wellnessproinsurance.citadelus.com Open in urlscan Pro
151.101.194.159 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://secure.hbassociation.com/
Effective URL:
https://wellnessproinsurance.citadelus.com/
Submission: On August 02 via automatic, source certstream-suspicious (August 2nd 2024, 10:03:01 pm UTC) — Scanned from DE

Summary HTTP 34 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 11 IPs in 2 countries across 12 domains to perform 34 HTTP transactions. The main IP is 151.101.194.159, located in San Francisco, United States and belongs to FASTLY, US. The main domain is wellnessproinsurance.citadelus.com.
TLS certificate: Issued by R11 on July 14th 2024. Valid for: 3 months.

This is the only time wellnessproinsurance.citadelus.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	40.112.243.115 40.112.243.115	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	50.115.19.181 50.115.19.181	53861 (AS-KGIX) (AS-KGIX)
11	151.101.194.159 151.101.194.159	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
5	23.213.161.196 23.213.161.196	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
34	11

1 40.112.243.115 (San Jose, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.hbassociation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.115.19.181 (United States) 1 redirects

ASN53861 (AS-KGIX, US)
PTR: fire-mx1.h50.us

www.wellnessproinsurance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.101.194.159 (San Francisco, United States)

ASN54113 (FASTLY, US)

wellnessproinsurance.citadelus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.213.161.196 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-196.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	citadelus.com wellnessproinsurance.citadelus.com	2 MB
5	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 963	138 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	382 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	160 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	74 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3123
1	google.de www.google.de — Cisco Umbrella Rank: 6716	111 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 176	20 B
1	google.com www.google.com — Cisco Umbrella Rank: 10
1	wellnessproinsurance.com 1 redirects www.wellnessproinsurance.com	940 B
1	hbassociation.com 1 redirects secure.hbassociation.com	533 B
34	12

	Domain	Requested by
11	wellnessproinsurance.citadelus.com	wellnessproinsurance.citadelus.com
5	analytics.tiktok.com	wellnessproinsurance.citadelus.com analytics.tiktok.com
4	www.googletagmanager.com	wellnessproinsurance.citadelus.com www.googletagmanager.com
4	connect.facebook.net	wellnessproinsurance.citadelus.com connect.facebook.net
2	www.facebook.com	wellnessproinsurance.citadelus.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.gstatic.com	www.googletagmanager.com www.gstatic.com
2	fonts.gstatic.com	wellnessproinsurance.citadelus.com
1	www.google.de	wellnessproinsurance.citadelus.com
1	www.googleadservices.com	1 redirects
1	www.google.com	wellnessproinsurance.citadelus.com
1	www.wellnessproinsurance.com	1 redirects
1	secure.hbassociation.com	1 redirects
34	13

This site contains links to these domains. Also see Links.

Domain
secure.namtassociation.com
www.mayoclinicproceedings.org
citadelus.com
www.facebook.com
www.instagram.com
www.tiktok.com

Subject Issuer	Validity	Valid
www.wellnessproinsurance.citadelus.com R11	`2024-07-14` - `2024-10-12`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-12` - `2024-08-10`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://wellnessproinsurance.citadelus.com/
Frame ID: 60A18D8E1F0F094A77C947E34ACB88B6
Requests: 36 HTTP requests in this frame

Frame: https://www.google.com/maps/embed/v1/place?q=2600+W+Executive+Pkwy%2C+Lehi%2C+UT+84043&key=AIzaSyD09zQ9PNDNNy9TadMuzRV_UsPUoWKntt8
Frame ID: 905B30A6DD1FCE730CF8DD73B2715858
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Beauty Bodywork Insurance for Wellness Specialists

Page URL History Show full URLs

https://secure.hbassociation.com/ HTTP 302
https://www.wellnessproinsurance.com/ HTTP 301
https://wellnessproinsurance.citadelus.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

34
Requests

97 %
HTTPS

62 %
IPv6

12
Domains

13
Subdomains

11
IPs

2
Countries

2775 kB
Transfer

4695 kB
Size

10
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.namtassociation.com/Account/LogOn
Title: Member Login

