfront
content-type: application/javascript
cache-control: max-age=100
content-encoding: gzip
content-length: 26960
x-amz-cf-id: 03jymIPQyyf31rFEz2kHDIWPFbC2jZfvhHei0Iqi4jPU0mrqHZ77Fw==

GET
H2 200 setupchat.js Show response
api.heyday.ai/v130/4099689688/9037420771/en/ 1 KB
2 KB 138ms
105ms Script
application/javascript 143.204.98.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.heyday.ai/v130/4099689688/9037420771/en/setupchat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PHRQWH9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-64.fra50.r.cloudfront.net
Software: /
Resource Hash: 158f7cb1d1b28d171b55bfb230cbc6ab12f72ff69c719a7d87ac0fc527fe58db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
via: 1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amzn-requestid: 0d6aaaf5-de3b-4ed6-9574-47ba1a1a419f
x-cache: Miss from cloudfront
x-amz-apigw-id: I3tT4HXoIAMF-vw=
content-length: 1370
x-amzn-trace-id: Root=1-6192f5b2-7c69f333164dc021133e0d35
access-control-max-age: 0
access-control-allow-methods: GET,OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Api-Version
x-amz-cf-id: cEaf8s4aZvCf_iw0ZPmtkDFauhHzA0Z3EUfnN2dfzGgkybiUeULShw==

GET
H/1.1 200
OK pixel.gif
www.offlinx.com/tracking/ 42 B
446 B 415ms
104ms Image
image/gif 34.201.199.121
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.offlinx.com/tracking/pixel.gif?merchant_id=CV86DELK4D59SS84&href=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&referer=&random_num=714558571
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.201.199.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-201-199-121.compute-1.amazonaws.com
Software: nginx/1.10.1 / Express
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:06 GMT
Server: nginx/1.10.1
Connection: keep-alive
X-Powered-By: Express
Content-Length: 42
Content-Type: image/gif

GET
H2 200 footerLoyalty-bkg.jpg
imagescdn.simons.ca/imarcom/images/footer-2020/ 405 KB
405 KB 33ms
33ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/footer-2020/footerLoyalty-bkg.jpg?__=c6d78844ef436b8c1204f08749a98b49
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 522e8a56a8ec194ff1d2df40b93e1fd173e9077cc9e0e27f1d091474f81642d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=jpeg, origSize=960146
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="footerLoyalty-bkg.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"c6d78844ef436b8c1204f08749a98b49"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec77399b39edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 starRatingUnderDesk.svg
imagescdn.simons.ca/imarcom/images/ 2 KB
837 B 50ms
49ms Image
image/svg+xml 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/starRatingUnderDesk.svg?__=dfce03f98c05afdf2f6ed96a603f96fb
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8d1776d07b494f3d37cd1f7f89bd2ae009cce480b0412f9fc56e4b8b7b4c82f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 03 Nov 2021 19:42:46 GMT
server: cloudflare
age: 929994
etag: W/"dfce03f98c05afdf2f6ed96a603f96fb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7739ab3bedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 starRatingHoverDesk.svg
imagescdn.simons.ca/imarcom/images/ 2 KB
783 B 49ms
49ms Image
image/svg+xml 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/starRatingHoverDesk.svg?__=a07223611e3c32cafd8ba3f2bdaba629
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e60c1feb97b5013d8647e97f81542163d63bbb5b17efc797995e2f7f633f9e6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
server: cloudflare
age: 331492
etag: W/"a07223611e3c32cafd8ba3f2bdaba629"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7739ab40edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0735a748bf70ad519969fbf64f7c8ef3072a1bdda68b420aee14dc43e5e080cd

Request headers

Referer
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/latest/ 26 KB
9 KB 68ms
26ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenLite.min.js

Requested by

Host: jscdn.simons.ca
URL: https://jscdn.simons.ca/simons/js/simons_foot_en.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5885172
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8578
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aG32eD0Fg%2FjUE7H9cQrz2FxWdPC%2BXWtZHIaVaPCYVR8tBqMhakfpQtpYIt7jDFRCuPITWgNIca%2BgDBrlUKOHOHuPRtfQQ0S%2FhRmQ3%2BKuPlSmX6PuYBSUllhJY2n%2BxzwaA5g9EMuNk%2F6loGjul2qIudGo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6aec7739fa4bd608-MXP
expires: Sun, 06 Nov 2022 00:05:06 GMT

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/latest/plugins/ 38 KB
14 KB 69ms
28ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/plugins/CSSPlugin.min.js

Requested by

Host: jscdn.simons.ca
URL: https://jscdn.simons.ca/simons/js/simons_foot_en.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 885221
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvwU1xoxO1ZvtCgC15hZC%2BccN8VtsNUmFw7IOpng6a%2Fh44Eb5V6tuytUKLD%2BpMBE25sxA7WWrnlnGguke39Qmuip6vJmR%2Fywv1zeqVLRoMCxdgauihzmmVDUdP4XJGsOXmtHGlzCBP29oJanthKl70mJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6aec7739fa4cd608-MXP
expires: Sun, 06 Nov 2022 00:05:06 GMT

GET
H2 200 load_sprites.png
imagescdn.simons.ca/simons/images// 6 KB
6 KB 34ms
34ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/simons/images//load_sprites.png
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 902b3771908fd421c88beed40ab32c64d88cb22dc8b2e5c44147c041bfdf1ff3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331198
cf-polished: origFmt=png, origSize=10852
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="load_sprites.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-2a64"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec7739cb56edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 87 KB
34 KB 18ms
15ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-MFZ2WKT&t=gtm4&cid=1187875162.1637021106

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

acf3026aacce0aa7cdd2001b1bdebab83fab339ff8773e000234328caf1d1c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34959
x-xss-protection: 0
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 geoip Show response
www.simons.ca/ 239 B
548 B 387ms
387ms XHR
text/html 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simons.ca/geoip

Requested by

Host: jscdn.simons.ca
URL: https://jscdn.simons.ca/simons/js/simons_head.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

082a7cbd27891ecef23d1e47bfc5331e8b18f962132f7de690c2d66f0ca0cc29

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' *.simons.ca
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Accept: */*
Referer: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: json

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
x-nfe: 1
content-security-policy: frame-ancestors 'self' *.simons.ca
strict-transport-security: max-age=16070400; includeSubDomains
cf-ray: 6aec773a8dbb000a-MAN
x-xss-protection: 1

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 9ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/js/unified/2021-11-10_15-18-05.js?__=e692663af9018930bbb07f047cc02943

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: Cvc6uZnTdXhJea6AwPCwl0DLT9yI8wYV+XSmEqZ2sCpBo3aI++lDmw4QdE17wYGkNvbUMYzzRXm6g7Ci1B+VZw==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 search-insights@1.6.3 Show response
cdn.jsdelivr.net/npm/ 10 KB
4 KB 73ms
25ms Script
application/javascript 2606:4700::6810:5914
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/search-insights@1.6.3

Requested by

Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/js/unified/2021-11-10_15-18-05.js?__=e692663af9018930bbb07f047cc02943

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5914 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2bdde53691eb4a8c2f9fe7d78063a7a3c12b203e3358e426b5cadebb9f3d933

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1826282
x-jsd-version: 1.6.3
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19160-FRA, cache-mxp6940-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"29f5-epVuMwoQc7mmtrXEmCW42U/Ue7s"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6aec773b1fea5995-MXP

GET
H2 200 A2053830-185c-4063-8f9e-f7c56b6b8add1.js Show response
d.impactradius-event.com/ 42 KB
13 KB 33ms
8ms Script
text/javascript 35.186.249.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.impactradius-event.com/A2053830-185c-4063-8f9e-f7c56b6b8add1.js
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 72.249.186.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 52aea83ce1d5208f12b164d1b00e8953cbdbc1ed981d0fe1e1a35532b4bd2446

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:03:04 GMT
content-encoding: gzip
age: 122
x-guploader-uploadid: ADPycdu8D0mcAJr2I90mnSMsC9Y9yekbMjGaS6lq71Zzk_zJZIjJObO9TRpF7dD2OsnCyfGhTBJfO5YGooBQCN8Tjts
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 13158
last-modified: Tue, 02 Nov 2021 01:31:17 GMT
server: UploadServer
etag: "0c2a6ed839a6f44fed6324273d9c8234"
vary: Accept-Encoding
x-goog-hash: crc32c=QUfS9Q==, md5=DCpu2Dmm9E/tYyQnPZyCNA==
x-goog-generation: 1635816677278912
cache-control: public,max-age=900,s-maxage=300
x-goog-stored-content-length: 13158
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
expires: Tue, 16 Nov 2021 00:08:04 GMT

GET
H2

200

activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195 Show response
4863916.fls.doubleclick.net/ Frame A29F
Redirect Chain

https://4863916.fls.doubleclick.net/activityi;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195?
https://4863916.fls.doubleclick.net/activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195?

438 B
525 B

32ms
31ms

Document
text/html

142.250.74.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4863916.fls.doubleclick.net/activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195?

Requested by

Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/js/remarketing.js?__=cb5589655ed8809308fee36773428269

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f6.1e100.net

Software

cafe /

Resource Hash

e7404b33ccac2f74ecce9f42b22845d416bf4fc979a663803e53f55041cd9977

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 00:05:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 348
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 00:05:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://4863916.fls.doubleclick.net/activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 input_text_left.png
csscdn.simons.ca/simons/css/jqtransform/input/ 726 B
853 B 40ms
40ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/input/input_text_left.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22bd907094eb43d8b21f47551c1feeed501253ea7d38c6f527032384be7179d0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=3799
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="input_text_left.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-ed7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773aee2735c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 input_text_right.png
csscdn.simons.ca/simons/css/jqtransform/input/ 514 B
646 B 38ms
38ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/input/input_text_right.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e79af3c88b8bcd82887bf31e88567f29e0663a4383ca843cfc18101de6b94b18

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=2242
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="input_text_right.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-8c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773aee2835c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 checkbox.png
csscdn.simons.ca/simons/css/jqtransform/ 726 B
855 B 43ms
43ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/checkbox.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 836bd44a199290bda488ccda4ddd619245f89b5f5554dd693b3a39b71342cb48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 372639
cf-polished: origFmt=png, origSize=1835
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="checkbox.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-72b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773aee2b35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 23 KB
23 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Sun, 14 Nov 2021 11:51:28 GMT
x-content-type-options: nosniff
age: 130418
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23248
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:53 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Mon, 14 Nov 2022 11:51:28 GMT

GET
H2 200 simons_buttons.png
imagescdn.simons.ca/imarcom/css/images/ 12 KB
12 KB 47ms
46ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/css/images/simons_buttons.png?__=785b487aa0c64aabd2255f9960900621
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: de56a4d4bbf6b9ad0cb4d63f0631cf8b52bfc1c33cbc8296afa06f632edb87d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331198
cf-polished: origFmt=png, origSize=23076
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="simons_buttons.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"785b487aa0c64aabd2255f9960900621"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b1c8fedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 select_left.png
csscdn.simons.ca/simons/css/jqtransform/ 1 KB
2 KB 53ms
49ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/select_left.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90412500100b0ffa54a48e35b9c661a2ec0bf4c01e9109850a2b421a56018dcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=4894
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="select_left.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-131e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7435c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 select_right.png
csscdn.simons.ca/simons/css/jqtransform/ 1004 B
1 KB 51ms
47ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/select_right.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c782ea0837513d6d345aef777bce3b6b225c02deaa8087ae70122e1efa2cede

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=3220
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="select_right.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-c94"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7835c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_tl.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 190 B
313 B 48ms
44ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_tl.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59d6744a732c55e5e9a1b99ee321cbdc94742db9e24791b8d096328e9e153004

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=3005
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_tl.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-bbd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7a35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_tm.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 160 B
302 B 52ms
48ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_tm.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97868c6b5e85b8f19fcdacaf8d4f48b48b3ac0c069f47ebb3bfb6a8db9ffe0bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=2864
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_tm.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-b30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7b35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_tr.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 218 B
341 B 52ms
47ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_tr.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37baac4e6f1562d3438771ebd600da2afc1c03e9ab1e96becdc24e4d10949228

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=3018
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_tr.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-bca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7d35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_ml.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 124 B
361 B 51ms
46ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_ml.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0ef9a55a9db8fc1b33759d8710ae51989a674b578bbd75db33bf24fb0af60e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=2862
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_ml.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-b2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7e35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_mr.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 122 B
210 B 55ms
51ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_mr.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fae98db842729b9e3caed983cd96fc1afb340582ecd328bc598ac6eb171b35d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=2862
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_mr.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-b2e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e7f35c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_bl.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 196 B
319 B 49ms
46ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_bl.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17fcb9109cd533d04623642347c1e10b597db902e8b6768106bd77ce9baba259

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=3007
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_bl.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-bbf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e8035c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_bm.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 156 B
303 B 49ms
46ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_bm.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 988583e54bdd8fd00155e48a5bcf07eb4f466fdf52cb89fef5e3ad0ff93f5c5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=2859
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_bm.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-b2b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e8635c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 textarea_br.png
csscdn.simons.ca/simons/css/jqtransform/textarea/ 196 B
319 B 70ms
66ms Image
image/webp 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csscdn.simons.ca/simons/css/jqtransform/textarea/textarea_br.png
Requested by: Host: csscdn.simons.ca
URL: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03b64554ae128fa00818246aa0042b3209e493574fb0c67f48bcbcceef7456e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://csscdn.simons.ca/simons/css/simons_head.css?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 25410
cf-polished: origFmt=png, origSize=2992
last-modified: Mon, 25 Oct 2021 22:44:58 GMT
content-disposition: inline; filename="textarea_br.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"6177336a-bb0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773b3e8735c5-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 0e356c7d-260c-6974-b17a-8316a9cd1318_infosite.txt Show response
cl.avis-verifies.com/us/cache/0/e/3/0e356c7d-260c-6974-b17a-8316a9cd1318/AWS/ 10 B
453 B 70ms
10ms XHR
text/plain 143.204.98.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cl.avis-verifies.com/us/cache/0/e/3/0e356c7d-260c-6974-b17a-8316a9cd1318/AWS/0e356c7d-260c-6974-b17a-8316a9cd1318_infosite.txt
Requested by: Host: jscdn.simons.ca
URL: https://jscdn.simons.ca/simons/js/simons_head.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-124.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f07eb73186bcd03293c8ba3ec7ff0de6e15744601fc12ce25644b2fcb7ce5166

