urlscan.io logo urlscan.io
SecurityTrails logo

identity.auth.atb.com Open in urlscan Pro
107.162.183.6  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.atbonline.com/ATB/login.aspx
Effective URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklS...
Submission: On January 24 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 2 countries across 10 domains to perform 47 HTTP transactions. The main IP is 107.162.183.6, located in United States and belongs to DEFENSE-NET, US. The main domain is identity.auth.atb.com. The Cisco Umbrella rank of the primary domain is 646338.
TLS certificate: Issued by Entrust Certification Authority - L1K on June 28th 2022. Valid for: a year.
This is the only time identity.auth.atb.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 142.241.241.10 14873 (ATB)
17 34.107.145.12 396982 (GOOGLE-CL...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 35.241.48.88 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
5 151.101.65.35 54113 (FASTLY)
1 3 107.162.183.6 55002 (DEFENSE-NET)
1 104.127.185.153 16625 (AKAMAI-AS)
4 2606:4700:e2:... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
2 34.120.4.36 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
47 14
2    142.241.241.10 (Calgary, Canada)

ASN14873 (ATB, CA)
www.atbonline.com
17    34.107.145.12 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 12.145.107.34.bc.googleusercontent.com
personal.atb.com
2    2607:f8b0:4006:80c::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700::6810:f577 (United States)

ASN13335 (CLOUDFLARENET, US)
www.atb.com
2    35.241.48.88 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 88.48.241.35.bc.googleusercontent.com
ws1.postescanada-canadapost.ca
1    2607:f8b0:4006:823::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
5    151.101.65.35 (United States)

ASN54113 (FASTLY, US)
c.paypal.com
3    107.162.183.6 (United States)

ASN55002 (DEFENSE-NET, US)
identity.auth.atb.com
1    104.127.185.153 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-127-185-153.deploy.static.akamaitechnologies.com
cloud.typography.com
4    2606:4700:e2::ac40:850f (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
2    2607:f8b0:4006:81f::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    34.120.4.36 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.4.120.34.bc.googleusercontent.com
verify.auth.atb.com
1    2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
4    2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)
firebaseinstallations.googleapis.com
firebaseremoteconfig.googleapis.com
Apex Domain
Subdomains		 Transfer
23 atb.com
personal.atb.com
www.atb.com — Cisco Umbrella Rank: 581477
identity.auth.atb.com — Cisco Umbrella Rank: 646338
verify.auth.atb.com
5 MB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
firebaseinstallations.googleapis.com — Cisco Umbrella Rank: 594
firebaseremoteconfig.googleapis.com — Cisco Umbrella Rank: 502
5 KB
5 paypal.com
c.paypal.com — Cisco Umbrella Rank: 5770
chd.stats.paypal.com Failed
c6.paypal.com Failed
43 KB
4 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 846
88 KB
2 postescanada-canadapost.ca
ws1.postescanada-canadapost.ca — Cisco Umbrella Rank: 69485
26 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 41
122 KB
2 atbonline.com
www.atbonline.com — Cisco Umbrella Rank: 931821
256 B
1 gstatic.com
fonts.gstatic.com
17 KB
1 typography.com
cloud.typography.com — Cisco Umbrella Rank: 6097
254 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 22
245 B
47 10
Domain Requested by
17 personal.atb.com personal.atb.com
identity.auth.atb.com
5 c.paypal.com personal.atb.com
c.paypal.com
4 use.fontawesome.com identity.auth.atb.com
use.fontawesome.com
3 identity.auth.atb.com 1 redirects personal.atb.com
identity.auth.atb.com
2 firebaseremoteconfig.googleapis.com identity.auth.atb.com
2 firebaseinstallations.googleapis.com identity.auth.atb.com
2 verify.auth.atb.com identity.auth.atb.com
2 fonts.googleapis.com identity.auth.atb.com
client
2 ws1.postescanada-canadapost.ca personal.atb.com
2 www.googletagmanager.com personal.atb.com
identity.auth.atb.com
2 www.atbonline.com 2 redirects
1 fonts.gstatic.com fonts.googleapis.com
1 cloud.typography.com identity.auth.atb.com
1 www.google-analytics.com www.googletagmanager.com
1 www.atb.com personal.atb.com
0 c6.paypal.com Failed
0 chd.stats.paypal.com Failed
47 17

This site contains links to these domains. Also see Links.

Domain
www.atb.com
Subject Issuer Validity Valid
personal.atb.com
Entrust Certification Authority - L1K		 2022-09-11 -
2023-10-11		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh
www.atb.com
Entrust Certification Authority - L1K		 2023-01-04 -
2024-01-25		 a year crt.sh
ws1.postescanada-canadapost.ca
Entrust Certification Authority - L1K		 2022-03-15 -
2023-03-28		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2022-11-10 -
2023-11-10		 a year crt.sh
*.auth.atb.com
Entrust Certification Authority - L1K		 2022-06-28 -
2023-07-27		 a year crt.sh
*.typography.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-04-03 -
2023-04-03		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-06 -
2023-06-05		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Frame ID: 1EA8EE7F46F813D5E536FA7B40470351
Requests: 40 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: BE5DBD0C851C60952FA1C80DB9F091F1
Requests: 5 HTTP requests in this frame

Frame: https://chd.stats.paypal.com/v2/counter2.cgi?p=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda
Frame ID: 8D3E0EE741CFFC5418F71276C7158918
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ATB Personal BankingClear buttonClear buttonShow button

Page URL History Show full URLs

  1. https://www.atbonline.com/ATB/login.aspx HTTP 302
    https://personal.atb.com/ Page URL
  2. https://identity.auth.atb.com/authorize?audience=https%3A%2F%2Fapi.atb.com%2F&client_id=zhAxiOFv6c5fC4niGA... HTTP 302
    https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3Rp... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

47
Requests

91 %
HTTPS

50 %
IPv6

10
Domains

17
Subdomains

14
IPs

2
Countries

5005 kB
Transfer

6099 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.atbonline.com/ATB/login.aspx HTTP 302
    https://personal.atb.com/ Page URL
  2. https://identity.auth.atb.com/authorize?audience=https%3A%2F%2Fapi.atb.com%2F&client_id=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&state=SlYtS1lWMTFjZ3ktcHNKTGdUV1JRZDVpb2g0NVBRc2JMNjFPZzBVdklZeQ%3D%3D&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9 HTTP 302
    https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.atbonline.com/ATB/login.aspx HTTP 302
  • https://personal.atb.com/
Request Chain 23
  • https://b.stats.paypal.com/v2/counter.cgi?p=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda HTTP 302
  • https://chd.stats.paypal.com/v2/counter2.cgi?p=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda
Request Chain 30
  • https://www.atbonline.com/ATB/Themes/558450/5744869DEF9B13858.css HTTP 302
  • https://personal.atb.com/