Search URL Search Domain Scan URL

URL: https://www.mayoclinicproceedings.org/article/S0025-6196(16)00043-4/abstract
Title: 2016 Mayo Clinic study

Search URL Search Domain Scan URL

URL: https://citadelus.com/wellnessproinsurance/aesthetician-esthetician/
Title: <img decoding="async" class="fl-photo-img wp-image-6941 size-full" src="https://wellnessproinsurance.citadelus.com/wp-content/uploads/2024/06/esthetician-beauty-liability-insurance.png" alt="Illustrated icon of a person with their head on a pillow and hands touching their face, as if receiving a massage or facial. Estheticians should not overlook the value of beauty liability insurance." itemprop="image" height="120" width="120" title="esthetician-beauty-liability-insurance" />

Search URL Search Domain Scan URL

URL: https://citadelus.com/wellnessproinsurance/blog/waxing-safety-and-dangers/
Title: bad waxes

Search URL Search Domain Scan URL

URL: https://secure.namtassociation.com/NamtApplication/PolicySelection
Title: Get Coverage Today

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wellnessproinsurance

Search URL Search Domain Scan URL

URL: https://www.instagram.com/wellnessproinsurance/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@wellnessproinsurance

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://secure.hbassociation.com/ HTTP 302
https://www.wellnessproinsurance.com/ HTTP 301
https://wellnessproinsurance.citadelus.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.googleadservices.com/pagead/conversion/11480875028/wcm?cc=ZZ&dn=8007766268&cl=U-6hCIaFkKUZEJSAweIq&dma=1&dma_cps=syphamo&npa=1&ct_eid=2 HTTP 302
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8007766268&cl=U-6hCIaFkKUZEJSAweIq&dma=1&dma_cps=syphamo

34 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
wellnessproinsurance.citadelus.com/
Redirect Chain

https://secure.hbassociation.com/
https://www.wellnessproinsurance.com/
https://wellnessproinsurance.citadelus.com/

258 KB
50 KB

92ms
9ms

Document
text/html

151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

de553f64342a3d301e001632e90dad17839d3b82e429cb6ba6d23677b73b5dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 50612
content-type: text/html; charset=UTF-8
date: Fri, 02 Aug 2024 22:02:55 GMT
fastly-restarts: 1
link: <https://wellnessproinsurance.citadelus.com/wp-json/>; rel="https://api.w.org/" <https://wellnessproinsurance.citadelus.com/wp-json/wp/v2/pages/1992>; rel="alternate"; title="JSON"; type="application/json" <https://wellnessproinsurance.citadelus.com/>; rel=shortlink
referrer-policy: no-referrer-when-downgrade
server: Flywheel/5.1.0
vary: Accept-Encoding
x-cache: MISS, HIT
x-cache-hits: 0, 0
x-cacheable: YES
x-content-type-options: nosniff
x-fw-dynamic: TRUE
x-fw-hash: kpoh3penj7
x-fw-serve: TRUE
x-fw-server: Flywheel/5.1.0
x-fw-static: NO
x-fw-type: VISIT
x-fw-version: 5.0.0
x-served-by: cache-fra-etou8220055-FRA, cache-fra-eddf8230111-FRA
x-timer: S1722636176.854835,VS0,VE3
x-xss-protection: 1

Redirect headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 707
content-type: text/html
date: Fri, 02 Aug 2024 22:02:55 GMT
location: https://wellnessproinsurance.citadelus.com/

GET
H2 200 fa-brands-400.woff2
wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/ 75 KB
75 KB 11ms
10ms Font
application/octet-stream 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
Origin: https://wellnessproinsurance.citadelus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:55 GMT
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, HIT
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-etou8220048-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 76736
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 26 Jul 2024 13:30:26 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.874818,VS0,VE3
etag: "66a3a4f2-12bc0"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: application/octet-stream
access-control-allow-origin: *
x-fw-serve: TRUE
cache-control: public, max-age=31536000
vary: Authorization
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 fa-regular-400.woff2
wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/ 13 KB
13 KB 364ms
363ms Font
application/octet-stream 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/fa-regular-400.woff2