Request headers

Accept: */*
Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 10:46:19 GMT
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
age: 47928
x-cache: Hit from cloudfront
content-length: 10
last-modified: Mon, 15 Nov 2021 10:46:19 GMT
server: AmazonS3
etag: "fb9e48b96e16427df7076bf53f3eed92"
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: text/plain
access-control-allow-origin: *
cache-control: max-age=81600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: gL-fAM7bYiuXVe8eCBIgPvxUZg6HcQT-QzJ7pRjkyoU1MBFyWO5FPw==

GET
H2 200 login_button.php Show response
www.facebook.com/v7.0/plugins/ Frame B750 34 KB
13 KB 86ms
60ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=01e7ec0e8686e280c0d75dea2ee02197

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

63d2d234c7e3f87d4188585ad72f519a05f831cfd09317dfefb28b2f7e6984db

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v7.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: ZXd8D/eGYwK5gPFrP9x3NVsYK2lDItzc7FCE09wtF2UE1RVTy30YLYPS4eCEQImNMFzXpbVc1QmvqqC8uRsf1A==
date: Tue, 16 Nov 2021 00:05:06 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H2 200 login_button.php Show response
www.facebook.com/v7.0/plugins/ Frame 7446 34 KB
15 KB 74ms
54ms Document
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=01e7ec0e8686e280c0d75dea2ee02197

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4a4534e9976bbda90e300b9c2098b19a5bb91357fc34333a8c73e87130488451

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v7.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: +qGBFDcZ5x5mC3FfsWXsUBKtwGowjpZy/BplT8r2rN0KK7h5MOREXXJr4kVoPx/TMGNV7XyjINGn782VF7roHg==
date: Tue, 16 Nov 2021 00:05:06 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/ 348 KB
137 KB 40ms
10ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yZguKF1TiDm6F3yJWVhmOKQ9/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fc0076a36c38f39206bb258eeb8bc8e383b96a6ccd26024b0b088d9e0b192af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.simons.ca/
Origin: https://www.simons.ca
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 23:59:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139079
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 21:26:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="recaptcha"
expires: Tue, 15 Nov 2022 23:59:36 GMT

GET
H2 200 close.png
imagescdn.simons.ca/imarcom/images/top_nav/ 1 KB
1 KB 39ms
39ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/close.png?__=e54f1c4924302d425314c2cf3af286d8
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b33028abba4568f3c20c0e3686788aacd911c5a6716c668a0a36626bae85990

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=4892
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="close.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"e54f1c4924302d425314c2cf3af286d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773bbd95edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 menu-gradient.png
imagescdn.simons.ca/imarcom/images/top_nav/ 100 B
239 B 39ms
39ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/menu-gradient.png?__=0e969309d71a7b7439d02285d4d21815
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9edab6942575e163b906096714fd3c4c8605230e958aaeaeadd41d39e67fd8fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=1000
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="menu-gradient.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"0e969309d71a7b7439d02285d4d21815"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773bbd9aedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 red-flag-sprite.png
imagescdn.simons.ca/imarcom/images/top_nav/ 1 KB
1 KB 28ms
28ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/imarcom/images/top_nav/red-flag-sprite.png?__=2ffdd5d04497c9ab3f9bbae47fed39bc
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcee27fcae742ea07b1d556a82beedb5a6f75f097bd4fe8f1d3a4ec705e17a2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imagescdn.simons.ca/imarcom/css/unified/2021-11-08_12-43-53.css?__=442f0af1cac61c3656e7f04e8a12abdf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331492
cf-polished: origFmt=png, origSize=2904
last-modified: Mon, 08 Nov 2021 17:45:19 GMT
content-disposition: inline; filename="red-flag-sprite.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"2ffdd5d04497c9ab3f9bbae47fed39bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773bbd9bedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/bd3051cdfc0a88d147ccd6e840dcb2b3/ 16 KB
17 KB 36ms
33ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/bd3051cdfc0a88d147ccd6e840dcb2b3/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21a76906a4fc5e1f8f351a08e1b79df3e8d6da8874367066de214427ae110280

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 29 Oct 2021 22:02:41 GMT
server: cloudflare
age: 1475996
etag: W/"42b81822f9cd076e096b78a2ccc8db8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=17259, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddbfedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/1a3afa8469e740a7e897c1db6f6be209/ 23 KB
24 KB 35ms
32ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/1a3afa8469e740a7e897c1db6f6be209/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b0499bfbe34ef331895c6790b012c935c4ee3d50afcb1471422b935e3011c83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 29 Oct 2021 22:02:41 GMT
server: cloudflare
age: 1475996
etag: W/"71690e822c50d9044c4568d6bc5c0d62"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=24310, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddc1edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/c497948d05a8c3db0bfc9a320874122e/ 67 KB
67 KB 34ms
30ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/c497948d05a8c3db0bfc9a320874122e/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 292fe77f4dc059d737f4cf67f00bf1281d44734b4865454e54f3372879f5d598

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 29 Oct 2021 22:02:41 GMT
server: cloudflare
age: 1475996
etag: W/"63e3c1fa757193db495ee2aacad906f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=68788, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddc3edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/b5e5f263a7be65b4938587928bd657d3/ 9 KB
9 KB 33ms
30ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/b5e5f263a7be65b4938587928bd657d3/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 688cea414f43ba2fb5392a16282d94e3a9bd10ba67618c9aeb712212a9271512

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Tue, 19 Oct 2021 15:32:01 GMT
server: cloudflare
age: 929994
etag: W/"46763ab1faf33766147d50c84b52fe03"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=9395, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddc6edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/7081bbace277b6c9360921d17d875636/ 7 KB
7 KB 42ms
38ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/7081bbace277b6c9360921d17d875636/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7da3cafa5c1fb0c54382ede4deab223108f61030503ed10df23e8d13320a3b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Tue, 19 Oct 2021 15:32:01 GMT
server: cloudflare
age: 2361585
etag: W/"5a07aa2cec722a3a985f2c18cbaf7be9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=7557, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddc9edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/48b6a2c4047e5adc5b6568bd83b4388e/ 6 KB
6 KB 47ms
44ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/48b6a2c4047e5adc5b6568bd83b4388e/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fd89bf69e0940f929e2a8cce45a8a71c087768f41e6067f6857bb47c89181a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Tue, 19 Oct 2021 15:32:01 GMT
server: cloudflare
age: 331492
etag: W/"3008c269cc8021fa28947567c7899b40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=6542, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddcaedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.png
imagescdn.simons.ca/vb/58d7e5adcaa041dda3162eaf7a003030/ 558 B
729 B 46ms
43ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/58d7e5adcaa041dda3162eaf7a003030/simons.png
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b54159c8d09e802b26429bb0ac65692a99bf1298744a1708e6160dff0696d70d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=823
content-disposition: inline; filename="simons.webp"
content-length: 558
last-modified: Fri, 20 Aug 2021 03:00:21 GMT
server: cloudflare
etag: "39f7c51a68f68c47cd442d00e00b0ebc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 24 Nov 2021 00:05:06 GMT
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 6aec773bddcdedf7-CDG
cf-bgj: imgq:100,h2pri

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/9375dd0f548fbb571729920466bdd986/ 67 KB
67 KB 37ms
35ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/9375dd0f548fbb571729920466bdd986/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57ccc7ab71e3ae0f0246e1ddacd3d67d9bfc72dbce9dc24c3c2a31d75fe05c0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Mon, 18 Oct 2021 20:31:02 GMT
server: cloudflare
age: 12525
etag: W/"1da07c95aa5ad302b1ce9c61040a27bb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=68857, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd0edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/9434a34f7df3f999b68487e3af045cd2/ 29 KB
29 KB 31ms
28ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/9434a34f7df3f999b68487e3af045cd2/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152a3f28d6cad1c4bc297d2a7e0aa9791a57c8499def1633196eb103a2156f12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Oct 2021 13:04:23 GMT
server: cloudflare
age: 929990
etag: W/"505d5a8b7dafbcfe71b2eb268ca3c5d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=29550, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd1edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/5a6fbf71ad38c751308ff3c4b5eb8ca6/ 37 KB
38 KB 44ms
41ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/5a6fbf71ad38c751308ff3c4b5eb8ca6/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2dc7efb9c409a468b7dd2bae2afbb5e4618c6773994a3b3d8563be59e8999ea9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Tue, 09 Nov 2021 16:24:42 GMT
server: cloudflare
age: 543596
etag: W/"5e24261a81f6fabf48577ce723fe8034"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=38857, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd2edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/1ff3ca9fd5f3196276cfcbd4d435f0d7/ 38 KB
38 KB 40ms
38ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/1ff3ca9fd5f3196276cfcbd4d435f0d7/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37c5b8c47dc595c5b4f8a7b621bc036a1ac97c7450b32d3a2717b295c36015a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Mon, 08 Nov 2021 20:44:32 GMT
server: cloudflare
age: 616764
etag: W/"27098edf55924f93284032a4267ddbfd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=38912, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd3edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/fc3ea655508edab0a98a7c2642d96962/ 66 KB
66 KB 39ms
36ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/fc3ea655508edab0a98a7c2642d96962/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f44dadc71283451a7636ed07beef6cb01b68ee282e2a2c338a30c549f151a3a1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Nov 2021 19:35:21 GMT
server: cloudflare
age: 875397
etag: W/"5c74c4392c104224ff31b26b978c5d3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=67886, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd4edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/d55197f852f3286c5a42edc23ac1e753/ 37 KB
37 KB 49ms
47ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/d55197f852f3286c5a42edc23ac1e753/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0609b1864560f671e1e38325bbc80497f83411d47d39d5f6cbad76255a28346e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 05 Nov 2021 19:35:21 GMT
server: cloudflare
age: 875397
etag: W/"c65014d74060f1262cc14542a8d7be28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=38458, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd6edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/a67719ad0251f77a4c002cd1e90336e8/ 75 KB
75 KB 40ms
38ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/a67719ad0251f77a4c002cd1e90336e8/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f13003db3e164a3c0569774fdfcd1a86f3f347571ec8c172db37b3d5369b3383

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Mon, 01 Nov 2021 00:24:25 GMT
server: cloudflare
age: 1268993
etag: W/"e1fe90dd5920abc44088863c7aba126a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=76627, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd7edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/e6a5acf6c677f23c8bac61d8e5213578/ 27 KB
27 KB 35ms
33ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/e6a5acf6c677f23c8bac61d8e5213578/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4cc2ceca59e1f16069530e71e2733d0097d204ae3a7c16069e6fc5653d2b23f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 20 Aug 2021 03:45:19 GMT
server: cloudflare
age: 2391595
etag: W/"fcd7f14a137c6f136fa95628aa7006de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=27873, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddd8edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.png
imagescdn.simons.ca/vb/99ab38ac8a6c08fefd551db2a9cd1c54/ 1 KB
1 KB 47ms
45ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/99ab38ac8a6c08fefd551db2a9cd1c54/simons.png
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 263c42afdfe9a142cc45729a5664deb7d114eb01f4db0c02f1b53211a72081ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331199
cf-polished: origFmt=png, origSize=1742
last-modified: Fri, 20 Aug 2021 03:23:50 GMT
content-disposition: inline; filename="simons.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"065a7c0f533bea6d25b36261aee30f0d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773bddd9edf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.png
imagescdn.simons.ca/vb/fccb5216ea121b195729f3056074eac7/ 1 KB
1 KB 42ms
41ms Image
image/webp 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/fccb5216ea121b195729f3056074eac7/simons.png
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea6595812ff39fb9a919c200cfe30a278158ab726449fc1c1087ad7a5f2edc5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
age: 331492
cf-polished: origFmt=png, origSize=1742
last-modified: Fri, 20 Aug 2021 03:51:21 GMT
content-disposition: inline; filename="simons.webp"
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: W/"4b33818f3cc5f235d12620a545f35010"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773bdddaedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/292409055b2e82e404eee96de0a06c86/ 19 KB
19 KB 35ms
33ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/292409055b2e82e404eee96de0a06c86/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a15dc7997a9fba2446f8cebaf91570fe90113ab7db087b833dcb1e173856ee11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 13:34:20 GMT
server: cloudflare
age: 381289
etag: W/"11eaf47bb08c419330a9eb25e9011667"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=20009, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bdddbedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/12571c9cfd85c00245003c08f18fe00f/ 22 KB
22 KB 43ms
41ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/12571c9cfd85c00245003c08f18fe00f/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 46596fc12aa9c947c9921a170621be06192da69e40e1c267da24e4929b9c978f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Thu, 14 Oct 2021 13:34:20 GMT
server: cloudflare
age: 381289
etag: W/"e4a599ddbd84312ff484f122b1813ca1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=22953, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bddddedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 simons.jpeg
imagescdn.simons.ca/vb/d5fc683a68987cb5c77cb3f167355a8e/ 41 KB
42 KB 45ms
43ms Image
image/jpeg 104.17.218.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagescdn.simons.ca/vb/d5fc683a68987cb5c77cb3f167355a8e/simons.jpeg
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.218.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f22790f01a43937ef72a017659dd3da842ba981d36663dba72b84dc4520343a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
cf-cache-status: HIT
last-modified: Fri, 01 Oct 2021 18:47:25 GMT
server: cloudflare
age: 331492
etag: W/"cc051ad1e786cc6994da1b61f017d362"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-polished: origSize=42494, status=webp_bigger
cf-bgj: imgq:100,h2pri
cf-ray: 6aec773bdddfedf7-CDG
expires: Wed, 24 Nov 2021 00:05:06 GMT