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
personal.atb.com/
Redirect Chain
  • https://www.atbonline.com/ATB/login.aspx
  • https://personal.atb.com/
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
23d2f5d9f8ee87743e41b0a0dda24a81be734d9cb8118e2648c5d04491af5cb8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2705
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
content-type
text/html
date
Tue, 24 Jan 2023 15:55:01 GMT
etag
"63c0d084-a91"
last-modified
Fri, 13 Jan 2023 03:31:16 GMT
server
nginx/1.17.7
strict-transport-security
max-age=15768000; includeSubDomains; preload
via
1.1 google
x-content-type-options
nosniff
x-frame-options
deny
x-xss-protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://personal.atb.com
Server
BigIP
prodEnvConfig.js
personal.atb.com/assets/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/scripts/prodEnvConfig.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
e36a1fa944a2cf64e5e2f63403b9255d3dfb833c7d8fb5906858538675f36cff
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-4de"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1246
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/ 		215 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-C84DLBZWXT
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1e18db5b3ed3453d32282c60eaf16b47359b32acf370ac0390fa42d36bed54b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
77051
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 24 Jan 2023 15:55:01 GMT
gaInit.js
personal.atb.com/assets/scripts/ 		245 B
327 B 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/scripts/gaInit.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
8c6aed849a1905bcbfd003ec51ad4339ac8e239dc48dff2c8f11168f5abcd36b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-f5"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
245
x-xss-protection
1; mode=block
rsa.js
personal.atb.com/assets/scripts/ 		38 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/scripts/rsa.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
7f91e443482a6f9c755c7c1fe7b96cd2cc7bbfce2a1e6710cfc2774a31f34be6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-96c8"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38600
x-xss-protection
1; mode=block
qualtrics.js
personal.atb.com/assets/scripts/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/scripts/qualtrics.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
9049b6cd2a18d27e2794ef8258ff3ff785ec341b52dcd255d512977036951bc7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-847"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2119
x-xss-protection
1; mode=block
index.css
personal.atb.com/ 		739 B
828 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/index.css
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
40a7f0dc9ecd558b2da98bb67d3257184530e713474922fde3254cfdcd21751c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-2e3"
x-frame-options
deny
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
739
x-xss-protection
1; mode=block
index.css
www.atb.com/Static/fonts/ 		8 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.atb.com/Static/fonts/index.css
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f577 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
987449e4b4b047f1d50a5d348541f0ad0f5b586dfaeed91af0ccca7d24dee6a7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; report-uri https://csp.atbaux.com/csp-error; default-src 'none'; connect-src 'self' https: https://tr.snapchat.com https://www.atb.com/ https://www.facebook.com https://ajax.googleapis.com https://forms.hsforms.com/emailcheck/v1/ https://ct.pinterest.com/md/ https://web-atbva-uat.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-prod.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-uat.k8s-prod-na.finn.ai/subscriptions/finnChat/ https://msg-atbva-prod.k8s-prod-na.finn.ai/subscriptions/finnChat/ wss://msg-atbva-uat.k8s-prod-na.finn.ai/ wss://msg-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-prod.k8s-prod-na.finn.ai/ https://cdn.siteimprove.net https://superscribe.atbaux.com https://api.genesyscloud.com https://www.google-analytics.com/ https://dc.services.visualstudio.com/v2/track https://siteintercept.qualtrics.com https://atb.postclickmarketing.com https://interactive.atb.com https://vimeo.com https://rates.atbaux.com/ https://tags.srv.stackadapt.com/ https://ct.pinterest.com/user/ https://q.quora.com/ https://stats.g.doubleclick.net https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://bat.bing.com https://analytics.google.com https://eu.srv.stackadapt.com https://www.google.ca/ads/ga-audiences https://www.google.com/pagead/landing https://s.yimg.com https://maps.googleapis.com https://api.hubapi.com; base-uri 'none'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action https://www.facebook.com https://tr.snapchat.com https://forms.hsforms.com https://tr.snapchat.com/p https://tr.snapchat.com/cm/i https://feedback.atb.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://cloud.typography.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/styles/styles.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://optimize.google.com/optimize/editor/css/css.css; script-src 'self' https: https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/ https://www.google-analytics.com https://tagmanager.google.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://maps.googleapis.com/maps/api/js https://adservice.google.com/ https://adservice.google.com/* https://www.google.com/ads/ga-audiences https://js.hs-scripts.com/4764334.js https://js.hsforms.net/forms/v2.js https://forms.hsforms.com/ https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/ https://znbd9nr9vkcjqslin-atbfeedback.siteintercept.qualtrics.com https://dl.episerver.net/13.2.4/epi-util/find.js https://js.hs-analytics.net/analytics/1563383400000/4764334.js https://www.workable.com/api/accounts/377831 https://www.workable.com/assets/embed.js https://extend.vimeocdn.com/ga/10780070.js https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com/WRSiteInterceptEngine/ https://code.jquery.com/jquery-3.4.1.min.js https://sc-static.net/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.youtube.com/s/player/* https://cdn.jsdelivr.net/npm/vue@2.6.10/dist/vue.runtime.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ https://a.quora.com/qevents.js https://tags.srv.stackadapt.com/events.js https://east.srv.stackadapt.com/events.js https://uw.srv.stackadapt.com/events.js https://eu.srv.stackadapt.com/events.js https://platform.twitter.com/oct.js https://static.ads-twitter.com/oct.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://secure.quantserve.com/quant.js https://edge.quantserve.com/quant.js https://js.hs-banner.com https://apply.workable.com https://www.google.com/ads/ga-audiences* https://s.mitaa.io/dtag.min.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.2.min.js http://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/ https://js.hs-banner.com/4764334.js https://bat.bing.com clarity.microsoft.com https://9897839.fls.doubleclick.net https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/bundle.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/config.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://siteimproveanalytics.com/js/siteanalyze_77682.js https://siteimproveanalytics.com/ 'sha256-AoNQZpaRmemSTxMy9xcqXX5VLwI6IMPYugO7bFHOW+U=' 'sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=' 'sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=' 'sha256-27gTObPp0STAt+fV8fwrG9pRwkVFaEg7ZHzBv6L0yto=' 'sha256-2bKthQiZc2RXXJ2zuNdQgergsosNJNO0j0pY5/AMUKE=' 'sha256-3ZrSyKXyfCBhxmUPydg8a9mgpCxBzKb9p2d6IFRh3+Q=' 'sha256-kiNksdOX+M4g0/nMTqaTImuB/PHpOdvlQF6VaBmvnoE=' 'sha256-fmBnciP22+IeufKiwett0ScrQcvXA2ltLjO5AkOn/eQ=' 'sha256-GxB2ppK+t1dQ/6WHfZRc7UJL/ct7a59qHKzBE/c1SzE=' 'sha256-kN2TxtGds1lhWybMfEoIXWeS4x4Enya8DiiyBAbeyHs=' 'sha256-olgZwKESUKBk5MwFwAYxCIamu4KAcRjk5VqnZxOlat0=' 'sha256-rXnvrupdVgmIsBg96vSU/gV2uQjZSH3AKma5y9FlGaU=' 'nonce-XeorSH6R9QnyLcefKo7JrLldfWDUiuCpPWLKY7mw5+4='; img-src 'self' data: *; frame-src https://www.facebook.com https://tr6.snapchat.com https://www.pinterest.com https://tr.snapchat.com https://verify.auth.atb.com/ https://verify-uat.auth-dev.atb.com/ https://www.googletagmanager.com https://va.atb.com/ https://virtual-assist-prod.atb.com/ https://virtual-assist-uat.atb.com/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai/ https://identity-prod.auth-dev.atb.com/ https://identity.auth.atb.com/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai/ https://identity-uat.auth-dev.atb.com/ https://8389598.fls.doubleclick.net/ https://www.google.com https://stats.g.doubleclick.net/ https://siteintercept.qualtrics.com/ https://feedback.atb.com/ https://www.youtube.com/ https://player.vimeo.com/ https://atb.postclickmarketing.com/ https://interactive.atb.com/ https://forms.hsforms.com/ https://tr.snapchat.com/ https://www.atbonline.com/ https://app.hubspot.com/ https://9897839.fls.doubleclick.net https://bid.g.doubleclick.net/ https://10829704.fls.doubleclick.net/ https://finn-demo-assets.finn.ai/ https://personal.atb.com/ https://www.pinterest.ca/ https://ct.pinterest.com/ https://optimize.google.com/; manifest-src 'self'; child-src 'none'; object-src 'self';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests; report-uri https://csp.atbaux.com/csp-error; default-src 'none'; connect-src 'self' https: https://tr.snapchat.com https://www.atb.com/ https://www.facebook.com https://ajax.googleapis.com https://forms.hsforms.com/emailcheck/v1/ https://ct.pinterest.com/md/ https://web-atbva-uat.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-prod.k8s-prod-na.finn.ai/api/v1/finn-chat/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-uat.k8s-prod-na.finn.ai/subscriptions/finnChat/ https://msg-atbva-prod.k8s-prod-na.finn.ai/subscriptions/finnChat/ wss://msg-atbva-uat.k8s-prod-na.finn.ai/ wss://msg-atbva-prod.k8s-prod-na.finn.ai/ https://msg-atbva-prod.k8s-prod-na.finn.ai/ https://cdn.siteimprove.net https://superscribe.atbaux.com https://api.genesyscloud.com https://www.google-analytics.com/ https://dc.services.visualstudio.com/v2/track https://siteintercept.qualtrics.com https://atb.postclickmarketing.com https://interactive.atb.com https://vimeo.com https://rates.atbaux.com/ https://tags.srv.stackadapt.com/ https://ct.pinterest.com/user/ https://q.quora.com/ https://stats.g.doubleclick.net https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://bat.bing.com https://analytics.google.com https://eu.srv.stackadapt.com https://www.google.ca/ads/ga-audiences https://www.google.com/pagead/landing https://s.yimg.com https://maps.googleapis.com https://api.hubapi.com; base-uri 'none'; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; form-action https://www.facebook.com https://tr.snapchat.com https://forms.hsforms.com https://tr.snapchat.com/p https://tr.snapchat.com/cm/i https://feedback.atb.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://cloud.typography.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/styles/styles.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://optimize.google.com/optimize/editor/css/css.css; script-src 'self' https: https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.googletagmanager.com/ https://www.google-analytics.com https://tagmanager.google.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://maps.googleapis.com/maps/api/js https://adservice.google.com/ https://adservice.google.com/* https://www.google.com/ads/ga-audiences https://js.hs-scripts.com/4764334.js https://js.hsforms.net/forms/v2.js https://forms.hsforms.com/ https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/ https://znbd9nr9vkcjqslin-atbfeedback.siteintercept.qualtrics.com https://dl.episerver.net/13.2.4/epi-util/find.js https://js.hs-analytics.net/analytics/1563383400000/4764334.js https://www.workable.com/api/accounts/377831 https://www.workable.com/assets/embed.js https://extend.vimeocdn.com/ga/10780070.js https://zn5hxoymepfxxwpmj-atbfeedback.siteintercept.qualtrics.com/WRSiteInterceptEngine/ https://code.jquery.com/jquery-3.4.1.min.js https://sc-static.net/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/i/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.youtube.com/s/player/* https://cdn.jsdelivr.net/npm/vue@2.6.10/dist/vue.runtime.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/ https://a.quora.com/qevents.js https://tags.srv.stackadapt.com/events.js https://east.srv.stackadapt.com/events.js https://uw.srv.stackadapt.com/events.js https://eu.srv.stackadapt.com/events.js https://platform.twitter.com/oct.js https://static.ads-twitter.com/oct.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://secure.quantserve.com/quant.js https://edge.quantserve.com/quant.js https://js.hs-banner.com https://apply.workable.com https://www.google.com/ads/ga-audiences* https://s.mitaa.io/dtag.min.js https://ionfiles.scribblecdn.net/scripts/ionizer-1.2.min.js http://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/ https://js.hs-banner.com/4764334.js https://bat.bing.com clarity.microsoft.com https://9897839.fls.doubleclick.net https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/bundle.js https://web-atbva-uat.k8s-prod-na.finn.ai/webchat/static/config.js https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://siteimproveanalytics.com/js/siteanalyze_77682.js https://siteimproveanalytics.com/ 'sha256-AoNQZpaRmemSTxMy9xcqXX5VLwI6IMPYugO7bFHOW+U=' 'sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=' 'sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=' 'sha256-27gTObPp0STAt+fV8fwrG9pRwkVFaEg7ZHzBv6L0yto=' 'sha256-2bKthQiZc2RXXJ2zuNdQgergsosNJNO0j0pY5/AMUKE=' 'sha256-3ZrSyKXyfCBhxmUPydg8a9mgpCxBzKb9p2d6IFRh3+Q=' 'sha256-kiNksdOX+M4g0/nMTqaTImuB/PHpOdvlQF6VaBmvnoE=' 'sha256-fmBnciP22+IeufKiwett0ScrQcvXA2ltLjO5AkOn/eQ=' 'sha256-GxB2ppK+t1dQ/6WHfZRc7UJL/ct7a59qHKzBE/c1SzE=' 'sha256-kN2TxtGds1lhWybMfEoIXWeS4x4Enya8DiiyBAbeyHs=' 'sha256-olgZwKESUKBk5MwFwAYxCIamu4KAcRjk5VqnZxOlat0=' 'sha256-rXnvrupdVgmIsBg96vSU/gV2uQjZSH3AKma5y9FlGaU=' 'nonce-XeorSH6R9QnyLcefKo7JrLldfWDUiuCpPWLKY7mw5+4='; img-src 'self' data: *; frame-src https://www.facebook.com https://tr6.snapchat.com https://www.pinterest.com https://tr.snapchat.com https://verify.auth.atb.com/ https://verify-uat.auth-dev.atb.com/ https://www.googletagmanager.com https://va.atb.com/ https://virtual-assist-prod.atb.com/ https://virtual-assist-uat.atb.com/ https://web-atbva-prod.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-prod.k8s-prod-na.finn.ai/ https://identity-prod.auth-dev.atb.com/ https://identity.auth.atb.com/ https://web-atbva-uat.k8s-prod-na.finn.ai/ https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai https://bank-api-gateway-atbva-uat.k8s-prod-na.finn.ai/ https://identity-uat.auth-dev.atb.com/ https://8389598.fls.doubleclick.net/ https://www.google.com https://stats.g.doubleclick.net/ https://siteintercept.qualtrics.com/ https://feedback.atb.com/ https://www.youtube.com/ https://player.vimeo.com/ https://atb.postclickmarketing.com/ https://interactive.atb.com/ https://forms.hsforms.com/ https://tr.snapchat.com/ https://www.atbonline.com/ https://app.hubspot.com/ https://9897839.fls.doubleclick.net https://bid.g.doubleclick.net/ https://10829704.fls.doubleclick.net/ https://finn-demo-assets.finn.ai/ https://personal.atb.com/ https://www.pinterest.ca/ https://ct.pinterest.com/ https://optimize.google.com/; manifest-src 'self'; child-src 'none'; object-src 'self';
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
age
40552
x-powered-by
ASP.NET
content-length
944
x-xss-protection
1; mode=block
request-context
appId=cid-v1:4bfe3162-8ed7-4ce8-a697-b34850a88b82
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 01 Sep 2022 13:50:48 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
report-to
{"group":"default","max_age":31536000,"endpoints":[{"url":"https://atbtest.report-uri.com/a/d/g"}],"include_subdomains":true}
access-control-expose-headers
Request-Context
cache-control
public,max-age=86400
accept-ranges
bytes
cf-ray
78e9f3799e95ecee-YUL
Inter-Regular.ttf
personal.atb.com/assets/fonts/Inter/ 		303 KB
303 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/fonts/Inter/Inter-Regular.ttf
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
41ab0f707a2bfab8133ccdfcdab52282f5f79e5751f43a264805451c7bb95fb8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Origin
https://personal.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-4ba44"
x-frame-options
deny
content-type
text/plain
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
309828
x-xss-protection
1; mode=block
Inter-Bold.ttf
personal.atb.com/assets/fonts/Inter/ 		309 KB
309 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/fonts/Inter/Inter-Bold.ttf
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
790c108befe859dac2ddbd20af3fbb6917c601b3d544c8a05761519f3b5508fe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Origin
https://personal.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-4d2c4"
x-frame-options
deny
content-type
text/plain
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
316100
x-xss-protection
1; mode=block
Inter-SemiBold.ttf
personal.atb.com/assets/fonts/Inter/ 		308 KB
309 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/fonts/Inter/Inter-SemiBold.ttf
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
e8cbc2b88bc4268237ff5e251776d3c54edcb14e015a9e66e4883bde4b55f13f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Origin
https://personal.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-4d16c"
x-frame-options
deny
content-type
text/plain
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
315756
x-xss-protection
1; mode=block
ATB-TT-Norms-Bold.ttf
personal.atb.com/assets/fonts/ATB_TT_Norms/ 		225 KB
226 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/fonts/ATB_TT_Norms/ATB-TT-Norms-Bold.ttf
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
96bb447987a336093996215e1bc19275bcc84590ef562cb9d8473ce9b0630b1e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Origin
https://personal.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-38554"
x-frame-options
deny
content-type
text/plain
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
230740
x-xss-protection
1; mode=block
ATB-TT-Norms-ExtraBold.ttf
personal.atb.com/assets/fonts/ATB_TT_Norms/ 		225 KB
225 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/assets/fonts/ATB_TT_Norms/ATB-TT-Norms-ExtraBold.ttf
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
42960a784b3bd2162275cc0358de874823617fa6ca14fceef45dd1055bd2c3e6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Origin
https://personal.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:42:09 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0301-382f4"
x-frame-options
deny
content-type
text/plain
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
230132
x-xss-protection
1; mode=block
addresscomplete-2.30.min.css
ws1.postescanada-canadapost.ca/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ws1.postescanada-canadapost.ca/css/addresscomplete-2.30.min.css?key=JE31-YZ72-KW38-PG11
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.48.88 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
88.48.241.35.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
390aedf9dffdc7e733a78d53636d60fd7e427765e21b422df68efba64f0180f5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.2
content-type
text/css;charset=UTF-8
cache-control
public
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2047
addresscomplete-2.30.min.js
ws1.postescanada-canadapost.ca/js/ 		86 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws1.postescanada-canadapost.ca/js/addresscomplete-2.30.min.js?key=JE31-YZ72-KW38-PG11
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.48.88 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
88.48.241.35.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
f7142608137571fa30d3626aeeef3ba3cc1203a9c7c2f3bfdb0859055fcacb27