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
Origin: https://wellnessproinsurance.citadelus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:56 GMT
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, MISS
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-etou8220107-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 13224
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 26 Jul 2024 13:30:26 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.875216,VS0,VE351
etag: "66a3a4f2-33a8"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: application/octet-stream
access-control-allow-origin: *
x-fw-serve: TRUE
cache-control: public, max-age=31536000
vary: Authorization
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 fa-solid-900.woff2
wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/ 76 KB
77 KB 10ms
9ms Font
application/octet-stream 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/fonts/fontawesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
Origin: https://wellnessproinsurance.citadelus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:55 GMT
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, HIT
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-eddf8230052-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 78268
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 26 Jul 2024 13:30:26 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.875195,VS0,VE2
etag: "66a3a4f2-131bc"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: application/octet-stream
access-control-allow-origin: *
x-fw-serve: TRUE
cache-control: public, max-age=31536000
vary: Authorization
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v26/ 32 KB
33 KB 32ms
7ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34208e63c50cc27f5c13b0c29629cf0561fa788f564a07f82cf877dc28e46b82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
Origin: https://wellnessproinsurance.citadelus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 12:02:55 GMT
x-content-type-options: nosniff
age: 295200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33148
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:39:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Jul 2025 12:02:55 GMT

GET
H2 200 1Ptxg8zYS_SKggPN4iEgvnHyvveLxVsEpbCIPrEVJz9d.woff2
fonts.gstatic.com/s/raleway/v34/ 17 KB
18 KB 39ms
14ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/raleway/v34/1Ptxg8zYS_SKggPN4iEgvnHyvveLxVsEpbCIPrEVJz9d.woff2

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d999d6a1162082bff55ea4679e93d20928d6fefe8ef327ff7a3e9fc8530d6b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
Origin: https://wellnessproinsurance.citadelus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 01 Aug 2024 21:32:25 GMT
x-content-type-options: nosniff
age: 88230
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17832
x-xss-protection: 0
last-modified: Wed, 01 May 2024 20:31:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Aug 2025 21:32:25 GMT

GET
H2 200 cropped-cropped-cropped-wellnesspro-logo150w.png
wellnessproinsurance.citadelus.com/wp-content/uploads/2024/01/ 6 KB
6 KB 10ms
9ms Image
image/png 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/uploads/2024/01/cropped-cropped-cropped-wellnesspro-logo150w.png

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

cd1259fa151c31e2def0779e0b9193075fd27e3e21c768ea2d8e0b8780840286

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, HIT
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-eddf8230077-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 5589
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 19 Jun 2024 14:02:22 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.875192,VS0,VE2
etag: W/"6672e4ee-160d"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: image/png
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 jquery.min.js Show response
wellnessproinsurance.citadelus.com/wp-includes/js/jquery/ 86 KB
33 KB 9ms
7ms Script
application/javascript 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, HIT
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-wie-etou8220174-WIE, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 33470
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 23 Jul 2024 16:30:19 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.892534,VS0,VE1
etag: W/"669fda9b-15601"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: application/javascript
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 lazyload.min.js Show response
wellnessproinsurance.citadelus.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/ 9 KB
3 KB 11ms
10ms Script
application/javascript 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, HIT
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-etou8220129-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 3253
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Jul 2024 20:31:19 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.892492,VS0,VE3
etag: W/"66997b97-22bc"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: application/javascript
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 a352491ab477032e7525bb637e914461.js Show response
wellnessproinsurance.citadelus.com/wp-content/cache/min/1/ 172 KB
45 KB 689ms
688ms Script
application/javascript 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/cache/min/1/a352491ab477032e7525bb637e914461.js

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

d0409612117cc068db17ef8cf7f100dc0ebc352ffa8ee45f5d42f1bc43e9e3d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, MISS
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-etou8220077-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 46249
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 02 Aug 2024 21:51:36 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.892711,VS0,VE681
etag: "66ad54e8-b4a9"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: application/javascript
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 31ms
9ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js?v=next