GET
H2 200 search.svg
imarcomcdn.simons.ca/imarcom/preview/v11/images/ 847 B
612 B 40ms
38ms Image
image/svg+xml 104.17.217.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imarcomcdn.simons.ca/imarcom/preview/v11/images/search.svg?__=dd45544cde5903089aeb11eb3f5eb07e
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.17.217.25 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8717805bc8b332cc1b74b0ea769a598e25fd00add2c87c1bb4e6b4eed50d964

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 20 Aug 2021 02:36:25 GMT
server: cloudflare
age: 202085
etag: W/"dd45544cde5903089aeb11eb3f5eb07e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=691200
cf-ray: 6aec773beec835e3-MAN
expires: Wed, 24 Nov 2021 00:05:06 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
143 B 14ms
14ms Ping
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-TVRY73VP6D&gtm=2oeba1&_p=1149269781&sr=1600x1200&ul=en-us&cid=1187875162.1637021106&_s=1&dl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&dt=Simons&sid=1637021106&sct=1&seg=0&en=page_view&_fv=1&_ss=2&ep.siteLanguage=en&ep.siteVersion=ws&ep.isLogged=no&ep.pageId=&ep.pageType=profile&ep.country=ca&ep.sectionLevel1=profile&ep.sectionLevel2=login&ep.freeShippingCampaign=no
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TVRY73VP6D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.simons.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 15 KB
6 KB 66ms
17ms Script
application/x-javascript 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?t=xo&id=simons.ca

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

eb0bdd2e0220c17ad2debf393ca187e2c55feb48948a1cc8988eb05188012c5a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-cbgQrji0QKneYZa2SH8Xde2C7ipmcK0rK9pyZ6xxZGVvgPVt' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-cbgQrji0QKneYZa2SH8Xde2C7ipmcK0rK9pyZ6xxZGVvgPVt' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; block-all-mixed-content;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
age: 58178
x-cache: MISS, HIT
paypal-debug-id: f577318a887aa
server-timing: content-encoding;desc=gzip
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 5116
x-xss-protection: 1; mode=block
x-served-by: cache-lhr7355-LHR, cache-cdg20744-CDG
x-timer: S1637021107.596390,VS0,VE1
x-frame-options: SAMEORIGIN
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/x-javascript; charset=utf-8
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=3600
etag: W/"3ca3-t3PPtNDb4KR2N4ojuciJmnzj04Q"
accept-ranges: bytes
x-cache-hits: 0, 2

GET
H2 200 bat.js Show response
bat.bing.com/ 35 KB
10 KB 63ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HW3HXB&l=dataLayer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: d068af5c09c1417e301e13b2c90fa877e0a24e0baae8160b6b77f1650486eb13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:05 GMT
content-encoding: gzip
last-modified: Wed, 03 Nov 2021 17:40:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3627565BF9B14AC5B73480E9CCECE72C Ref B: FRAEDGE1215 Ref C: 2021-11-16T00:05:06Z
etag: "08933ecd9d0d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 10202

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 37 KB
15 KB 46ms
16ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5HW3HXB&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14378
x-xss-protection: 0
server: cafe
etag: 684346926396516684
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 heyday-track.js Show response
webchat.heyday.ai/scripts/ 4 KB
2 KB 59ms
22ms Script
application/javascript 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/scripts/heyday-track.js
Requested by: Host: api.heyday.ai
URL: https://api.heyday.ai/v130/4099689688/9037420771/en/setupchat.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c77a44c4da8a5d78e2f0533d8cb87dc25b287764d25e3e90617ae56e24150b0e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:00:52 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 254
etag: W/"d4cd83f9f859d50237ca3d02f5d956e0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: 9KG984KSMH5K6ED7
x-amz-cf-id: wlSbFK_JjRlDYjrZIBTxPFGDPvtFUtwyA0AcIXLG5uF7NEzb5ZiYsg==
x-amz-id-2: zE50/qsGMW+ESDorJk64+xZHKtj/mM6QsIIVxqIcHyMD8xMbKFxkb6dTf1mII/rhwnl1vYXwT38=

GET
H2 200 setup.js Show response
webchat.heyday.ai/scripts/ 6 KB
3 KB 61ms
24ms Script
application/javascript 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/scripts/setup.js
Requested by: Host: api.heyday.ai
URL: https://api.heyday.ai/v130/4099689688/9037420771/en/setupchat.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2b6d67b268c301734a4344e826607354d5fd8e8ae17bf1de2440affb28131c03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:01:43 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 204
etag: W/"4a18ce526cca20112e3b68ff7b1143dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: VKPQ7JSZF830Y1DP
x-amz-cf-id: -i53Rd7dyWMOyq1VcXxfxXvFyD9YyvCXPPa63DH3sKMIt4060C-OlQ==
x-amz-id-2: DIZYTiF3AtKvoJBt0pJziQlBA8VCJtGk8Q7OEGGnTBeJJAiH4Rkddhqgu5rDBWdtHdjCTKO47l0=

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
443 B 56ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: t+b6e3msCKJV6UwxbsnpljtEXP/GJOZWW1KsOBJ2FiSNwzTCCn4a1JFis/PaarxeUpxGZKDRavIhHVYF+2rsJg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 69ms
68ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: SURBdJ+s7Wy8QhQ5SMfgWym5y87zFv4VFWgPMeWDIa4tASW35pLsjoYExloivLLXW7eKLMyo8Kn4z4TuwzI4VQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
126 B 55ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: D8HWBaiCLVWHyOQh1P73YKu0Wzah/z2jwetsHtho23BazvyOvNXpP4N1vZmmlvVtbUGW4EXkkfqfabk5wpk5hQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 57ms
57ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Fe73fv9zxX8y0zN7jNIPFT1qdR/yNeI3k9FrigrkSL38zSeirBSIWGuWA/Nqcs+5G9hzXwtaz2CQmbRUQyY02Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
1 KB 139ms
139ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: BnNeDfwwEWqlvFDvoGqmagMWpDlo0eRhpp8Kqm4YPRb3WNdsrSXu6GWhSY2FxvVbh7d43P00h56ra7JOieDO/A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
125 B 63ms
63ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 7C3rshEvpu1Acv6qHyCQhDIh2anpKFrXJVRozl1t1kCaZtb7h+8DWBA9mCHHqefv56xAcpQeNDHzWTlwaglcDA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 54ms
54ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: JbRIG1k08h/1UvbZ56XserIKx8ECTdBf03UNdOztfXURhru9QmZxjIheUUw2ouqtDeq9v1FSGl1CKWVsOBgjEw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
128 B 57ms
57ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: gqvBktHPi/3KXWu3EgxA/zASH6kSrMkWv1FelALnOXFoxPNUP3KxyeU6vgOA+rt6WD4PcE99yHrziZ2ekBauSQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 59ms
59ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: tYfHPgOD7KUAnJq2XALdPdkjHeewOVPt77mVEHh7TI0Hej7u0+7fGMN7SYMoz1CofcKM+xYZSSaAcUJ/u5Iaww==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 62ms
61ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: fEpPKY/TzhGmrVB1xvsB+NsTVOyYdbunTUl4+l6of8AlkRsEQqn/o9nCZ82HGa4ET1FkFHvszHO5pgCqSgXn0w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
125 B 80ms
80ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: mFzaqtmmenNfG35a5t0R8OVCzwlIL8F5EBEsflxAZLmVYIcW9cse3VoYKrsPB8hU2O90tgQbHv/fIo5VoHgDzg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
128 B 61ms
61ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: FGQ6zG6kI/LEJuNXqFKim2EZ3hJnXyXWLZoZpge7mS3Y97G4WnKi38BkESN7cgJyw87GHblj5jRL2CvH9G+iKQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
128 B 59ms
59ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: WKWHAuuenx55j9YP9wFqckF/cUSj91372gXifr+hqUceGThJrXYPSuJbGF15gCtqsC38WRgUzf9sTG3rBluM+w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 68ms
67ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: FdrHaDZOFM2NNVg6suEsT9N1f3qdtuxlzU62ZYuYIIettqOqJmfB8441SX7B6PHGOXIsRxrkuL95uiFJsmVnDQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 57ms
56ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: t0CxWCdZabTyZBrl8wjDHnNiEGsUwYKkFEmo0RFuJ/0jJ+1OcOm9v6TRk5ehHodoJb04t2HlUPCUPp4GefjpbA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 67ms
67ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: R2gpv4H1nr2W37SMQUVoypGDyFSSQRSHFNdkwIJsOYknRZcryNziP5Ymcf2mwMvuman0jQ+EOstGNNYndy8h+Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
125 B 65ms
65ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 1ob0ISgaEL7/TiijLsbYueeUOQp6uG1nKDV0iPYVtl0GVZ8PvUL0h4hVEgrsRTHbfJWkWKjbUoqXYJ9uJvw4eg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
126 B 53ms
52ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: HXY5fnUn3K3ft6ll4DKnCufkj8gH3uh7Zr9LVGToi1eN1B9Gw1wjphE/Uj4BQ5p11KHZA03BOFU8FGrWVh3pMg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
127 B 66ms
66ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 1OIejRyVzWKANYh8lbBRAb1rHxGPW2J1FlgrI4v4ejFuWbi0WFhzceCUWuqMo6T8HQhc+I7FwOJEdBHGyyks3g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
128 B 65ms
65ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: DHzGa/RZ9jpj4lEK3yEwFAeVGzArOpTkfxjZyHBceui80iX0ZRhWB9Anp1vdMmE5uHHolZVj5xkbUjwIyXTz3Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame 7446 0
129 B 63ms
63ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: D+SiTs+4oUwV0CgXh255VfIq2yDUiZvuhrs3PJbCvTwdneNZpnDMqSFHz0qybJwed1YYuDCMXISUVe7Qn6vKfQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 58ms
58ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: zQ5woyr0e/EbU9+2ikIUKHVhPW/+ktd9A6dNSvUV0fnww+f+5G0fAcykAR5y8H7LgdU/Ro8aZm6FhzFaqk5DpA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 56ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Bsno50/BRXtub/pC+aCCtg/MmP51kBH7JE50rMMXQCm0Kn/K/2iVFSlGHuTgHN0EyalkwodgImpWRIEJ8JpipQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
129 B 56ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: QN/I4IN7lvUyxnTMhkbJSZvxyrgLhBeZST2AkedeppZyYz25MPyvix+DVUG4H8MKIm92likSmTWeD3N3Z36OhQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
126 B 57ms
57ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: n3E7pvZ1DsQPseIAy8JJG+nbLJsTUWR4AX3plUdLn3kgtPXRP/obdQd4xcCvhX2Ea0borw0c4lmPCdg1/bHsPg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
126 B 60ms
60ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: /xTSHzLJhQ/ksyC3bom6QD5Gq6ZanuvwhOe2/q0LwNOjFuU2TIg2lQWjMvMT1IRry4hebqWeH8//a0GDuqozAQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 57ms
57ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: u0gV3vvz4WjEXcYP4RGxsE9MFgYVELN2vTrxoHj82zgr1RXHLeerk3c7D+SHR9FcM0Ki8FaZAlDxjjlZx+W0nw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
128 B 56ms
56ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: rdR4XhdV3Z7xpC+aJkrej8YS8hqdaDm6kSSq81eCGvxj//2ByRNuIgV4HRQkv213UoIYXPHsQDoFBSz5uu+qgw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 55ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: dl0PxDMcQ8kZ2Sm4kZrTdVMJBmRmgn3ftCW5n5P33RZ7Pjre7+shpAb19WqNDYtVuNqcHMafbVZktOD4eAfVTA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
128 B 56ms
56ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: TkbzIRsIpVKMGj3df3ayWj/kCDepIxUaHekzqhGqYe/aGKD2HNQgLOEtNZrdiL+AxZljnMKkj76ayclD2q/YZA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
126 B 56ms
56ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: xx7QLdXIj70yDDUehzbii1WpX98AafCJ/hq83Xtk9AEbhU3zHUg6iVNlMbkK4VOfaYfdVBJpP/C9+kitP54B1A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
129 B 58ms
58ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: 4laVAAGNpHS4d9JzQNHOiUW3fhTZ3B3MYymckQTur+NnYJ1+Yqv4B69X9GLam7Tm3bZJV3XSM/nCQMv+SmoVqQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
126 B 57ms
57ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Crx8aXG5TcyyaOd3evUJNuOeZXp/OYPVCKmV34p1ECnVQ0hPF3OKCnEail2IsTE8x3nH1uMqLtSlBEMBxpdtsg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 59ms
58ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: duk59FOxTpdVaZ+hoM9VYvDpIB088/flk01x3u51hfPNPQMjGu3s+lBmwBszRenOsHXe9lseQsIA44rLR3HSFw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 56ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ubWta8wG9dGYlWwdEKsAv2EEB0mF4r92wDGAqUDJwwaJxJ1u/8PBJULDXHLAnzZN5iKCFd3lWLCYlmig4zkiCg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
128 B 67ms
67ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: DSCBxiWuGLOq7Xk09fDbQbPCFnnXVp43Y+FZlRsbq3T/e2OfxMC2fBa0G+T+Os7ABXCftlkKKjOTCAP7o3V5bA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
125 B 59ms
59ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: Sydh7GTqrlcpE7n+9QenCCskclU/ee8AcpLONoxTRZjrkMgsa68j022VlUk/iMTIDM/v/dXRdsTSkCidhvBnTw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
129 B 59ms
59ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: F6W35jt8gZSfamRkg3H5KPJh7JdYRd9BhO4QTNQiICQ6TlCDQCxFsPkF9J2D4xXCXsDxLgptpA31+5M+j/PIpw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
126 B 56ms
55ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: b9xjAjc4NoW4cKs1mIkxqvAAeVu1iewbpzxMTsHoNKL5RydHlXGdKvDpTgJZD4dPp8k/V8EqHM2VGF2u1fedYw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 56ms
56ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: k54Us71ZKGyvBubvyoJF17esvnk/oNUJpSDKqgp9BEMN/ul4GWSFWB1YyAwazVxWWTSnCjA9bWV0Uoi2uP2qbQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
127 B 103ms
103ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: aXgyeO6LZosKQjQQ8W5xemRT5HMbmNsXkhCvM0VgEM3lZEWsNJ244Nq/qSAP0d0PdJzCw4K965kLHXcWTjt3Nw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 /
www.facebook.com/csp/reporting/ Frame B750 0
129 B 56ms
56ms Other
text/html 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/csp/reporting/?minimize=0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/csp-report