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-encoding
gzip
via
1.1 google
server
nginx/1.20.2
content-type
text/javascript;charset=UTF-8
cache-control
public
x-robots-tag
noindex
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24292
7.9cc3d630.chunk.css
personal.atb.com/static/css/ 		515 KB
516 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/static/css/7.9cc3d630.chunk.css
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
15433806537e760d7d1052f0edf32c663b79b38b82494ad2bb7b50fb3288c614
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:44:25 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0389-80b63"
x-frame-options
deny
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
527203
x-xss-protection
1; mode=block
main.dbf9e1a9.chunk.css
personal.atb.com/static/css/ 		195 KB
196 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/static/css/main.dbf9e1a9.chunk.css
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
f94a0bd5d4c915dd7e1c6739f15b31d571ff441d4f5e62029734e25ac69fd6e9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:44:25 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0389-30deb"
x-frame-options
deny
content-type
text/css
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
200171
x-xss-protection
1; mode=block
runtime~main.057a19d7.js
personal.atb.com/static/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/static/js/runtime~main.057a19d7.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
1ee374bf73203b1a8c380da90f45e3b3454de52abf20a3ef2d69125c5e404099
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:44:25 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0389-f3c"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3900
x-xss-protection
1; mode=block
7.94cf4ec5.chunk.js
personal.atb.com/static/js/ 		2 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/static/js/7.94cf4ec5.chunk.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
98f6b4f4da738f024afca6ae46ce09c2547044aa1401a113dd0fc12fa93766cb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:44:25 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0389-18c55f"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1623391
x-xss-protection
1; mode=block
main.b2fefc48.chunk.js
personal.atb.com/static/js/ 		308 KB
309 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/static/js/main.b2fefc48.chunk.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
55b488007da6bb6a78f753e631556ed5d368e2e462e43e71ea74010bcc67ced5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:01 GMT
content-security-policy
default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
last-modified
Wed, 11 Jan 2023 18:44:25 GMT
server
nginx/1.17.7
via
1.1 google
etag
"63bf0389-4d1fe"
x-frame-options
deny
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
315902
x-xss-protection
1; mode=block
collect
www.google-analytics.com/g/ 		0
245 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-C84DLBZWXT&gtm=2oe1n0&_p=1007128290&cid=1911414916.1674575702&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1674575702&sct=1&seg=0&dl=https%3A%2F%2Fpersonal.atb.com%2F&dt=&en=scroll&_fv=1&_nsi=1&_ss=1&epn.percent_scrolled=90
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-C84DLBZWXT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 24 Jan 2023 15:55:02 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://personal.atb.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fb.js
c.paypal.com/da/r/ 		58 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/static/js/main.b2fefc48.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ECAcc (nya/7974) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://personal.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-cache-hits
411939
date
Tue, 24 Jan 2023 15:55:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 varnish
age
1713515
x-cache
HIT, HIT
paypal-debug-id
b0a65fb5c69b2
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
20336
x-served-by
cache-yul12830-YUL
last-modified
Tue, 20 Dec 2022 17:16:51 GMT
server
ECAcc (nya/7974)
traceparent
00-0000000000000000000b0a65fb5c69b2-8e3f2547808d26dc-01
x-timer
S1674575702.488888,VS0,VE1
etag
"63a1ee03-e9eb"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=86400
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jan 2023 15:55:02 GMT
Primary Request login
identity.auth.atb.com/
Redirect Chain
  • https://identity.auth.atb.com/authorize?audience=https%3A%2F%2Fapi.atb.com%2F&client_id=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&pla...
  • https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHR...
923 KB
324 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Requested by
Host: personal.atb.com
URL: https://personal.atb.com/static/js/7.94cf4ec5.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.183.6 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
8aea5e6e7b9cf3d1f95a3c1f9add9e97994353b1379cd630e16560419ebaa8b7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
no-store, max-age=0, no-transform
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 24 Jan 2023 15:55:02 GMT
ETag
W/"e6cd9-gfE00khDvhGAtzGjY1wXxFdQWtc"
Pragma
no-cache
Referrer-Policy
same-origin
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 dca1-bit11044
X-Auth0-RequestId
9f0000dfb388705981c8
X-Content-Type-Options
nosniff
X-Robots-Tag
noindex, nofollow noindex, nofollow, nosnippet, noarchive
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, max-age=0, no-transform
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Tue, 24 Jan 2023 15:55:02 GMT
Location
/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Pragma
no-cache
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains
Transfer-Encoding
chunked
Vary
Accept, Accept-Encoding
Via
1.1 dca1-bit11044
X-Auth0-RequestId
f6a5888c0f80cb23bd74
X-Robots-Tag
noindex, nofollow, nosnippet, noarchive
i
c.paypal.com/v1/r/d/ Frame BE5D 		160 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://personal.atb.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
accept-ranges
none
cache-control
max-age=0, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy-report-only
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type
text/html;charset=UTF-8
correlation-id
de49b3f09c2fa
date
Tue, 24 Jan 2023 15:55:02 GMT
origin-trial
A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id
de49b3f09c2fa
server-timing
content-encoding;desc="br",x-cdn;desc="fastly"
strict-transport-security
max-age=63072000; includeSubDomains; preload
timing-allow-origin
*
traceparent
00-0000000000000000000de49b3f09c2fa-0c45514cc08ac11a-01
vary
Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-content-type-options
nosniff
x-served-by
cache-lax10634-LGB, cache-yul12830-YUL
x-timer
S1674575703.519508,VS0,VE119
x-xss-protection
1; mode=block
counter2.cgi
chd.stats.paypal.com/v2/ Frame 8D3E
Redirect Chain
  • https://b.stats.paypal.com/v2/counter.cgi?p=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda
  • https://chd.stats.paypal.com/v2/counter2.cgi?p=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda
0
0
fb.js
c.paypal.com/da/r/ Frame BE5D 		58 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/da/r/fb.js
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
ECAcc (nya/7974) /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