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d37d53952256c52106d10fbac76180166588f989a2e65e21deebf708dc341d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 02 Aug 2024 22:02:55 GMT
document-policy: force-load-at-top
x-fb-server-load: 29
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58860
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1328, tbw=2769, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: MNe+fQAFD0Me9EIpjlR7abIJo3/imvd3wjo+HZDPMoY5dwknu5hg/aegmTHkoW3YHdqK8lXvq+iGY83Av6ypZg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 285 KB
97 KB 50ms
27ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MDM7LXF8

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

184c03966bc16ca0cc977fd2546f853aa28881c95d9cb62f4c8e8a32af81b7ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 22:02:55 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99101
x-xss-protection: 0
last-modified: Fri, 02 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 02 Aug 2024 22:02:55 GMT

GET
H3 200 place
www.google.com/maps/embed/v1/ Frame 905B 0
0 331ms
317ms Document
text/html 2a00:1450:4001:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/maps/embed/v1/place?q=2600+W+Executive+Pkwy%2C+Lehi%2C+UT+84043&key=AIzaSyD09zQ9PNDNNy9TadMuzRV_UsPUoWKntt8

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-XPtdDbS1MO-BEL4ZC6QUEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 1002
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-XPtdDbS1MO-BEL4ZC6QUEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/geo-maps-api/1
content-type: text/html; charset=UTF-8
date: Fri, 02 Aug 2024 22:02:56 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: scaffolding on HTTPServer2
vary: Accept-Language Origin X-Origin Referer
x-content-type-options: nosniff
x-robots-tag: noindex,nofollow
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a61be0cc45b932d8ed18df968fe0e8d2c1f3b18714996b1f8cec862b267c48ee

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 11fcbd228e7d2b1ba69bf1863b629404fc8fc3ca082e24ac9995b7ba5c7bf1cd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f483dbdcb6e77a648b0db054f1280ff77387f137a7f18100a2e140d416695b6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
97 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z6H3GV0Y2R&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MDM7LXF8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ef64b25f70f20c125f9a42262d9609e6842434e1ce0cf0c502aced74746371fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99456
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 02 Aug 2024 22:02:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
97 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YC8E5PKH85&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MDM7LXF8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d386db6a751dc8d69a29ce31c55fd5fe6dc24c0da9091b35307ef317abf6513b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99385
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 02 Aug 2024 22:02:56 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 260 KB
90 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-11480875028&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MDM7LXF8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c8a6cab13911ee76e3c1caa7c08cfe9607078ac49f8cd4d6d42c82917e4ade9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 92011
x-xss-protection: 0
last-modified: Fri, 02 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 02 Aug 2024 22:02:56 GMT

GET
H2 200 loader.js Show response
www.gstatic.com/wcm/ 6 KB
3 KB 41ms
9ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/wcm/loader.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MDM7LXF8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 21:48:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 865
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2133
x-xss-protection: 0
last-modified: Wed, 20 Mar 2024 23:18:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Fri, 02 Aug 2024 22:48:31 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 168ms
140ms Script
application/javascript 23.213.161.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CMJBDSRC77UEKGPKFG40&lib=ttq
Requested by: Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-196.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 8f097379773f35f0da2853152088730810a58ee25decd79182c501273a4ec030

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 1e90dd38
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080222025678C098470FC04515EAE2-6B7FE216D5913452-00
x-cache: TCP_MISS from a23-213-160-196.deploy.akamaitechnologies.com (AkamaiGHost/11.6.0-57528057) (-)
server-timing: inner; dur=15, cdn-cache; desc=MISS, edge; dur=1, origin; dur=121
content-length: 2015
pragma: no-cache
server: nginx
x-tt-logid: 2024080222025678C098470FC04515EAE2
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 121,23.213.160.196
x-tt-trace-host: 017dc06d77903ca0ba5871c5dd190e1c9a45f37556cbb3cf3dce1c046626d81d7cc8870149d63c5bc02b50d4c72a004b9195e5bd6a0288e8f052491768a3d30ef901fcf7d33c8ea50f9f184a39d77dd3b03cc08d4cfb968d0f20e31b64207a79c9
expires: Fri, 02 Aug 2024 22:02:56 GMT