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-xss-protection: 0
pragma: no-cache
x-fb-debug: ZPvggpFMPl+lqBwxxsxZzIrvEbQl6keB78/XEVAb3LBObrEqhVRo2dNNdWOg5byE7lZUPUHLYglrL3He0pHhlg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
expires: Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: text/html; charset="utf-8"
access-control-allow-origin: https://www.facebook.com
vary: Origin
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-fb-rlafr: 0
priority: u=3,i
access-control-expose-headers: X-FB-Debug, X-Loader-Length

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 69ms
21ms XHR
text/plain 2a00:1450:400c:c1b::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1653632-1&cid=1187875162.1637021106&jid=733009490&gjid=1162687296&_gid=149758434.1637021106&_u=aGDAgEADQAAAAE~&z=2035314222

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 16 Nov 2021 00:05:06 GMT
content-type: text/plain
access-control-allow-origin: https://www.simons.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
153 B 18ms
10ms Image
image/gif 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1149269781&t=pageview&_s=1&dl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%252F%252Fproxy.simons.ca%252Fsimons%252Fprofile%252Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&ul=en-us&de=UTF-8&dt=Simons&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQ~&jid=733009490&gjid=1162687296&cid=1187875162.1637021106&tid=UA-1653632-1&_gid=149758434.1637021106&gtm=2wgba1PHRQWH9&cd1=en&cd7=ws&cd8=no&cd12=&cd13=profile&cd22=ca&cd23=profile&cd24=login&cd27=no&cd53=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&z=449100232

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Nov 2021 05:25:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 67198
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/ Frame 32AF 437 B
814 B 72ms
46ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/

Requested by

Host: 4863916.fls.doubleclick.net
URL: https://4863916.fls.doubleclick.net/activityi;dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5bee4307057b727e9b557e7e10f5950abff1d6d236ca07378191c71d0d1ff11d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4863916.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 00:05:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 qYG_pvNhLC1.png
www.facebook.com/rsrc.php/v3/y8/r/ Frame 7446 371 B
2 KB 16ms
4ms Image
image/png 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y8/r/qYG_pvNhLC1.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cd71b1cee568b9f1498e914dd2b0c82add19a5a41c07d085131cdc66df5f613

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fb-debug: Ux45L63nDB4L+KKNLeV1xFlHyZgPBZFWlehnUV4sg6mklMIijYQdtNm0emIRwmzmn3nmW/yc++gHNoWYXjUWqg==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: ApFuUU9EOpmqxGomIy3eug==
date: Thu, 11 Nov 2021 03:37:54 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 371
x-fb-rlafr: 0
expires: Fri, 11 Nov 2022 03:37:54 GMT

GET
H2 200 iqVGY7gYXlg.gif
www.facebook.com/rsrc.php/v3/yx/r/ Frame 7446 1 KB
1 KB 17ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/yx/r/iqVGY7gYXlg.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e29e8cb21e6e794d5730c029d3996dc8e79b0841d7bb32cdd10ae34d4fb64760

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fb-debug: QQlKuGFOQCwx+fi9oYtPZ37JjXlna6jNjk+R1NoJO8Dusn/i48JoqMWYApFOuOWBada4/FzwK3RJJ/4ywWlsjg==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: xus77tDlZhUxDt48lJn72A==
date: Thu, 11 Nov 2021 03:45:03 GMT
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-type: image/gif
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 1056
x-fb-rlafr: 0
expires: Fri, 11 Nov 2022 03:45:03 GMT

GET
H2 200 qYG_pvNhLC1.png
www.facebook.com/rsrc.php/v3/y8/r/ Frame B750 371 B
517 B 16ms
6ms Image
image/png 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/y8/r/qYG_pvNhLC1.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5cd71b1cee568b9f1498e914dd2b0c82add19a5a41c07d085131cdc66df5f613

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fb-debug: Ux45L63nDB4L+KKNLeV1xFlHyZgPBZFWlehnUV4sg6mklMIijYQdtNm0emIRwmzmn3nmW/yc++gHNoWYXjUWqg==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: ApFuUU9EOpmqxGomIy3eug==
date: Thu, 11 Nov 2021 03:37:54 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 371
x-fb-rlafr: 0
expires: Fri, 11 Nov 2022 03:37:54 GMT

GET
H2 200 iqVGY7gYXlg.gif
www.facebook.com/rsrc.php/v3/yx/r/ Frame B750 1 KB
1 KB 12ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/rsrc.php/v3/yx/r/iqVGY7gYXlg.gif

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e29e8cb21e6e794d5730c029d3996dc8e79b0841d7bb32cdd10ae34d4fb64760

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-fb-debug: QQlKuGFOQCwx+fi9oYtPZ37JjXlna6jNjk+R1NoJO8Dusn/i48JoqMWYApFOuOWBada4/FzwK3RJJ/4ywWlsjg==
x-content-type-options: nosniff
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: xus77tDlZhUxDt48lJn72A==
date: Thu, 11 Nov 2021 03:45:03 GMT
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
content-type: image/gif
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
priority: u=3,i
timing-allow-origin: *
content-length: 1056
x-fb-rlafr: 0
expires: Fri, 11 Nov 2022 03:45:03 GMT

POST
H2 200 10960 Show response
simons-ca.c2ukkg.net/xch/18126/752926/ 46 B
922 B 118ms
39ms XHR
application/json 54.154.232.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://simons-ca.c2ukkg.net/xch/18126/752926/10960
Requested by: Host: d.impactradius-event.com
URL: https://d.impactradius-event.com/A2053830-185c-4063-8f9e-f7c56b6b8add1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.154.232.8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-154-232-8.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: c81a65a52a371bf743ec94b53e57af01b109123ab7a8bdb93c7e4f0070d2b6ad

Request headers

Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
access-control-allow-origin: https://www.simons.ca
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
expires: Tue, 16 Nov 2021 00:05:06 GMT

GET
H2 200 858966784306976 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/858966784306976?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

87c459cda687bc79b6fb6b1e5be623a3f4437aec968362da6f44859273b011c3

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 88931
x-xss-protection: 0
pragma: public
x-fb-debug: LCayMqK7RTfeJ3rwaTMB927Isa4pHvJnObWdvNB3Gw4ajDfndTxUd5Uh4lhG7c0Kp1Np+H5s8WGR+XfK7jBkbg==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ACOCXUrqFRc.js Show response
www.facebook.com/rsrc.php/v3i7M54/ya/l/en_US/ Frame 7446 515 KB
136 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3i7M54/ya/l/en_US/ACOCXUrqFRc.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6d269486dab2e4c86035a5ee21dffadfb0671847eb0f4a6fe32357068eb87a55

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 05:18:52 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: lyV24PSm9Q1cFjDvqrV9gQ==
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
content-length: 139041
x-fb-rlafr: 0
x-fb-debug: 9hilhGxXdMLOLYYMK55fI6E/0o/6fm6i19kVIZ0jdmdbaSH3PprONjOtelHVvcYcPt0Nr2KPb+yYxUmdpHKRQA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 12 Nov 2022 05:18:52 GMT

GET
H2 200 ACOCXUrqFRc.js Show response
www.facebook.com/rsrc.php/v3i7M54/ya/l/en_US/ Frame B750 515 KB
136 KB 16ms
16ms Script
application/x-javascript 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/rsrc.php/v3i7M54/ya/l/en_US/ACOCXUrqFRc.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6d269486dab2e4c86035a5ee21dffadfb0671847eb0f4a6fe32357068eb87a55

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 05:18:52 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: lyV24PSm9Q1cFjDvqrV9gQ==
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
content-length: 139041
x-fb-rlafr: 0
x-fb-debug: 9hilhGxXdMLOLYYMK55fI6E/0o/6fm6i19kVIZ0jdmdbaSH3PprONjOtelHVvcYcPt0Nr2KPb+yYxUmdpHKRQA==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sat, 12 Nov 2022 05:18:52 GMT

GET
H2 200 status Show response
api.heyday.ai/v130/widget/ 78 B
605 B 126ms
105ms XHR
application/json 143.204.98.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.heyday.ai/v130/widget/status?pageid=9037420771&orgId=4099689688
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/scripts/setup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-64.fra50.r.cloudfront.net
Software: /
Resource Hash: b61ae62aa3ae9668832bc72ec6c140e29949eef78997fd11e44ed3a2b9e4e57f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
via: 1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amzn-requestid: 86d2a045-bff1-4be4-b5ca-56fd0ef82487
x-cache: Miss from cloudfront
x-amz-apigw-id: I3tT-EtAIAMFzMA=
content-length: 78
x-amzn-trace-id: Root=1-6192f5b2-24fbabca24a4bac50d4ad5d3
access-control-max-age: 0
access-control-allow-methods: GET,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=60
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Api-Version
x-amz-cf-id: L6LmRLw0u5bC8nLtPtvI4V2qzPugMGJ0-EzCt8aUktgFUmEsHtuOpw==

GET
H2 200 muse.js Show response
www.paypalobjects.com/muse/ 55 KB
16 KB 48ms
13ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/muse.js

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/tagmanager/pptm.js?t=xo&id=simons.ca

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

129737dfffcc16554dffd7d6dd3a57b6831c96a75d8acec4ea31709555115a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: 7e76a0d099cd6
dc: phx-origin-www-2.paypal.com
vary: Accept-Encoding
content-length: 16424
x-served-by: cache-sjc10030-SJC, cache-hhn4062-HHN
last-modified: Thu, 19 Aug 2021 15:53:03 GMT
x-timer: S1637021107.809787,VS0,VE0
etag: W/"611e7e5f-da2c"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 54382, 23

GET
H2 200 ts
t.paypal.com/ 42 B
728 B 226ms
185ms Image
image/gif 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Athird-party%3Aanalytics-xo%3A%3AJ76HTPZBQH778-1&page=muse%3Athird-party%3Aanalytics-xo%3A%3AJ76HTPZBQH778-1%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=2ce03c3d-8420-4f8e-932f-55d55859f9d6&fltp=analytics&mrid=J76HTPZBQH778&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&flag_consume=yes&pt=Simons&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1637021106774&g=0&completeurl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
via: 1.1 varnish
x-timer: S1637021107.823266,VS0,VE172
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: a7432a0c32210
expires: Tue, 16 Nov 2021 00:05:06 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4046-HHN

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/980063174/ 3 KB
2 KB 48ms
23ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/980063174/?random=1637021106776&cv=9&fst=1637021106776&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&data=ecomm_pagetype%3Dprofile%3Bevent%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&tiba=Simons&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a10b464ee34e308b47ac8131d56a1c55f7ad44ddbba85f9236ca65c4bf21367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1216
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
296 B 22ms
20ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1653632-1&cid=1187875162.1637021106&jid=733009490&_u=aGDAgEADQAAAAE~&z=500484675

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 62ms
17ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1653632-1&cid=1187875162.1637021106&jid=733009490&_u=aGDAgEADQAAAAE~&z=500484675

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 5025243.js Show response
bat.bing.com/p/action/ 0
93 B 213ms
212ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/5025243.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Nov 2021 00:05:06 GMT
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F191BFF68FCC44D1B13DB2D5716F0FE9 Ref B: FRAEDGE1215 Ref C: 2021-11-16T00:05:06Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
173 B 39ms
38ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=5025243&tm=gtm002&Ver=2&mid=f9bb9642-0c26-43ff-b1c6-ff5cb875923c&sid=db1e3240467011ec8188459b7dcc0e07&vid=db1e50e0467011ec90ec416348d081e6&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Simons&p=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&r=&lt=1780&evt=pageLoad&msclkid=N&sv=1&rn=989128
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 34955BB82A9D467BB15BFA3A74C3FF4F Ref B: FRAEDGE1215 Ref C: 2021-11-16T00:05:06Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adservice.google.de/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/ Frame F4B0 194 B
870 B 66ms
41ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CKSEpuzKm_QCFZnhEQgdzeAGjA;src=4863916;type=invmedia;cat=qa4ahatc;ord=9023210367688.195;~oref=https://www.simons.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 16 Nov 2021 00:05:06 GMT
expires: Tue, 16 Nov 2021 00:05:06 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/offers/ Frame 1636 189 KB
57 KB 7ms
7ms Document
text/html 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/offers/index.html

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a67dc3ae2d929dc9ad84015048c1cb8942d4ed6f1313bc69217bf53f932ccd8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"616f114f-2f59c"
last-modified: Tue, 19 Oct 2021 18:41:19 GMT
paypal-debug-id: 4fb174bf902d4
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 16 Nov 2021 00:05:06 GMT
x-served-by: cache-sjc10058-SJC, cache-hhn4062-HHN
x-cache: HIT, HIT
x-cache-hits: 9555, 1
x-timer: S1637021107.849704,VS0,VE1
vary: Accept-Encoding
cache-control: public,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 58509

GET
H2 200 index.html Show response
www.paypalobjects.com/muse/analytics/ Frame 3C25 54 KB
17 KB 13ms
13ms Document
text/html 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/analytics/index.html

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/muse.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

12500d956b47de01bfe02a21db437ebbd7b462f54137f0a37b80992df7f5ce59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/

Response headers

content-encoding: gzip
content-type: text/html
etag: W/"616f114f-d9ea"
last-modified: Tue, 19 Oct 2021 18:41:19 GMT
paypal-debug-id: e424b0eeae559
dc: ccg11-origin-www-1.paypal.com
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 16 Nov 2021 00:05:06 GMT
x-served-by: cache-sjc10030-SJC, cache-hhn4062-HHN
x-cache: HIT, HIT
x-cache-hits: 334320, 22
x-timer: S1637021107.853691,VS0,VE0
vary: Accept-Encoding
cache-control: public,max-age=3600
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
content-length: 16794