x-cache-hits
411940
date
Tue, 24 Jan 2023 15:55:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 varnish
age
1713515
x-cache
HIT, HIT
paypal-debug-id
b0a65fb5c69b2
server-timing
content-encoding;desc="gzip",x-cdn;desc="fastly"
dc
ccg11-origin-www-1.paypal.com
content-length
20336
x-served-by
cache-yul12830-YUL
last-modified
Tue, 20 Dec 2022 17:16:51 GMT
server
ECAcc (nya/7974)
traceparent
00-0000000000000000000b0a65fb5c69b2-8e3f2547808d26dc-01
x-timer
S1674575703.669523,VS0,VE1
etag
"63a1ee03-e9eb"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=86400
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Jan 2023 15:55:02 GMT
p1
c.paypal.com/v1/r/d/b/ Frame BE5D 		125 B
837 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/b/p1
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 24 Jan 2023 15:55:02 GMT
via
1.1 varnish, 1.1 varnish
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
MISS, MISS
p3p
policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id
419f6bce980f1
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
content-length
125
x-served-by
cache-sna10747-LGB, cache-yul12830-YUL
correlation-id
419f6bce980f1
traceparent
00-0000000000000000000419f6bce980f1-218ca04bf8b95a3c-01
content-type
application/json
cache-control
max-age=0, no-cache, no-store, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
e
c.paypal.com/v1/r/d/b/ Frame BE5D 		0
243 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.paypal.com/v1/r/d/b/e
Requested by
Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.35 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