GET
H2 200 234823893763265 Show response
connect.facebook.net/signals/config/ 72 KB
15 KB 165ms
164ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/234823893763265?v=next&r=stable&domain=wellnessproinsurance.citadelus.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js?v=next

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e8edaa66978fc2422b68a50863bfc7f8bbc7c5689b299c5f16ad022a8e7b813c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 02 Aug 2024 22:02:56 GMT
document-policy: force-load-at-top
x-fb-server-load: 51
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=10, rtx=0, c=64, mss=1328, tbw=64382, tp=-1, tpl=-1, uplat=156, ullat=1
pragma: public
x-fb-debug: NbWvbwwGD7FiTBKeHBovAnqVqzp/kD/+II6pCk8kmD6x5VWnH8bIRzXb224zxpc5iLgNd/s6iKYUN2F/Gn5hQA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 beauty-bodywork-insurance-collage.png
wellnessproinsurance.citadelus.com/wp-content/uploads/2024/07/ 2 MB
2 MB 8ms
8ms Image
image/png 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/uploads/2024/07/beauty-bodywork-insurance-collage.png

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

fad4a55b347efc8521ca8b632847d24475ef70dec06957ba3e2f2c68da965f92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, HIT
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-etou8220146-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 1748753
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 10 Jul 2024 22:23:30 GMT
server: Flywheel/5.1.0
x-timer: S1722636176.029155,VS0,VE2
etag: W/"668f09e2-1ab34b"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: image/png
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 200 call-tracking_9.js Show response
www.gstatic.com/call-tracking/ 62 KB
21 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/call-tracking/call-tracking_9.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 11:52:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 295815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20777
x-xss-protection: 0
last-modified: Mon, 22 Jan 2024 22:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-telephony"
vary: Accept-Encoding
report-to: {"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 30 Jul 2025 11:52:41 GMT

GET
H3

200

wcm Show response
www.google.de/pagead/attribution/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/11480875028/wcm?cc=ZZ&dn=8007766268&cl=U-6hCIaFkKUZEJSAweIq&dma=1&dma_cps=syphamo&npa=1&ct_eid=2
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8007766268&cl=U-6hCIaFkKUZEJSAweIq&dma=1&dma_cps=syphamo

80 B
111 B

33ms
16ms

XHR
application/json

2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8007766268&cl=U-6hCIaFkKUZEJSAweIq&dma=1&dma_cps=syphamo

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: null
content-type: application/json; charset=UTF-8
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87
x-xss-protection: 0

Redirect headers

date: Fri, 02 Aug 2024 22:02:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=8007766268&cl=U-6hCIaFkKUZEJSAweIq&dma=1&dma_cps=syphamo
access-control-allow-origin: https://wellnessproinsurance.citadelus.com
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 43ms
15ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z6H3GV0Y2R&gtm=45je47v0v9174866906z89174830254za200zb9174830254&_p=1722636175889&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250753&cid=1667858024.1722636176&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1722636176&sct=1&seg=0&dl=https%3A%2F%2Fwellnessproinsurance.citadelus.com%2F&dt=Beauty%20Bodywork%20Insurance%20for%20Wellness%20Specialists&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1861
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z6H3GV0Y2R&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Aug 2024 22:02:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://wellnessproinsurance.citadelus.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 22ms
15ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-YC8E5PKH85&gtm=45je47v0v9174867678z89174830254za200zb9174830254&_p=1722636175889&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=95250753&cid=1667858024.1722636176&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1722636176&sct=1&seg=0&dl=https%3A%2F%2Fwellnessproinsurance.citadelus.com%2F&dt=Beauty%20Bodywork%20Insurance%20for%20Wellness%20Specialists&en=page_view&_fv=1&_ss=1&tfd=1882
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YC8E5PKH85&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 02 Aug 2024 22:02:56 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://wellnessproinsurance.citadelus.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 main.MTc2ZTRjM2Y4MQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 336 KB
95 KB 26ms
26ms Script
application/javascript 23.213.161.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc2ZTRjM2Y4MQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CMJBDSRC77UEKGPKFG40&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-196.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: bee3c126b83a3399e8cf9b0b113cf726594512e9628e2a53864c56af0f309f52