GET
H2 200 cavalry_endpoint.php
www.facebook.com/platform/ Frame 7446 67 B
231 B 29ms
28ms Image
image/png 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/platform/cavalry_endpoint.php?t_cstart=1637021106745&t_start=1637021106745&t_domcontent=1637021106814&t_layout=1637021106856&t_onload=1637021106856&t_paint=1637021106856&t_creport=1637021106856&t_tti=1637021106814&lid=7030952113699007554-0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3d2b3f7b721cc4%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: no-cache
x-fb-debug: zNTKx2nvvO6ohMLDFkMs5wVN/IGp9VjnoPB3VFVWZLaLUZ3pfigI72K2p45VQojh9e3G3ovYoSNmXFMSlNpWaw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/980063174/ 42 B
138 B 20ms
20ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/980063174/?random=1637021106776&cv=9&fst=1637020800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&data=ecomm_pagetype%3Dprofile%3Bevent%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&tiba=Simons&async=1&fmt=3&is_vtc=1&random=3782756389&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/980063174/ 42 B
154 B 17ms
16ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/980063174/?random=1637021106776&cv=9&fst=1637020800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&data=ecomm_pagetype%3Dprofile%3Bevent%3Dpage_view&frm=0&url=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&tiba=Simons&async=1&fmt=3&is_vtc=1&random=3782756389&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 705150010415746 Show response
connect.facebook.net/signals/config/ 306 KB
87 KB 8ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/705150010415746?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

da93435f052039be385579c40504882a919568a98cfa1479f91062e7325bfa5d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89134
x-xss-protection: 0
pragma: public
x-fb-debug: MjWV6pRF5gnDa00YeFqHXnqluorV1A7N6Er+xiIMhNTIfTB2NeB1E12GVeSN3ywS70rGD+E6jKuWCEtGlBJOpA==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 cavalry_endpoint.php
www.facebook.com/platform/ Frame B750 67 B
199 B 28ms
28ms Image
image/png 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/platform/cavalry_endpoint.php?t_cstart=1637021106752&t_start=1637021106752&t_domcontent=1637021106815&t_layout=1637021106882&t_onload=1637021106882&t_paint=1637021106882&t_creport=1637021106882&t_tti=1637021106815&lid=7030952114898091238-0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com .vrich619.com .fbcdn.net .paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/v7.0/plugins/login_button.php?app_id=703100166455908&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1a4af7a5ab8174%26domain%3Dwww.simons.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.simons.ca%252Ff382f440f3eae4%26relation%3Dparent.parent&container_width=0&locale=en_US&login_text=Log%20In&scope=public_profile%2Cemail&sdk=joey
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: no-cache
x-fb-debug: BpyyoC9kj4XgLdR88wCs2rvv0tVv+hT59YIFWFMg8iH500Z+Zy3qI2+xtDKsVBCe0Ma7IWh603jn4mgIAKadig==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 16 Nov 2021 00:05:06 GMT
strict-transport-security: max-age=15552000; preload
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: image/png
vary: Accept-Encoding
cache-control: private, no-store, no-cache, must-revalidate
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame 1636 18 B
224 B 8ms
7ms Fetch
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/offers/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypalobjects.com/muse/offers/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: ef9c765e4af1c
x-cache-hits: 62856, 17
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 38
x-served-by: cache-sjc10080-SJC, cache-hhn4062-HHN
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
x-timer: S1637021107.044638,VS0,VE0
etag: "60271cd0-12"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-client-location: DE

GET
H2 200 noop.js Show response
www.paypalobjects.com/muse/ Frame 3C25 18 B
156 B 7ms
7ms Fetch
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/noop.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypalobjects.com/muse/analytics/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: ef9c765e4af1c
x-cache-hits: 62856, 18
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 38
x-served-by: cache-sjc10080-SJC, cache-hhn4062-HHN
last-modified: Sat, 13 Feb 2021 00:26:56 GMT
x-timer: S1637021107.046205,VS0,VE0
etag: "60271cd0-12"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-client-location: DE

GET
H2 200 ts
t.paypal.com/ 42 B
459 B 165ms
164ms Image
image/gif 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3A%3A%3AJ76HTPZBQH778-1&page=muse%3Aoffer%3A%3A%3AJ76HTPZBQH778-1%3A%3AvisitorInfoFlowStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&item=2ce03c3d-8420-4f8e-932f-55d55859f9d6&es=visitorInfoFlowStarted&mrid=J76HTPZBQH778&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Simons&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1637021107046&g=0&completeurl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:07 GMT
via: 1.1 varnish
x-timer: S1637021107.049123,VS0,VE157
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 5676f31fdc6c4
expires: Tue, 16 Nov 2021 00:05:07 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4046-HHN

GET
H2 200 /
www.facebook.com/tr/ 44 B
324 B 8ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=858966784306976&ev=PageView&dl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&rl=&if=false&ts=1637021107053&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637021107051.393529058&it=1637021106740&coo=false&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 16 Nov 2021 00:05:07 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
214 B 8ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=705150010415746&ev=PageView&dl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&rl=&if=false&ts=1637021107056&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22278626873692889%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%224408118725869835%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1637021107051.393529058&it=1637021106740&coo=false&exp=p0&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:07 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 16 Nov 2021 00:05:07 GMT

GET
H2 200 5e7d860439e6185faaf2.chunk.js Show response
www.paypalobjects.com/muse/offers/chunk/ Frame 1636 16 KB
5 KB 14ms
14ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/offers/chunk/5e7d860439e6185faaf2.chunk.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/offers/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d1b335fcaa204a9cb788eddbbd74afef06e10a31f668b1b1b8a340a961cad909

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypalobjects.com/muse/offers/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: f081887b434db
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 5409
x-served-by: cache-sjc10075-SJC, cache-hhn4062-HHN
last-modified: Tue, 19 Oct 2021 18:41:19 GMT
x-timer: S1637021107.068843,VS0,VE0
etag: W/"616f114f-4067"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 7918, 2

GET
H2 200 069dd26e70e7ba0eaa52.chunk.js Show response
www.paypalobjects.com/muse/offers/chunk/ Frame 1636 16 KB
5 KB 14ms
14ms Script
application/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypalobjects.com/muse/offers/chunk/069dd26e70e7ba0eaa52.chunk.js

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/offers/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e8c202ea20c50184d7884ee2cf8504fef6a7d90daaf1a2e204a729a45bc2ecf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.paypalobjects.com/muse/offers/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
paypal-debug-id: c11fe10bbffee
dc: ccg11-origin-www-1.paypal.com
vary: Accept-Encoding
content-length: 4591
x-served-by: cache-sjc10037-SJC, cache-hhn4062-HHN
last-modified: Tue, 19 Oct 2021 18:41:19 GMT
x-timer: S1637021107.068959,VS0,VE0
etag: W/"616f114f-413b"
strict-transport-security: max-age=31557600
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public,max-age=3600
accept-ranges: bytes
x-cache-hits: 2264, 2

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame 3C25 434 B
1 KB 303ms
303ms Fetch
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/analytics/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

00947fa579cdc9fd951bd23099200b3f781f1bd10124017b1f60838109a45997

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-1Rt0A6wJgELqdaCRk1i9avjl0uH4JF47UgpoPWhMWkXW7E0z' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-1Rt0A6wJgELqdaCRk1i9avjl0uH4JF47UgpoPWhMWkXW7E0z' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
x-cache: MISS, MISS
paypal-debug-id: f957150441ebe
date: Tue, 16 Nov 2021 00:05:07 GMT
server-timing: content-encoding;desc=br
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-lhr7372-LHR, cache-cdg20744-CDG
x-timer: S1637021107.265483,VS0,VE287
x-frame-options: SAMEORIGIN
etag: W/"1b2-0w/Z1Hi86cfN+w0xIDDpoFQU8RE"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 192ms
176ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f95715005ad00
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
date: Tue, 16 Nov 2021 00:05:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4071-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1637021107.084699,VS0,VE169

POST
H2 200 graphql Show response
www.paypal.com/targeting/ Frame 1636 434 B
2 KB 241ms
241ms Fetch
application/json 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Requested by

Host: www.paypalobjects.com
URL: https://www.paypalobjects.com/muse/offers/chunk/5e7d860439e6185faaf2.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aeab07d6553670171c47548bde74bd3e59a0ddeaafe4abc932fcb7f4aebed850

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; img-src 'self' https:; script-src 'nonce-5Tt8rMpU2AAwdmcPZp6F6Bi0uXThVFjHCDSd7vQXT5woQWqN' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; object-src 'none'; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypalobjects.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https:; script-src 'nonce-5Tt8rMpU2AAwdmcPZp6F6Bi0uXThVFjHCDSd7vQXT5woQWqN' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' ; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com;
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
x-cache: MISS, MISS
paypal-debug-id: f9571507e5324
date: Tue, 16 Nov 2021 00:05:07 GMT
server-timing: content-encoding;desc=br
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
x-served-by: cache-lhr7334-LHR, cache-cdg20744-CDG
x-timer: S1637021107.280778,VS0,VE223
x-frame-options: SAMEORIGIN
etag: W/"1b2-RJvI+xvNH1mShpxfwMlp6YbgZSg"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypalobjects.com
content-encoding: br
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
accept-ranges: none
x-cache-hits: 0, 0

OPTIONS
H2 204 graphql
www.paypal.com/targeting/ Frame 0
0 175ms
175ms Preflight 151.101.1.21
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/targeting/graphql

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.21 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.paypalobjects.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://www.paypalobjects.com
access-control-expose-headers: Paypal-Debug-Id
cache-control: max-age=0, no-cache, no-store, must-revalidate
paypal-debug-id: f9571501b43d4
dc: ccg11-origin-www-1.paypal.com
accept-ranges: bytes
date: Tue, 16 Nov 2021 00:05:07 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-served-by: cache-hhn4071-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1637021107.097156,VS0,VE168

GET
H2 200 nr-1212.min.js Show response
js-agent.newrelic.com/ 34 KB
13 KB 25ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1212.min.js
Requested by: Host: www.simons.ca
URL: https://www.simons.ca/simons/profile/login.jsp?originalURL=http%3A//proxy.simons.ca/simons/profile/profile.jsp%3Fsection%3Drewards&_requestid=1131869&utm_source=newsletter&utm_medium=Newsletters&utm_campaign=no21-lu15-tant-de-raisons-de-c&utm_content=en&utm_term=119&subscribed=1&eid=Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding: gzip
etag: "9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id: 4D8AQJC9VY2BJ6SC
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 12828
x-amz-id-2: 2zU/m4ipcLnwAzgK66gM+c3M9MgsnZuv0e1Z9Z0e2/grnwun00VKLoxTIndc+jWu58DNxwidji8=
x-served-by: cache-hhn4033-HHN
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1637021107.237013,VS0,VE0
date: Tue, 16 Nov 2021 00:05:07 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 5869

GET
H2 200 / Show response
beacon.riskified.com/ 46 KB
14 KB 372ms
181ms Script
application/javascript 2600:1f18:f8a:b704:e516:f71b:f667:9bcf
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.riskified.com/?shop=simons.ca&sid=rmtrq41apgc
Requested by: Host: imagescdn.simons.ca
URL: https://imagescdn.simons.ca/imarcom/js/unified/2021-11-10_15-18-05.js?__=e692663af9018930bbb07f047cc02943
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:f8a:b704:e516:f71b:f667:9bcf Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 658a21670ac5564e894637315cc90e314247582dddc13044fadbbf8893f09961

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Nov 2021 00:05:07 GMT
access-control-request-method: *
server: istio-envoy
x-b3-traceid: 75e1226cd3491cfc148663639f62249b
access-control-allow-methods: PUT, OPTIONS, GET, DELETE, POST
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=600
x-b3-spanid: 0068d852f9aae9c3
x-b3-parentspanid: 75dac56d18f0ce51
x-b3-sampled: 0
content-encoding: gzip
access-control-allow-headers: Content-Type,Access-Control-Allow-Headers,Access-Control-Allow-Origin,x-csrf-token,X_CI_HMAC_SHA256

GET
H/1.1 200
OK 2df478b0dc Show response
bam-cell.nr-data.net/1/ 49 B
711 B 563ms
492ms Script
text/javascript 162.247.243.147
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/2df478b0dc?a=1464754331&v=1212.e95d35c&to=YwQGNhEHXEVWVxZbVlpOLjEzSUJEWFILXlwbDQsFCggcXERE&rst=2546&ck=1&ref=https://www.simons.ca/simons/profile/login.jsp&ap=17&be=1285&fe=2513&dc=1727&perf=%7B%22timing%22:%7B%22of%22:1637021104703,%22n%22:0,%22f%22:517,%22dn%22:518,%22dne%22:527,%22c%22:527,%22s%22:532,%22ce%22:600,%22rq%22:600,%22rp%22:1123,%22rpe%22:1128,%22dl%22:1126,%22di%22:1665,%22ds%22:1665,%22de%22:1780,%22dc%22:2513,%22l%22:2513,%22le%22:2516%7D,%22navigation%22:%7B%7D%7D&fp=1350&fcp=1350&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:07 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6aec7740dc78360d-MAN

GET
H2 200 ts
t.paypal.com/ 42 B
414 B 161ms
161ms Image
image/gif 151.101.1.35
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Aoffer%3Astore-cash%3Atoast%3AJ76HTPZBQH778-1&page=muse%3Aoffer%3Astore-cash%3Atoast%3AJ76HTPZBQH778-1%3A%3AconnectionStarted%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=smartincentive&s=ci&item=2ce03c3d-8420-4f8e-932f-55d55859f9d6&fltp=store-cash&es=connectionStarted&mrid=J76HTPZBQH778&code=CHECKOUT_BUTTON&partner_name=CHECKOUT_BUTTON&pt=Simons&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&offer_id=Q2PUCJF6LLX34&e=im&t=1637021107520&g=0&completeurl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.35 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Nov 2021 00:05:07 GMT
via: 1.1 varnish
x-timer: S1637021108.524969,VS0,VE148
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
paypal-debug-id: 83f3697cf595
expires: Tue, 16 Nov 2021 00:05:07 GMT
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-cache-hits: 0
accept-ranges: bytes
content-type: image/gif
content-length: 42
x-served-by: cache-hhn4046-HHN