x-served-by
cache-lax10653-LGB, cache-yul12830-YUL
date
Tue, 24 Jan 2023 15:55:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
correlation-id
2ce0b073cce2f
via
1.1 varnish, 1.1 varnish
traceparent
00-00000000000000000002ce0b073cce2f-7dbebbfcfa424ec2-01
x-cache
MISS, MISS
paypal-debug-id
2ce0b073cce2f
cache-control
max-age=0, no-cache, no-store, must-revalidate
server-timing
content-encoding;desc="",x-cdn;desc="fastly"
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
0, 0
p3
c6.paypal.com/v1/r/d/b/ Frame BE5D 		0
0
collect
www.google-analytics.com/g/ 		0
0
ATB_fqeu89sv8ba3.js
identity.auth.atb.com/ATB/Bundles/js/ 		236 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://identity.auth.atb.com/ATB/Bundles/js/ATB_fqeu89sv8ba3.js
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.162.183.6 , United States, ASN55002 (DEFENSE-NET, US),
Reverse DNS
Software
/
Resource Hash
4b5e193ddaabfb1f8c3daf34663cb2c0bc5b2664a770612ea7e0b721506351e6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 24 Jan 2023 15:55:03 GMT
Content-Encoding
gzip
Via
1.1 google, 1.1 dca1-bit11044
Content-Type
application/javascript; charset=UTF-8
X-Ion-Hop
1
Cache-Control
no-cache, no-store, must-revalidate
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Expires
0
/
personal.atb.com/
Redirect Chain
  • https://www.atbonline.com/ATB/Themes/558450/5744869DEF9B13858.css
  • https://personal.atb.com/
0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://personal.atb.com/
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
H3
Server
34.107.145.12 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.145.107.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Redirect headers