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 1e90df9e
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407310102509EEC3CC9D9C5F9D2FF2A
x-tt-trace-id: 00-2407310102509EEC3CC9D9C5F9D2FF2A-69E6B1B8CC099C75-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-196.deploy.akamaitechnologies.com (AkamaiGHost/11.6.0-57528057) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 0122a0e0ac302dc48edf6d14ca4af477011cf32aa34eb5d3d3c82afaab458720b8f01729e804c0592f199ccdad4384844702a6567d8a5f1b05aa7dce66b349fd56d9841e41ef502d326bb273628669f730932cd54ff13ccd5e7c5bc5fd734d3429
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length: 96672

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 38ms
6ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=234823893763265&ev=PageView&dl=https%3A%2F%2Fwellnessproinsurance.citadelus.com%2F&rl=&if=false&ts=1722636176207&sw=1600&sh=1200&v=next&r=stable&ec=0&o=4126&fbp=fb.1.1722636176205.399207739463254111&cs_est=true&ler=empty&cdl=API_unavailable&it=1722636176025&coo=false&rqm=GET

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=2819, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 02 Aug 2024 22:02:56 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 207ms
177ms Image
image/png 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=234823893763265&ev=PageView&dl=https%3A%2F%2Fwellnessproinsurance.citadelus.com%2F&rl=&if=false&ts=1722636176207&sw=1600&sh=1200&v=next&r=stable&ec=0&o=4126&fbp=fb.1.1722636176205.399207739463254111&cs_est=true&ler=empty&cdl=API_unavailable&it=1722636176025&coo=false&rqm=FGET

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 02 Aug 2024 22:02:56 GMT
document-policy: force-load-at-top
x-fb-server-load: 23
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7398666040181707945", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=11, rtx=0, c=14, mss=1328, tbw=3136, tp=-1, tpl=-1, uplat=168, ullat=0
pragma: no-cache
x-fb-debug: z1KPUv8xtD+D5ZOELtmL+rW1eRR0VoxMDRElyFY4NAb64P/UJkHyfiWJC0/odE68U/KRZcd25MhIwihclHm0kw==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7398666040181707945"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 11ms
11ms Script
application/javascript 23.213.161.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc2ZTRjM2Y4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-196.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 1e90e08c
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024072912414041BEF713A10515498A8A
x-tt-trace-id: 00-24072912414041BEF713A10515498A8A-76321873C839D803-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-213-160-196.deploy.akamaitechnologies.com (AkamaiGHost/11.6.0-57528057) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 010f3c36e76c23e163926355f9465f739e1ffd158a2d6d6eca9ddf51aff38e2f7cad14437ea9fea3d1028d5dbb4cb8dd10b788590c290ab3a53dc8ffce7e33d9681c902f5b541e3b33a1eb049375c764243a419d982af9e7109e43d176e75c2b52
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=14
content-length: 39442