GET
H/1.1 200
OK image-l.gif
img.riskified.com/img/ 35 B
271 B 412ms
101ms Image
image/gif 52.205.107.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.riskified.com/img/image-l.gif?t=16370211076080.9894350641839738&c=tuh87t5g1864iiv2qaxrckw1c3mod&p=acqg6n&a=rmtrq41apgc&o=simons.ca&rt=1637021107457
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.205.107.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-107-170.compute-1.amazonaws.com
Software: nginx/1.10.2 /
Resource Hash: b03a66cf3c1b8d1757cb7fb0268c86aae035e91a39e18cb571f8fcc3508e1f4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:07 GMT
Last-Modified: Mon, 10 May 2021 09:31:37 GMT
Server: nginx/1.10.2
ETag: "6098fd79-23"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35

GET
H/1.1 200
OK image-l.gif
img.riskified.com/img/ 35 B
271 B 102ms
102ms Image
image/gif 52.205.107.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.riskified.com/img/image-l.gif?t=16370211080320.22681421521670186&c=tuh87t5g1864iiv2qaxrckw1c3mod&p=acqg6n&a=rmtrq41apgc&o=simons.ca&rt=1637021107457
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.205.107.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-107-170.compute-1.amazonaws.com
Software: nginx/1.10.2 /
Resource Hash: b03a66cf3c1b8d1757cb7fb0268c86aae035e91a39e18cb571f8fcc3508e1f4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:08 GMT
Last-Modified: Mon, 10 May 2021 09:31:37 GMT
Server: nginx/1.10.2
ETag: "6098fd79-23"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35

GET
H/1.1 200
OK image-l.gif
img.riskified.com/img/ 35 B
271 B 101ms
101ms Image
image/gif 52.205.107.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.riskified.com/img/image-l.gif?t=16370211081480.7342501544165096&c=tuh87t5g1864iiv2qaxrckw1c3mod&p=acqg6n&a=rmtrq41apgc&o=simons.ca&rt=1637021107457
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.205.107.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-107-170.compute-1.amazonaws.com
Software: nginx/1.10.2 /
Resource Hash: b03a66cf3c1b8d1757cb7fb0268c86aae035e91a39e18cb571f8fcc3508e1f4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:08 GMT
Last-Modified: Mon, 10 May 2021 09:31:37 GMT
Server: nginx/1.10.2
ETag: "6098fd79-23"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35

GET
H/1.1 200
OK image-l.gif
img.riskified.com/img/ 35 B
271 B 101ms
101ms Image
image/gif 52.205.107.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.riskified.com/img/image-l.gif?t=16370211082620.23782562525120654&c=tuh87t5g1864iiv2qaxrckw1c3mod&p=acqg6n&a=rmtrq41apgc&o=simons.ca&rt=1637021107457
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.205.107.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-107-170.compute-1.amazonaws.com
Software: nginx/1.10.2 /
Resource Hash: b03a66cf3c1b8d1757cb7fb0268c86aae035e91a39e18cb571f8fcc3508e1f4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:08 GMT
Last-Modified: Mon, 10 May 2021 09:31:37 GMT
Server: nginx/1.10.2
ETag: "6098fd79-23"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35

GET
H/1.1 200
OK image-l.gif
img.riskified.com/img/ 35 B
271 B 101ms
101ms Image
image/gif 52.205.107.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.riskified.com/img/image-l.gif?t=16370211083760.28338239168403234&c=tuh87t5g1864iiv2qaxrckw1c3mod&p=acqg6n&a=rmtrq41apgc&o=simons.ca&rt=1637021107457
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.205.107.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-107-170.compute-1.amazonaws.com
Software: nginx/1.10.2 /
Resource Hash: b03a66cf3c1b8d1757cb7fb0268c86aae035e91a39e18cb571f8fcc3508e1f4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Tue, 16 Nov 2021 00:05:08 GMT
Last-Modified: Mon, 10 May 2021 09:31:37 GMT
Server: nginx/1.10.2
ETag: "6098fd79-23"
Content-Type: image/gif
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35

POST
H2 201 client_infos Show response
c.riskified.com/v2/ 0
368 B 104ms
104ms XHR
text/plain 2600:1f18:f8a:b702:d69:3533:4c56:441c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.riskified.com/v2/client_infos
Requested by: Host: beacon.riskified.com
URL: https://beacon.riskified.com/?shop=simons.ca&sid=rmtrq41apgc
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:f8a:b702:d69:3533:4c56:441c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Allow-Origin: *
Referer: https://www.simons.ca/
Accept-Language: de-DE,de;q=0.9
Access-Control-Allow-Headers: Content-Type
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Tue, 16 Nov 2021 00:05:08 GMT
access-control-request-method: *
server: istio-envoy
x-b3-traceid: 2cd62ea554f8be16ea7372d2ee76d8d2
access-control-allow-methods: PUT, OPTIONS, GET, DELETE, POST
access-control-allow-origin: *
x-b3-spanid: 2162aeecf71f05ac
x-b3-parentspanid: 79705a35469ad79a
x-b3-sampled: 0
timing-allow-origin: *
access-control-allow-headers: Content-Type,Access-Control-Allow-Headers,Access-Control-Allow-Origin,x-csrf-token,X_CI_HMAC_SHA256
content-length: 0

OPTIONS
H2 200 client_infos
c.riskified.com/v2/ Frame 0
0 303ms
99ms Preflight
text/plain 2600:1f18:f8a:b702:d69:3533:4c56:441c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c.riskified.com/v2/client_infos
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:f8a:b702:d69:3533:4c56:441c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: access-control-allow-headers,access-control-allow-origin,content-type
Origin: https://www.simons.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 16 Nov 2021 00:05:08 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
timing-allow-origin: *
access-control-request-method: *
access-control-allow-methods: PUT, OPTIONS, GET, DELETE, POST
access-control-allow-headers: Content-Type,Access-Control-Allow-Headers,Access-Control-Allow-Origin,x-csrf-token,X_CI_HMAC_SHA256
x-b3-traceid: 173afdff324364ce2ff51667b7c50b87
x-b3-sampled: 0
x-b3-parentspanid: 3ba779b0551193e4
x-b3-spanid: 18df31c4417482bc
server: istio-envoy

GET
H2 200 /
www.facebook.com/tr/ 44 B
147 B 7ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=858966784306976&ev=Microdata&dl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&rl=&if=false&ts=1637021108556&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Simons%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637021107051.393529058&it=1637021106740&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:08 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 16 Nov 2021 00:05:08 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 7ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=705150010415746&ev=Microdata&dl=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&rl=&if=false&ts=1637021108558&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Simons%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637021107051.393529058&it=1637021106740&coo=false&es=automatic&tm=3&exp=p0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:08 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 16 Nov 2021 00:05:08 GMT

GET
H2 200 track Show response
api.heyday.ai/v130/ 133 B
492 B 121ms
121ms XHR
application/json 143.204.98.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.heyday.ai/v130/track?oid=4099689688&pid=9037420771&uid=18bef83a-fcdd-4c35-b1b8-375808d349c3&url=https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ&title=Simons&evt=pageview&ha=84
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/scripts/heyday-track.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-64.fra50.r.cloudfront.net
Software: /
Resource Hash: e07ae9065a6851a6f0e78b43e3c94bbbce40244a18458cc63556a14f5fe9ef9f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:08 GMT
via: 1.1 1f49a084ca923f375f74b42fa36ef429.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amzn-requestid: 26b8d21c-3cb5-4898-bf2c-bf385a3aaaf6
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-6192f5b4-4346184b063960857268f035
x-amz-apigw-id: I3tUTFlqoAMFyVg=
content-length: 133
x-amz-cf-id: oHyL_AyUg7m8Dtvc5b0c_Be6-liX8aEiz0iSHql_7kC5cV6XiUL1kA==

GET
H2 200 heyday-chat.js Show response
webchat.heyday.ai/scripts/ 15 KB
6 KB 22ms
22ms Script
application/javascript 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/scripts/heyday-chat.js
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/scripts/setup.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ecbdb5a1c625a83fbb8a28cb2ae0c4e03e17b9cdd93810f40a2df99b26a3ecaf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:01:01 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 248
etag: W/"59875675c4a3cda510d81a25b2e11e6a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: B2ZA6FPNBYSCGH29
x-amz-cf-id: ho0KcQrLKZQTUaDEr1P7-d3WQZhthChhXoQkuXPoHDU8uhzsiI22mQ==
x-amz-id-2: 1cNSsvEoYgQ3nCBOz/6bbCquHM5MGbLphmlD+Fc5ABo/QYlAlVjWyV6KMBtrhb/qCL69yK207Ms=

GET
H2 200 / Show response
webchat.heyday.ai/ Frame C126 843 B
1 KB 23ms
23ms Document
text/html 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/scripts/heyday-chat.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d066e723cb0d1b43666fcf95be76e34c6f4cb7e4bca61e6d7209ac3be4b9e098

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/

Response headers

content-type: text/html
content-length: 843
x-amz-id-2: O9NFyLN5AbTj/eRXGbOTsGRqlfJ10TeiQnMtBocmShyGw2sMxZIQ/cWGQdpJz/LTdXvP5baemHE=
x-amz-request-id: SEM13T1AK5ED4AG9
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
accept-ranges: bytes
server: AmazonS3
date: Tue, 16 Nov 2021 00:01:01 GMT
cache-control: max-age=300
etag: "b61adc083b95a26d081282cff3db7c80"
x-cache: Hit from cloudfront
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: GjaYFWioKi35TPJXghgyUzrQqa8sE_KksdHWHpPQLFv6tC393BcqoQ==
age: 248

GET
H2 200 chatIcon.png
assets.heyday.ai/organizations/4099689688/images/ 10 KB
10 KB 51ms
16ms Image
image/png 143.204.98.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.heyday.ai/organizations/4099689688/images/chatIcon.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-101.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 857a0cc717be0b50a72541706471d6edf5e10a4ff6166236e69c5a159c1de8ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.simons.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:05:08 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified: Fri, 07 May 2021 19:11:04 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: "acb2671fd480c56797fa6f68de55166f"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=600
accept-ranges: bytes
content-length: 9915
x-amz-cf-id: qwOqcoLGNKDgoFWQo1CF-biRGSLrIo0s3xg2yBYhKxOcGzJlzJ_6NQ==

GET
H2 200 styles.9ffeae6dfaf18edda8f8.css
webchat.heyday.ai/ Frame C126 2 KB
1 KB 45ms
44ms Stylesheet
text/css 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/styles.9ffeae6dfaf18edda8f8.css
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e1692697eb0ec45f17777a40577d15625d75e26d16fc11ca6d957e2f5afab94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webchat.heyday.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:02:54 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 135
etag: W/"88fb71522d569537da2156968a4a0a92"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: GFTWYRFA9PGFPEVF
x-amz-cf-id: nHq6KxJG4ci6RkRuqQA_E1Ws5w7ekz1LaaWR698VO53gV6z_XP0ASg==
x-amz-id-2: wXDlZdjMmceZmlGMoaFZEFBCjDQzroEiPhs0aZoAkGhly7YLzvouE8a77VOWeTKT5cveEIX59gs=

GET
H2 200 runtime.7b63b9fd40098a2e8207.js Show response
webchat.heyday.ai/ Frame C126 1 KB
1 KB 39ms
38ms Script
application/javascript 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/runtime.7b63b9fd40098a2e8207.js
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webchat.heyday.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:02:31 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 158
etag: W/"1244d3f2f28ecc6619157927aca95200"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: 1K28NJXFT7JVVH2Q
x-amz-cf-id: WeoYMuDkhkEm_YUrxAix0PRE7c0vF-GKyuSDEY41vXdKxkZdYFPylw==
x-amz-id-2: duiNKdUqB9d5WjPBWvtYoXhs6gtu19hI+XDUrW/HsNAvSwFCTrwc0kQEYcHFvHxio+kODU8d6f0=

GET
H2 200 polyfills.ea9cad722c4605ea1b13.js Show response
webchat.heyday.ai/ Frame C126 44 KB
15 KB 53ms
53ms Script
application/javascript 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/polyfills.ea9cad722c4605ea1b13.js
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 05beea7e4adf5a0e5b979e8e9cfc24479a77bf914c0fb37bc80b9a6eb18688d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webchat.heyday.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:02:54 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 135
etag: W/"eec55513f00c7e1f9743bd062016a977"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: ZQR0KWQ2PD9ZEV0N
x-amz-cf-id: TxS7OC24ch2YzTlmEB1dbWcBaB-q49F79DQeodSi4Wam-QcSKS7Brg==
x-amz-id-2: XtT937TciEgiBzO5O6BHQUX7u+VQYJUA5w1SVHrabTUw4VE7FEKtA6rI3/bTrlmu4kMAFJ/qT6g=

GET
H2 200 main.f24aeeeb4caee016f39e.js Show response
webchat.heyday.ai/ Frame C126 1 MB
403 KB 26ms
26ms Script
application/javascript 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/main.f24aeeeb4caee016f39e.js
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9b18af21dd16b136561c0de95f10d50f757011e8134eb2e6598d5e775bbad365

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://webchat.heyday.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 16 Nov 2021 00:01:45 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 204
etag: W/"ac0794f0169aab0c87a549d3b807e221"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
cache-control: max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-request-id: HSN7T6WQYQDRG473
x-amz-cf-id: JK4mx0GL-E198LdOA9djDNtHLc8ISfhqBmgbKaJmAdvUDrtYFKCHNw==
x-amz-id-2: TKwYFPVQApvwyzPEHKdnb2Hml3vyhkASNlVz9oh9240KI0JKJoefhGT9ovoCZ21wKI/al/rVzNM=