Location
https://personal.atb.com
Server
BigIP
Connection
Keep-Alive
Content-Length
0
fonts.css
cloud.typography.com/6700732/6101192/css/ 		17 B
254 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cloud.typography.com/6700732/6101192/css/fonts.css
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.127.185.153 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-127-185-153.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
f2e53e56c4c3f42d0f7654ddedfa5cb642a4c2a6389435c6e4ae65fbfafd9f12

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Tue, 24 Jan 2023 15:55:03 GMT
Cache-Control
max-age=144
Server
AkamaiNetStorage
Connection
keep-alive
ETag
"f130fd70bd4cfa88cacd6d9b4c8c0f19:1645578808.921578"
Content-Length
17
Vary
Accept-Encoding
f26ba7188d.js
use.fontawesome.com/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/f26ba7188d.js
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12e7f8ca7ea72a8b13e8fe72b191a9da937ccbedf604c43c14c5eea999414cb0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
5BH5MPR3GJMG6J5B
age
2795
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
fpQIn+Y0o0ks1rkLl12L2KQl1tVCa2yH8IeDjv/lOsuHG7VKcpp6yjFSmSyt4Z9tOrtNeuLt3vM=
last-modified
Thu, 01 Jul 2021 20:17:15 GMT
server
cloudflare
etag
W/"efefb6fa0b93a5a4d8a40cd312d55868"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpvUx9zScXqbxkK7uKfH8RJsiW%2BECXDJPZGjVcyldCsNQCgIOYKjEkD%2B2%2FvVRNXjbPO6zq5ruG79Zk2OIZWbmFtqCyP4joa9YbPSAVLhHxYW9czU3nAw6nzWejYkegzTIGwhuItjEbisYHGRMmASFDWL"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=1800
cf-ray
78e9f3805b5ac411-EWR
css
fonts.googleapis.com/ 		10 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 24 Jan 2023 15:55:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 24 Jan 2023 15:12:44 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 24 Jan 2023 15:55:03 GMT
f26ba7188d.css
use.fontawesome.com/ 		1 KB
770 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/f26ba7188d.css
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/f26ba7188d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
005e80bfd14ddccc33b7df27c931b1f0e1bd7314ccfbb979681a0cd014293d58

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
PBZJP666XT6058FC
age
6284
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
mQPrLlAzdAVGPEfv916OFDn48fWDNL9/rx+rBQarZqYidUosQgUqhnsIsTwiUoTK+2WuKeP8O2c=
last-modified
Thu, 01 Jul 2021 20:17:15 GMT
server
cloudflare
etag
W/"bc125437cc478cc348a54b7c8fd22c7b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FFa4rY0kGb7UuOcrtxyz1gRI2C1oWaFZ%2BaAZ0b%2B0bGPkoiNMhHwKG1tl4reZMrkZxXVvgxRbbJvd%2FwUaiMdVF1vCv1CjEn1EF5iaMrduCjQriyO89yanDPsv7gz%2B3%2B6SMj6ofuG%2FFPwcwMJf3xPbzwW"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=1800
cf-ray
78e9f3822818c411-EWR
gtm.js
www.googletagmanager.com/ 		123 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KGVVNNM
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3a933ba9a967c23264f8b534dc7c558aef2ca8bc2896686cf01a2aab5fbf938d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47616
x-xss-protection
0
last-modified
Tue, 24 Jan 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 24 Jan 2023 15:55:03 GMT
css2
fonts.googleapis.com/ 		2 KB
655 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0370a4223069208a01c9a4c3f1ba1da1954f4bbad2ab3ec4467d29f7ff77a7b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 24 Jan 2023 15:55:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 24 Jan 2023 14:30:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 24 Jan 2023 15:55:03 GMT
atb-jewel-new.svg
verify.auth.atb.com/images/RebankWeb/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://verify.auth.atb.com/images/RebankWeb/atb-jewel-new.svg
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.4.36 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
36.4.120.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
20b28a52ddc5d86f4e2fd74734e7d0c28cfaf5bbe42112268b902aeb95928abe

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
via
1.1 google
last-modified
Fri, 13 Jan 2023 17:41:51 GMT
server
nginx/1.17.7
etag
"63c197df-1e21"
content-type
image/svg+xml
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7713
login-page-sketch.svg
verify.auth.atb.com/images/RebankWeb/ 		200 KB
201 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://verify.auth.atb.com/images/RebankWeb/login-page-sketch.svg
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/login?state=hKFo2SBiX1pnUDNUNHoxdGhGeUpRZC1MQWNVU3JQRWpYcVdLNaFupWxvZ2luo3RpZNkgSTNFMzBGendPUklSR2pPcl9aS3dJVG9kWk5PMVltOEajY2lk2SB6aEF4aU9GdjZjNWZDNG5pR0FIN3BMRkVncHRldjByQQ&client=zhAxiOFv6c5fC4niGAH7pLFEgptev0rA&protocol=oauth2&audience=https%3A%2F%2Fapi.atb.com%2F&redirect_uri=https%3A%2F%2Fpersonal.atb.com&realm=RetailPing&pmData=null&platformVersion=4337289b&session=6b38916683c84517a73d96a01fcdf8d9&scope=openid%20profile%20email&response_type=code&response_mode=query&nonce=aG5RcDl4MjVub09WWHdjNG0ycVBPUG9EN2U5LmxwSTVIVEN6SnZ5WjMtdQ%3D%3D&code_challenge=UTyNVvjS3LlwCfM_E4BHjRnD11ZN-1B_eXVHvus_vDU&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTUuMCJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.4.36 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
36.4.120.34.bc.googleusercontent.com
Software
nginx/1.17.7 /
Resource Hash
49b1f22cef3e4872343184e18aadba0a716668d5a6a39250347f1d509fe5c69b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://identity.auth.atb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
via
1.1 google
last-modified
Fri, 13 Jan 2023 17:41:51 GMT
server
nginx/1.17.7
etag
"63c197df-32095"
content-type
image/svg+xml
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
204949
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/f26ba7188d.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://use.fontawesome.com/f26ba7188d.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
XD2HSXKZQGHSER9V
age
677248
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
ONb43v5ZLH3IB1NYo3gefST1ES9o1Oxujnq2mS6ybT/ztE2xRys9/rf7xN3ljKBw/zJtRSuGI8Q=
last-modified
Wed, 30 Jun 2021 15:26:48 GMT
server
cloudflare
etag
W/"36082410df2ef7f83932219089dc1443"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T8z5yAuNU%2F0zIXaa3x2c03Guvl%2F7X3NKoDgd4Fz6fid02jKyW%2BUwuseAX9qt0dBE93gA2h7dqdjfXe0w0D1GVm44H6gppfoGftJV3qJJ8FfLOskBe6q8COeR%2FLaqn8c9vmA7KVRrjPXvV7AVqp%2FdXhJk"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=31556926
cf-ray
78e9f383195c8cb1-EWR
UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2
fonts.gstatic.com/s/inter/v12/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v12/UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://identity.auth.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 21 Jan 2023 18:21:04 GMT
x-content-type-options
nosniff
age
250439
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16708
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 21:02:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Jan 2024 18:21:04 GMT
fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.7.0/fonts/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v4.7.0/fonts/fontawesome-webfont.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/f26ba7188d.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://use.fontawesome.com/f26ba7188d.css
Origin
https://identity.auth.atb.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Tue, 24 Jan 2023 15:55:03 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
DSWDKNDKEHMF9HQB
age
1345510
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
77160
x-amz-id-2
PBhhUjVEhgbVx5PdonIBfzYFy5kWH9kBqkUm89t0mne7U3IJcpLl0b5M0HoQh3LbI0QTtwaExSo=
last-modified
Wed, 30 Jun 2021 15:26:48 GMT
server
cloudflare
etag
"af7ae505a9eed503f8b8e6982036873e"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/font-woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o3H8BQx5EEvmS0Egoa8l4gIccq413hjCc3mHwx8s3gen4jmJbayrhwMqelsPm%2FJJhF%2FLZ%2ByYpIBqaAhycozAzcEAVqd1CvNggHJ1z6meH4Xbw4VwfPac8yMmr4gojK4sFbQVGdscc9TW0vHE1PSINEx9"}],"group":"cf-nel","max_age":604800}
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
78e9f383af23c416-EWR
installations
firebaseinstallations.googleapis.com/v1/projects/pd-rebank-firebase/ 		624 B
678 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/pd-rebank-firebase/installations
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/ATB/Bundles/js/ATB_fqeu89sv8ba3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5edb3c6cf4d425ceb660364f7b52d6503548da7e230ce4a8bbd4a907388d6874
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
x-goog-api-key
AIzaSyDrj-ZVUQ4gNkzfszZ7V6eAq4UJS8ir9I0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
content-type
application/json