GET
H2 200 objectsans-regular-webfont.9f4aff889c3c0cbd7e09.woff2
webchat.heyday.ai/ Frame C126 19 KB
19 KB 26ms
25ms Font
font/woff2 143.204.98.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://webchat.heyday.ai/objectsans-regular-webfont.9f4aff889c3c0cbd7e09.woff2
Requested by: Host: webchat.heyday.ai
URL: https://webchat.heyday.ai/styles.9ffeae6dfaf18edda8f8.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-31.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: abe0770fb1e0b7f9318fc39835ee3ea4897972e26f82c9489c93c396f9e0195f

Request headers

Referer: https://webchat.heyday.ai/styles.9ffeae6dfaf18edda8f8.css
Origin: https://webchat.heyday.ai
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Mon, 15 Nov 2021 23:43:23 GMT
via: 1.1 ad46d498157a92ab1076f74db460670d.cloudfront.net (CloudFront)
last-modified: Wed, 13 Oct 2021 14:30:42 GMT
server: AmazonS3
age: 1307
etag: "f7f7818c06e40530d8804d34ae0205ed"
x-cache: Hit from cloudfront
content-type: font/woff2
cache-control: max-age=3600
content-length: 19244
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-request-id: TBDP1EF2CF05FF9S
x-amz-id-2: 97LXQGXQ4nz3EXrKkWKc+H79v/g/iaRfV73chgL0L7zkNdaZ0dCMA28nAys5CG1VpemLnpfhMOA=
x-amz-cf-id: PDQyRn9ZN7RUfE69GQ-7jkwe_YZyyWY7NmE4NI7bydvJPX_k8zQPkw==

Verdicts & Comments Add Verdict or Comment

275 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.simons.ca/	1969-12-31 23:59:59	Name: JSESSIONID Value: tlETHADboqadZ6hj-XZxqDN7.app2
.simons.ca/	1970-01-19 23:26:53	Name: simonsprof Value: locale%3Den_CA%26loggedInProfileId%3D%26email%3D%26firstName%3D%26userPreference%3D%26countryPreference%3D%26cartItems%3D%26cartCount%3D0%26sessionEndDate%3D1637024705673
.simons.ca/	1969-12-31 23:59:59	Name: JSESSIONID Value: tlETHADboqadZ6hj-XZxqDN7.app2
.simons.ca/	1970-01-19 22:43:42	Name: __cf_bm Value: OjPTK9qqbLWVkaOD_.qlLXQAl.PqantRcALzxkj1biU-1637021105-0-ARmuB8LUeXULBJogR8kMvlwBoNOhH21bRS1Co/8WtUG3m+fLphAm5JtnBqpHyrMrw+tzEQBKkFwwi990YfGnLNw0n7Xf02agCmZo51mHlM4U
.simons.ca/	1969-12-31 23:59:59	Name: __gtm_campaign_url Value: https%3A%2F%2Fwww.simons.ca%2Fsimons%2Fprofile%2Flogin.jsp%3ForiginalURL%3Dhttp%253A%2F%2Fproxy.simons.ca%2Fsimons%2Fprofile%2Fprofile.jsp%253Fsection%253Drewards%26_requestid%3D1131869%26utm_source%3Dnewsletter%26utm_medium%3DNewsletters%26utm_campaign%3Dno21-lu15-tant-de-raisons-de-c%26utm_content%3Den%26utm_term%3D119%26subscribed%3D1%26eid%3DBd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
.simons.ca/	1970-01-19 22:45:07	Name: _gid Value: GA1.2.149758434.1637021106
.simons.ca/	1970-01-20 00:53:17	Name: _gcl_au Value: 1.1.852342881.1637021106
.simons.ca/	1970-01-20 00:10:05	Name: show_fbox_feb_2016 Value: 2
.simons.ca/	1970-01-20 01:07:41	Name: newsletter_subscriber Value: true
.simons.ca/	1969-12-31 23:59:59	Name: current_session_id Value: rmtrq41apgc
.simons.ca/	1970-01-19 23:26:53	Name: emarketingId Value: Bd8Xi7-jrvMEWhutSBm9FKridbxLFNNrUQ
.simons.ca/	1970-01-20 16:14:53	Name: _ga_TVRY73VP6D Value: GS1.1.1637021106.1.0.1637021106.0
www.offlinx.com/	1970-01-20 16:14:53	Name: moneris-payid-uuid Value: cf4e8d09-9dc7-45a8-95ff-3230ea0d319a
www.offlinx.com/	1970-01-20 16:14:53	Name: version Value: 1.0
.bing.com/	1970-01-20 08:05:17	Name: MUID Value: 3E5D3A1A643967E334542AEB65EB665D
.simons.ca/	1970-01-20 16:14:53	Name: _ga Value: GA1.2.1187875162.1637021106
.simons.ca/	1970-01-19 22:43:41	Name: _dc_gtm_UA-1653632-1 Value: 1
.simons.ca/	1970-01-19 22:45:07	Name: geoip_cache Value: %7B%22continent_code%22%3A%22EU%22%2C%22country_code%22%3A%22DE%22%2C%22country_code3%22%3A%22DEU%22%2C%22country_name%22%3A%22Germany%22%2C%22region%22%3A%2205%22%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22postal_code%22%3A%2260326%22%2C%22latitude%22%3A50.10490036010742%2C%22longitude%22%3A8.629500389099121%2C%22dma_code%22%3A0%2C%22area_code%22%3A0%7D
www.simons.ca/	1970-01-20 03:02:53	Name: _ALGOLIA Value: anonymous-ba906663-d993-4849-bff9-883b7b5f9aed
.simons.ca/	1969-12-31 23:59:59	Name: IR_gbd Value: simons.ca
.simons.ca/	1969-12-31 23:59:59	Name: IR_10960 Value: 1637021106729%7Cc-18126%7C1637021106729%7C%7C
.simons.ca/	1970-01-19 22:45:07	Name: geo_target Value: %22%7B%5C%22continent_code%5C%22%3A%5C%22EU%5C%22%2C%5C%22country_code%5C%22%3A%5C%22DE%5C%22%2C%5C%22country_code3%5C%22%3A%5C%22DEU%5C%22%2C%5C%22country_name%5C%22%3A%5C%22Germany%5C%22%2C%5C%22region%5C%22%3A%5C%2205%5C%22%2C%5C%22city%5C%22%3A%5C%22Frankfurt%20am%20Main%5C%22%2C%5C%22postal_code%5C%22%3A%5C%2260326%5C%22%2C%5C%22latitude%5C%22%3A50.10490036010742%2C%5C%22longitude%5C%22%3A8.629500389099121%2C%5C%22dma_code%5C%22%3A0%2C%5C%22area_code%5C%22%3A0%7D%22
.simons.ca/	1970-01-19 22:45:07	Name: _uetsid Value: db1e3240467011ec8188459b7dcc0e07
.simons.ca/	1970-01-20 08:05:17	Name: _uetvid Value: db1e50e0467011ec90ec416348d081e6
.doubleclick.net/	1970-01-20 08:05:17	Name: IDE Value: AHWqTUkxU3_c8lzY9T6nCNFFfp-udZRWm4HwK5FWrlwNHQqKNfZOymDI4MNGOWtc
simons-ca.c2ukkg.net/	1970-01-19 22:53:45	Name: AWSALBCORS Value: ThExMb7AwgpC5xZZCODFMdh4LPDuj31cXlJmVTOLDMygp1H/HFwY6DdHREdAwHh+U2H29fQ7XhNLogkY63UL0rsgU00upB+iu6FcRoSXN0f3Pb/CAtep27IJel0s
.c2ukkg.net/	1970-01-20 16:00:29	Name: brwsr Value: db221c55-4670-11ec-bba5-89e044f5f72d
simons-ca.c2ukkg.net/	1970-01-20 03:02:53	Name: irld Value: L1AGyjiVYy26PQMgx5cxfc0FH
.simons.ca/	1970-01-20 16:00:29	Name: IR_PI Value: db221c55-4670-11ec-bba5-89e044f5f72d%7C1637107506729
.simons.ca/	1970-01-20 00:53:17	Name: _fbp Value: fb.1.1637021107051.393529058
.paypalobjects.com/	1970-01-19 22:48:00	Name: paypal-offers--country Value: DE
.facebook.com/	1970-01-20 00:53:17	Name: fr Value: 0oERXYdxvLjyDM7nY..BhkvWz...1.0.BhkvWz.
.paypal.com/	1970-01-19 22:44:12	Name: LANG Value: de_DE%3BDE
.paypal.com/	1970-01-20 07:29:17	Name: enforce_policy Value: gdpr_v2.1
.paypal.com/	1970-01-19 22:48:00	Name: tsrce Value: targetingnodeweb
.paypalobjects.com/	1970-01-19 22:45:07	Name: paypal-offers--cust Value: null:null:null
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTYzNzAyMTEwNzQ2OSIsImwiOiIwIiwibSI6IjAifQ
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3AQd6lMvjiHP5bgxcILv_C1whp57O5uLgu.jU1XJKes9Cx9Lihs%2FYr%2BrpYaQI%2FeXDCxY8GYzLcAWoQ
.paypal.com/	1970-01-19 22:43:42	Name: l7_az Value: dcg01.phx
.simons.ca/	1970-01-20 16:14:53	Name: lastRskxRun Value: 1637021107595
.simons.ca/	1970-01-20 16:14:53	Name: rskxRunCookie Value: 0
.simons.ca/	1970-01-20 16:14:53	Name: rCookie Value: tuh87t5g1864iiv2qaxrckw1c3mod
.paypal.com/	1970-01-21 01:01:55	Name: ts Value: vreXpYrS%3D1731715507%26vteXpYrS%3D1637022907%26vr%3D260fc59517d0aa591143afa9ffffffff%26vt%3D260fc59517d0aa591143afa9fffffffe
.paypal.com/	1970-01-21 01:01:55	Name: ts_c Value: vr%3D260fc59517d0aa591143afa9ffffffff%26vt%3D260fc59517d0aa591143afa9fffffffe
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 660bef5d38cd3ea1
.www.simons.ca/	1970-01-25 22:43:41	Name: _hdtid Value: 18bef83a-fcdd-4c35-b1b8-375808d349c3
.www.simons.ca/	1970-01-25 20:31:12	Name: _hd Value: {"heyday-widget-state":"welcome"}

412 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://jscdn.simons.ca/simons/js/simons_foot_en.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4(Line 128) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenLite.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://jscdn.simons.ca/simons/js/simons_foot_en.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4(Line 128) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenLite.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://jscdn.simons.ca/simons/js/simons_foot_en.js?version=837313c08655cd28f210fa5bb8956cf3b425ffe4(Line 128) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/plugins/CSSPlugin.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' blob: data: 'self' connect.facebook.net".
network	error	URL: https://imagescdn.simons.ca/imarcom//images/login_2017/shadow_box-fafafa-square.png?__=a3fb6c8b0366eaca43fa42a79354e2a2 Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' *.simons.ca
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4863916.fls.doubleclick.net
adservice.google.com
adservice.google.de
api.heyday.ai
appleid.cdn-apple.com
assets.heyday.ai
bam-cell.nr-data.net
bat.bing.com
beacon.riskified.com
c.riskified.com
cdn.jsdelivr.net
cdn.noibu.com
cdnjs.cloudflare.com
cl.avis-verifies.com
connect.facebook.net
csscdn.simons.ca
d.impactradius-event.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
imagescdn.simons.ca
imarcomcdn.simons.ca
img.riskified.com
js-agent.newrelic.com
jscdn.simons.ca
simons-ca.c2ukkg.net
simons.cheetah-reach.com
stats.g.doubleclick.net
t.paypal.com
webchat.heyday.ai
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.offlinx.com
www.paypal.com
www.paypalobjects.com
www.simons.ca
104.111.230.79
104.17.217.25
104.17.218.25
142.250.186.162
142.250.74.198
143.204.98.101
143.204.98.124
143.204.98.31
143.204.98.41
143.204.98.64
151.101.1.21
151.101.1.35
151.101.194.133
151.101.66.137
162.247.243.147
2600:1f18:f8a:b702:d69:3533:4c56:441c
2600:1f18:f8a:b704:e516:f71b:f667:9bcf
2606:4700:20::ac43:4807
2606:4700::6810:125e
2606:4700::6810:5914
2620:1ec:c11::200
2a00:1450:4001:811::2003
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:4001:830::2008
2a00:1450:4001:830::200a
2a00:1450:4001:830::200e
2a00:1450:400c:c1b::9c
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
34.201.199.121
35.186.249.72
52.205.107.170
54.154.232.8
00947fa579cdc9fd951bd23099200b3f781f1bd10124017b1f60838109a45997
03b64554ae128fa00818246aa0042b3209e493574fb0c67f48bcbcceef7456e4
03c2421c2aacaf35c291c115a9afa2ce8009723e26b87ad3d65501bbc703923f
0403358ce75bce9316ae68db3e2a88013a97fa250d6de314eab35312ef4f1daa
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
05beea7e4adf5a0e5b979e8e9cfc24479a77bf914c0fb37bc80b9a6eb18688d8
0609b1864560f671e1e38325bbc80497f83411d47d39d5f6cbad76255a28346e
0735a748bf70ad519969fbf64f7c8ef3072a1bdda68b420aee14dc43e5e080cd
0739b17b1053de387d55795753300a79626787634f8c909277efff94d0e3f154
082a7cbd27891ecef23d1e47bfc5331e8b18f962132f7de690c2d66f0ca0cc29
0ba8bf34326335e47c9386cfe2d6cbb4b689bff84d1828ea5fdc5a8f826aabd1
0f24cdb8b74c11d931abe60849f30e6543c490813311e92603698b7a04bccaae
0fc0076a36c38f39206bb258eeb8bc8e383b96a6ccd26024b0b088d9e0b192af
109405bb41196e75f45961b8899ab7a1d1e7959db1c6d68d00b1d6b53da8ecac
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12500d956b47de01bfe02a21db437ebbd7b462f54137f0a37b80992df7f5ce59
129737dfffcc16554dffd7d6dd3a57b6831c96a75d8acec4ea31709555115a53
152a3f28d6cad1c4bc297d2a7e0aa9791a57c8499def1633196eb103a2156f12
15816f03254f95dc17f2afabb875ae13f532b12d2d34a2c9c6e486db1f648193
158f7cb1d1b28d171b55bfb230cbc6ab12f72ff69c719a7d87ac0fc527fe58db
17919ee236fdf074e1d23ee9089e17ddbe16f03802cefd2f3a366ced62c8b811
17fcb9109cd533d04623642347c1e10b597db902e8b6768106bd77ce9baba259
1a10b464ee34e308b47ac8131d56a1c55f7ad44ddbba85f9236ca65c4bf21367
1e60c1feb97b5013d8647e97f81542163d63bbb5b17efc797995e2f7f633f9e6
1e6b861ee1c3ec0f833fbd061a72e05067e251b39d4d9935623a36ce0da06e59
1fd89bf69e0940f929e2a8cce45a8a71c087768f41e6067f6857bb47c89181a2
21a76906a4fc5e1f8f351a08e1b79df3e8d6da8874367066de214427ae110280
22bd907094eb43d8b21f47551c1feeed501253ea7d38c6f527032384be7179d0
22c0f5298286f5ccb74834d72cba34c2c35b0e3df8dee75d5fb8b9300acaca70
2492b1c9759c2d59cd8a59519bc892ce4a643a87a632532cbe85644b60b86f69
26371e57f9c8209580fb223890eeb7f09e899c39340f205ec4d9504cb13212b6
263c42afdfe9a142cc45729a5664deb7d114eb01f4db0c02f1b53211a72081ce
27d7bd29071b5243b3b291ce3214138da6967f9afd30169d223433d2472759e4
292fe77f4dc059d737f4cf67f00bf1281d44734b4865454e54f3372879f5d598
29a6e466390a2fcf99baf8c16c9bcf9d2cacb93dcc3d5c4799ba345cc46ff54a
2b6d67b268c301734a4344e826607354d5fd8e8ae17bf1de2440affb28131c03
2dc7efb9c409a468b7dd2bae2afbb5e4618c6773994a3b3d8563be59e8999ea9
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
3239690e0a0699fe75f1cc71b92359c13c0692f9d9c7d83a00e45d5d0a27d553
37baac4e6f1562d3438771ebd600da2afc1c03e9ab1e96becdc24e4d10949228
37c5b8c47dc595c5b4f8a7b621bc036a1ac97c7450b32d3a2717b295c36015a8
3b33028abba4568f3c20c0e3686788aacd911c5a6716c668a0a36626bae85990
3e1692697eb0ec45f17777a40577d15625d75e26d16fc11ca6d957e2f5afab94
3f22790f01a43937ef72a017659dd3da842ba981d36663dba72b84dc4520343a
4235d8b1ceabaa39bbc2f06499a057897b43e2247ec34112ad983a02bea80479
43582dd137c567fc42e76a9a089d41db94df3b9f264efa73fcab4de1d115be7a
46596fc12aa9c947c9921a170621be06192da69e40e1c267da24e4929b9c978f
4a4534e9976bbda90e300b9c2098b19a5bb91357fc34333a8c73e87130488451
4bb0ad8a1150767d4ae99ef113703e6e77957ad220d78edc7150a4c7af49aa89
4bf8922b6cb0bd95c8c4fa90584b2738f8e44e22092c0e57c0fd806b3348ed89
522e8a56a8ec194ff1d2df40b93e1fd173e9077cc9e0e27f1d091474f81642d8
52aea83ce1d5208f12b164d1b00e8953cbdbc1ed981d0fe1e1a35532b4bd2446
57ccc7ab71e3ae0f0246e1ddacd3d67d9bfc72dbce9dc24c3c2a31d75fe05c0e
59d6744a732c55e5e9a1b99ee321cbdc94742db9e24791b8d096328e9e153004
5bee4307057b727e9b557e7e10f5950abff1d6d236ca07378191c71d0d1ff11d
5c782ea0837513d6d345aef777bce3b6b225c02deaa8087ae70122e1efa2cede
5cd71b1cee568b9f1498e914dd2b0c82add19a5a41c07d085131cdc66df5f613
5de18acd47bedbc8975d4fbec40b5ffb9fcf4d6b49295ae6ae7113c056049f43
60e60bf2583cf7444b00a4b0b8d46de5fd5816f768fc72fd71c643357132df69
63d2d234c7e3f87d4188585ad72f519a05f831cfd09317dfefb28b2f7e6984db
658a21670ac5564e894637315cc90e314247582dddc13044fadbbf8893f09961
688cea414f43ba2fb5392a16282d94e3a9bd10ba67618c9aeb712212a9271512
6b92236a527dcb75210ffe51d9d1a242013d89d80dc0e38a06937f3170f71092
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
6d269486dab2e4c86035a5ee21dffadfb0671847eb0f4a6fe32357068eb87a55
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
729a551f424a2974bd77ca12794a990f750a58fe9adc0d7c56169a5d1875be08
7316bcb776a21a6b30a30d05bd3639167107ccc7193cde53b239a76577ab1bdf
73b2ddc1f58df724d327c9d6c73358af6c2481b3de05de890a8d6ff73d74caed
7bc011db3460631fe472190547a97f0ca2aa502cb5eae3d1e0ed4ab038fddfa0
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7fae98db842729b9e3caed983cd96fc1afb340582ecd328bc598ac6eb171b35d
8163cbca63c70dd145c3aec975f758b1506c5084db628bc5c916b5ae6f603916
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836bd44a199290bda488ccda4ddd619245f89b5f5554dd693b3a39b71342cb48
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
857a0cc717be0b50a72541706471d6edf5e10a4ff6166236e69c5a159c1de8ab
87c459cda687bc79b6fb6b1e5be623a3f4437aec968362da6f44859273b011c3
8b0499bfbe34ef331895c6790b012c935c4ee3d50afcb1471422b935e3011c83
8d2768a911c7e236fff7ab8f2aa6977707cbf48c6e4697091c6c99f0a23dcf7e
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8f92eb643bd16658b0f611e78892a224bef6df29545f127307fc8460cd3d714d
902b3771908fd421c88beed40ab32c64d88cb22dc8b2e5c44147c041bfdf1ff3
90412500100b0ffa54a48e35b9c661a2ec0bf4c01e9109850a2b421a56018dcd
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
951aa69ed3915e33bf3b0e1b554a522c8b554ff51a261459cbd019a993758722
9621765b803e84e34f03982925163a517ae8d8566e9e9ec073a53b0b78ba2f46
96fb684a980ad437d26a62aed94c39d5ff36edbe79045526169012fd3b67581d
97868c6b5e85b8f19fcdacaf8d4f48b48b3ac0c069f47ebb3bfb6a8db9ffe0bb
988583e54bdd8fd00155e48a5bcf07eb4f466fdf52cb89fef5e3ad0ff93f5c5c
98c28e555bcb2298195f1689f1ff9b9597ba5851b6edfe074ab0e2369ed761db
9b18af21dd16b136561c0de95f10d50f757011e8134eb2e6598d5e775bbad365
9db5cadcc1af72912749ac4447c230dc653d13742fbd65d26715e24beaf5c4f2
9edab6942575e163b906096714fd3c4c8605230e958aaeaeadd41d39e67fd8fb
a15dc7997a9fba2446f8cebaf91570fe90113ab7db087b833dcb1e173856ee11
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a67dc3ae2d929dc9ad84015048c1cb8942d4ed6f1313bc69217bf53f932ccd8b
a73cd60e358dcf7b48c5b160cdc15711c9f282722a0c6450d25f8e5c7e684711
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abe0770fb1e0b7f9318fc39835ee3ea4897972e26f82c9489c93c396f9e0195f
acf3026aacce0aa7cdd2001b1bdebab83fab339ff8773e000234328caf1d1c08
aeab07d6553670171c47548bde74bd3e59a0ddeaafe4abc932fcb7f4aebed850
b03a66cf3c1b8d1757cb7fb0268c86aae035e91a39e18cb571f8fcc3508e1f4d
b1d0e0d53e4d6659b47f5999a5650d1c7d4aa5a046a50a5154fc11f9c62d5064
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b47f73b6230785ea5222dea9ac5d77f15e60eed62c8c973165b2d1a8fb2140f6
b54159c8d09e802b26429bb0ac65692a99bf1298744a1708e6160dff0696d70d
b61ae62aa3ae9668832bc72ec6c140e29949eef78997fd11e44ed3a2b9e4e57f
b841fc1d7577dcc99d8bb754f41a023b2da6cbc1a42a06440f8f0c837bba0fe0
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
be8acbc831b2f91f24daa55a3242f5c17083f9dd00ae17b73c905970d21c640c
bfcbbacb1a0bf0884943112664226de94917f611c2fc63583b304efaf2c380ff
c0e56b4c6d6603c198bb6f92d0cf363bef3c7e9d7d95080494263e8946b57b1c
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c746f928daf4ae8e420af0ebe89765e47f0eb46a412643692847073981700e94
c77a44c4da8a5d78e2f0533d8cb87dc25b287764d25e3e90617ae56e24150b0e
c7da3cafa5c1fb0c54382ede4deab223108f61030503ed10df23e8d13320a3b0
c81a65a52a371bf743ec94b53e57af01b109123ab7a8bdb93c7e4f0070d2b6ad
c8d1776d07b494f3d37cd1f7f89bd2ae009cce480b0412f9fc56e4b8b7b4c82f
c8e98ebe64290167bcf36d402c831b76a41f136e906d6aa0b5e2565018b28f30
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
ced4f18f0603db2d15a5836d88a5ba7afbaf6604318e6b3f15a7d4ff94876ec1
cfaf611f57352c8aed11d94f8b336f5bc704d4dc650e82d08028095a1457f717
d066e723cb0d1b43666fcf95be76e34c6f4cb7e4bca61e6d7209ac3be4b9e098
d068af5c09c1417e301e13b2c90fa877e0a24e0baae8160b6b77f1650486eb13
d1b335fcaa204a9cb788eddbbd74afef06e10a31f668b1b1b8a340a961cad909
d5d0019c0b46fe0fb14491d2b67390e5ec60949c44c16098d3ad9addb8da8f30
d60a686cd7370edab09d15beae24b7fa637b0f4cb76ecda4bf774242afd6fb54
d9bcdbee0dc3f16a7a66529964f6bbf7ab3ad8080dbbe3a2a8d8e5df152f4757
da93435f052039be385579c40504882a919568a98cfa1479f91062e7325bfa5d
de56a4d4bbf6b9ad0cb4d63f0631cf8b52bfc1c33cbc8296afa06f632edb87d3
dfbd0f623d9cdbb97a6af1fee751ed39c9d96a41cce4dc5f969b3cd8f1526982
e07ae9065a6851a6f0e78b43e3c94bbbce40244a18458cc63556a14f5fe9ef9f
e29e8cb21e6e794d5730c029d3996dc8e79b0841d7bb32cdd10ae34d4fb64760
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42e012a2994f478399515cc019f1e20e95062f3d5bef9d02b68b0b993f05500
e579549524c1f18186762b4ed03619f6fbc4d2733b0b9316daa7a50ad948985c
e7404b33ccac2f74ecce9f42b22845d416bf4fc979a663803e53f55041cd9977
e79af3c88b8bcd82887bf31e88567f29e0663a4383ca843cfc18101de6b94b18
e8c202ea20c50184d7884ee2cf8504fef6a7d90daaf1a2e204a729a45bc2ecf7
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
ea6595812ff39fb9a919c200cfe30a278158ab726449fc1c1087ad7a5f2edc5d
eb0bdd2e0220c17ad2debf393ca187e2c55feb48948a1cc8988eb05188012c5a
ecbdb5a1c625a83fbb8a28cb2ae0c4e03e17b9cdd93810f40a2df99b26a3ecaf
eccfa2bd7cc6ed65e9fd903759e40fe4d70fed32c0b118cab602501b1f9589af
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f07eb73186bcd03293c8ba3ec7ff0de6e15744601fc12ce25644b2fcb7ce5166
f0ef9a55a9db8fc1b33759d8710ae51989a674b578bbd75db33bf24fb0af60e8
f13003db3e164a3c0569774fdfcd1a86f3f347571ec8c172db37b3d5369b3383
f2bdde53691eb4a8c2f9fe7d78063a7a3c12b203e3358e426b5cadebb9f3d933
f44dadc71283451a7636ed07beef6cb01b68ee282e2a2c338a30c549f151a3a1
f4cc2ceca59e1f16069530e71e2733d0097d204ae3a7c16069e6fc5653d2b23f
f5574b3bc1af391a0027b7bd6db7c2abdbb9bf84007935ade40a0e22c010deac
f7ee43137c12f6145726fc8440dd4aefc7d3f0e09819d92d6e622ac219a6f3a9
f8717805bc8b332cc1b74b0ea769a598e25fd00add2c87c1bb4e6b4eed50d964
fc7d8ebd867551f9ed4de2bf6342215664372aa7c664b63d79fc23e9d84b5bfc
fcee27fcae742ea07b1d556a82beedb5a6f75f097bd4fe8f1d3a4ec705e17a2e

www.simons.ca Open in urlscan Pro 104.17.217.25 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

224 Requests

100 %HTTPS

50 %IPv6

27 Domains

41 Subdomains

38 IPs

5 Countries

3820 kBTransfer

9437 kBSize

47 Cookies

8 Outgoing links

Page URL History

Redirected requests

224 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.simons.ca Open in urlscan Pro
104.17.217.25 Public Scan

Screenshot
Live screenshot

Full Image

224
Requests

100 %
HTTPS

50 %
IPv6

27
Domains

41
Subdomains

38
IPs

5
Countries

3820 kB
Transfer

9437 kB
Size

47
Cookies

224 HTTP transactions
1 data transactions