Response headers

date
Tue, 24 Jan 2023 15:55:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://identity.auth.atb.com
access-control-expose-headers
vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
488
x-xss-protection
0
installations
firebaseinstallations.googleapis.com/v1/projects/pd-rebank-firebase/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseinstallations.googleapis.com/v1/projects/pd-rebank-firebase/installations
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-goog-api-key
Access-Control-Request-Method
POST
Origin
https://identity.auth.atb.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-headers
content-type,x-goog-api-key
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://identity.auth.atb.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Tue, 24 Jan 2023 15:55:03 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
truncated
/ 		89 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
firebase:fetch
firebaseremoteconfig.googleapis.com/v1/projects/pd-rebank-firebase/namespaces/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://firebaseremoteconfig.googleapis.com/v1/projects/pd-rebank-firebase/namespaces/firebase:fetch?key=AIzaSyDrj-ZVUQ4gNkzfszZ7V6eAq4UJS8ir9I0
Requested by
Host: identity.auth.atb.com
URL: https://identity.auth.atb.com/ATB/Bundles/js/ATB_fqeu89sv8ba3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9ab884ec8ca195abd0d6d8f29d89d621ceb84f7b9bffcd3ace6d5e735d8c9c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Content-Encoding
gzip
Referer
If-None-Match
*
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 24 Jan 2023 15:55:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
etag
etag-pd-rebank-firebase-firebase-fetch--1712237379
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://identity.auth.atb.com
access-control-expose-headers
etag,vary,vary,vary,content-encoding,date,server,content-length
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3001
x-xss-protection
0
firebase:fetch
firebaseremoteconfig.googleapis.com/v1/projects/pd-rebank-firebase/namespaces/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://firebaseremoteconfig.googleapis.com/v1/projects/pd-rebank-firebase/namespaces/firebase:fetch?key=AIzaSyDrj-ZVUQ4gNkzfszZ7V6eAq4UJS8ir9I0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-encoding,content-type,if-none-match
Access-Control-Request-Method
POST
Origin
https://identity.auth.atb.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

access-control-allow-headers
content-encoding,content-type,if-none-match
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://identity.auth.atb.com
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
content-type
text/html
date
Tue, 24 Jan 2023 15:55:04 GMT
server
ESF
vary
origin referer x-origin
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
chd.stats.paypal.com
URL
https://chd.stats.paypal.com/v2/counter2.cgi?p=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda
Domain
c6.paypal.com
URL
https://c6.paypal.com/v1/r/d/b/p3?f=6b38916683c84517a73d96a01fcdf8d9&s=simility_rda
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/g/collect?v=2&tid=G-C84DLBZWXT&gtm=2oe1n0&_p=1007128290&cid=1911414916.1674575702&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1674575702&sct=1&seg=0&dl=https%3A%2F%2Fpersonal.atb.com%2F&dt=ATB%20Personal%20Banking&en=user_engagement&_et=1009

Verdicts & Comments Add Verdict or Comment

71 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| FontAwesomeCdnConfig string| cssUrl object| dataLayer function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| randrange function| detectIE function| genRandomNumber function| getRandomPort function| BlackberryLocationCollector function| detectFields function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector function| RSAUIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath function| convertTimestampToGMT function| getTimestampInMillis function| debug object| ProxyCollector string| SEP string| PAIR string| DEV string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus object| TimestampCollector object| UIEventCollector object| BrowserDetect function| forceIE89Synchronicity object| plugin string| t string| __RSA_DEVICE__ string| __RSA_GEO__ function| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| google_tag_manager

13 Cookies

Domain/Path Name / Value
identity.auth.atb.com/usernamepassword/login Name: _csrf
Value: rnJ79h1Km3hr8cm_k8BptDwR
.atb.com/ Name: _ga
Value: GA1.1.1911414916.1674575702
.c.paypal.com/ Name: sc_f
Value: NN77NSEZ5rtRPg6VH7TM7CdXviUZ9MhnHqiv4bnfX2bccVARgDYz9Y0MZLU_H3DAVQPHEVK_DIVcxgP5JS86Mgz9fyrJ3sIhmhtUk0
.paypal.com/ Name: KHcl0EuY7AKSMgfvHl7J5E7hPtK
Value: u_zyn9wJeXFrdz65xgJu1pZakFoMybB2Vw0ln2wMKkH3xxHTGH2rIt85EAJ1UczkSDrvvHn3s-k0AG4y
.paypal.com/ Name: l7_az
Value: dcg13.slc
identity.auth.atb.com/ Name: did
Value: s%3Av0%3A76a69db0-9bff-11ed-b51f-65be5b6520a2.o3FwKkCPmJOlwNEylNxEBie66824NlY4zy2bhS9aiSU
identity.auth.atb.com/ Name: auth0
Value: s%3AUgBnGDpIC2SLbHxONHjthixJ3Yi5InxQ.9J83aC9UF57wY14N%2FIRZDJz1UhSUR260gVyTeuaZGaU
identity.auth.atb.com/ Name: did_compat
Value: s%3Av0%3A76a69db0-9bff-11ed-b51f-65be5b6520a2.o3FwKkCPmJOlwNEylNxEBie66824NlY4zy2bhS9aiSU
identity.auth.atb.com/ Name: auth0_compat
Value: s%3AUgBnGDpIC2SLbHxONHjthixJ3Yi5InxQ.9J83aC9UF57wY14N%2FIRZDJz1UhSUR260gVyTeuaZGaU
.atb.com/ Name: _ga_C84DLBZWXT
Value: GS1.1.1674575702.1.0.1674575703.0.0.0
.atb.com/ Name: WQqMQak1
Value: A1tsfeSFAQAAZ6awCxcJ5SORfJKC2c1zAX6tiJtQvrInMQP1b9DBAJpPpXPfAZU4mbmucnyzwH8AAEB3AAAAAA|1|0|aa5b7ce400a08a593d15bd0ebcc697ca94736198
.atb.com/ Name: mp_e2b510632040fe085eb8391e85fd8c30_mixpanel
Value: %7B%22distinct_id%22%3A%20%22185e47d69b263e-0febc3097ae662-13363b7c-1d4c00-185e47d69b3c29%22%2C%22%24device_id%22%3A%20%22185e47d69b263e-0febc3097ae662-13363b7c-1d4c00-185e47d69b3c29%22%2C%22%24initial_referrer%22%3A%20%22https%3A%2F%2Fpersonal.atb.com%2F%22%2C%22%24initial_referring_domain%22%3A%20%22personal.atb.com%22%7D
.atb.com/ Name: authOrigin
Value:

2 Console Messages

Source Level URL
Text
rendering warning URL: https://identity.auth.atb.com/ATB/Bundles/js/ATB_fqeu89sv8ba3.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering warning URL: https://identity.auth.atb.com/ATB/Bundles/js/ATB_fqeu89sv8ba3.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' https://*.atb.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com https://*.stats.paypal.com data:; frame-src https://*.moneydesktop.com https://*.atb.com https://*.qualtrics.com https://*.atbonline.com https://c.paypal.com; script-src 'self' https://www.googletagmanager.com https://*.qualtrics.com https://*.postescanada-canadapost.ca https://c.paypal.com; style-src https://*.atb.com https://www.atbonline.com https://*.postescanada-canadapost.ca 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://api.avo.app https://*.mixpanel.com https://*.atb.com https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://*.postescanada-canadapost.ca; font-src https://*.atb.com 'self' https://fonts.gstatic.com https://*.postescanada-canadapost.ca data:; object-src 'none'; frame-ancestors https://*.atbprosper.com https://*.finn.ai https://*.atbcloud.net https://*.atb.com
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.paypal.com
c6.paypal.com
chd.stats.paypal.com
cloud.typography.com
firebaseinstallations.googleapis.com
firebaseremoteconfig.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
identity.auth.atb.com
personal.atb.com
use.fontawesome.com
verify.auth.atb.com
ws1.postescanada-canadapost.ca
www.atb.com
www.atbonline.com
www.google-analytics.com
www.googletagmanager.com
c6.paypal.com
chd.stats.paypal.com
www.google-analytics.com
104.127.185.153
107.162.183.6
142.241.241.10
151.101.65.35
2606:4700::6810:f577
2606:4700:e2::ac40:850f
2607:f8b0:4006:80c::2008
2607:f8b0:4006:81f::200a
2607:f8b0:4006:822::200a
2607:f8b0:4006:823::200e
2607:f8b0:4006:824::2003
34.107.145.12
34.120.4.36
35.241.48.88
005e80bfd14ddccc33b7df27c931b1f0e1bd7314ccfbb979681a0cd014293d58
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
0370a4223069208a01c9a4c3f1ba1da1954f4bbad2ab3ec4467d29f7ff77a7b0
12e7f8ca7ea72a8b13e8fe72b191a9da937ccbedf604c43c14c5eea999414cb0
15433806537e760d7d1052f0edf32c663b79b38b82494ad2bb7b50fb3288c614
1e18db5b3ed3453d32282c60eaf16b47359b32acf370ac0390fa42d36bed54b8
1ee374bf73203b1a8c380da90f45e3b3454de52abf20a3ef2d69125c5e404099
20b28a52ddc5d86f4e2fd74734e7d0c28cfaf5bbe42112268b902aeb95928abe
23d2f5d9f8ee87743e41b0a0dda24a81be734d9cb8118e2648c5d04491af5cb8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
390aedf9dffdc7e733a78d53636d60fd7e427765e21b422df68efba64f0180f5
3a933ba9a967c23264f8b534dc7c558aef2ca8bc2896686cf01a2aab5fbf938d
40a7f0dc9ecd558b2da98bb67d3257184530e713474922fde3254cfdcd21751c
41ab0f707a2bfab8133ccdfcdab52282f5f79e5751f43a264805451c7bb95fb8
42960a784b3bd2162275cc0358de874823617fa6ca14fceef45dd1055bd2c3e6
49b1f22cef3e4872343184e18aadba0a716668d5a6a39250347f1d509fe5c69b
4b5e193ddaabfb1f8c3daf34663cb2c0bc5b2664a770612ea7e0b721506351e6
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
55b488007da6bb6a78f753e631556ed5d368e2e462e43e71ea74010bcc67ced5
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
5edb3c6cf4d425ceb660364f7b52d6503548da7e230ce4a8bbd4a907388d6874
6c4133ff5eff0f23ca2f6fdaceea1d4dd3a91e499a0b0aef688b0f31206b0328
790c108befe859dac2ddbd20af3fbb6917c601b3d544c8a05761519f3b5508fe
7f91e443482a6f9c755c7c1fe7b96cd2cc7bbfce2a1e6710cfc2774a31f34be6
8aea5e6e7b9cf3d1f95a3c1f9add9e97994353b1379cd630e16560419ebaa8b7
8c6aed849a1905bcbfd003ec51ad4339ac8e239dc48dff2c8f11168f5abcd36b
9049b6cd2a18d27e2794ef8258ff3ff785ec341b52dcd255d512977036951bc7
96bb447987a336093996215e1bc19275bcc84590ef562cb9d8473ce9b0630b1e
987449e4b4b047f1d50a5d348541f0ad0f5b586dfaeed91af0ccca7d24dee6a7
98f6b4f4da738f024afca6ae46ce09c2547044aa1401a113dd0fc12fa93766cb
9ab884ec8ca195abd0d6d8f29d89d621ceb84f7b9bffcd3ace6d5e735d8c9c96
e36a1fa944a2cf64e5e2f63403b9255d3dfb833c7d8fb5906858538675f36cff
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8cbc2b88bc4268237ff5e251776d3c54edcb14e015a9e66e4883bde4b55f13f
f2e53e56c4c3f42d0f7654ddedfa5cb642a4c2a6389435c6e4ae65fbfafd9f12
f7142608137571fa30d3626aeeef3ba3cc1203a9c7c2f3bfdb0859055fcacb27
f94a0bd5d4c915dd7e1c6739f15b31d571ff441d4f5e62029734e25ac69fd6e9