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
702 B 164ms
163ms Ping
text/plain 23.213.161.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc2ZTRjM2Y4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-196.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 1e90e0c1
date: Fri, 02 Aug 2024 22:02:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24080222025651F792E3EE3DCC15D552-0AAEC6EFD1915E84-00
x-cache: TCP_MISS from a23-213-160-196.deploy.akamaitechnologies.com (AkamaiGHost/11.6.0-57528057) (-)
server-timing: inner; dur=24, cdn-cache; desc=MISS, edge; dur=9, origin; dur=135
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024080222025651F792E3EE3DCC15D552
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 136,23.213.160.196
x-tt-trace-host: 017dc06d77903ca0ba5871c5dd190e1c9a45f37556cbb3cf3dce1c046626d81d7c3434c7a2a997a3e2f3f2b714ce5252563a771d1d72e56e6906ad3d0cf5aa91296fe474afbab2a942c5d8c1dc0014092b92f729eb9d45bf4707c2c3fcbe318f71
access-control-allow-headers: Authorization,*
expires: Fri, 02 Aug 2024 22:02:56 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
847 B 357ms
353ms Ping
text/plain 23.213.161.196
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTc2ZTRjM2Y4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.196 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-196.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 5c5137ae.1e90e437
date: Fri, 02 Aug 2024 22:02:56 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408022202566F5964DA8CF7391C0C3D-0DC30FB8C8BBAA99-00
x-cache: TCP_MISS from a23-213-160-196.deploy.akamaitechnologies.com (AkamaiGHost/11.6.0-57528057) (-)
x-parent-response-time: 316,23.213.160.196
server-timing: cdn-cache; desc=MISS, edge; dur=105, origin; dur=228, inner; dur=17
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408022202566F5964DA8CF7391C0C3D
x-cache-remote: TCP_MISS from a23-220-104-215.deploy.akamaitechnologies.com (AkamaiGHost/11.6.0-57528057) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 228,23.220.104.215
x-tt-trace-host: 017dc06d77903ca0ba5871c5dd190e1c9a2d83ca9f1e3059f875f16d006bb8b4e89b511626f352795d44f9fb7ff8b17545a8613fa451f38e64ea267438c2aa263a6877c7cad1242993329153d706748ba317b83310b8fa4ed6f033ad22db6e86d1a5a652b375ec0f44f97902c3f4f9c5a0
access-control-allow-headers: Authorization,*
expires: Fri, 02 Aug 2024 22:02:56 GMT

GET
H3 200 openbridge3.js Show response
connect.facebook.net/signals/plugins/ 241 KB
82 KB 10ms
10ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/openbridge3.js?v=next

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js?v=next

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cf6b79723974435fb16cb8c6075e58ffa69234251c7431627fd92915e50edd33

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 02 Aug 2024 22:02:56 GMT
document-policy: force-load-at-top
x-fb-server-load: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 84284
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4693, tp=12, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: UJgF8fjzvnWPTsORwiQlsr31hh4H2uzEics7mtO69hGSA5n5vriVgj8U5vJIS3agj0FwGDgwjydvQMqZCtNhxQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 1110646916764254 Show response
connect.facebook.net/signals/config/ 23 KB
3 KB 99ms
99ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1110646916764254?v=next&r=stable&domain=wellnessproinsurance.citadelus.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C195%2C194%2C196%2C201%2C202%2C203%2C199%2C191%2C128%2C130%2C158%2C190%2C192%2C119%2C152%2C141%2C146%2C184%2C185%2C125%2C227%2C113%2C123%2C124%2C228%2C160%2C116%2C230%2C161%2C132%2C120%2C149%2C144

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js?v=next

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b51be5a97ebe590a23d3801537cd7bc3719418e6053a02f551a8dbbd7d5e33bf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 02 Aug 2024 22:02:56 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=87, mss=1232, tbw=93157, tp=85, tpl=0, uplat=90, ullat=0
pragma: public
x-fb-debug: PbtS9GWKaeCIjbA+7xa9nZrCzb4tIPtzgjBjnR32FGvPzC2zYojn7TstHbSsKfDIOdSWkAhdnQoVxsLHu3eEWw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bx_loader.gif
wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/img/bxslider/ 8 KB
7 KB 138ms
137ms Image
image/gif 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wellnessproinsurance.citadelus.com/wp-content/plugins/bb-plugin/img/bxslider/bx_loader.gif

Requested by

Host: wellnessproinsurance.citadelus.com
URL: https://wellnessproinsurance.citadelus.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: YES
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, MISS
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-etou8220033-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 6913
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 26 Jul 2024 13:30:26 GMT
server: Flywheel/5.1.0
x-timer: S1722636177.604154,VS0,VE130
etag: W/"66a3a4f2-2185"
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: image/gif
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2 404 favicon.ico
wellnessproinsurance.citadelus.com/ 548 B
378 B 134ms
134ms Other
text/html 151.101.194.159
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://wellnessproinsurance.citadelus.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.159 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Flywheel/5.1.0 /

Resource Hash

d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://wellnessproinsurance.citadelus.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fw-static: NO
date: Fri, 02 Aug 2024 22:02:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cacheable: YES
x-fw-server: Flywheel/5.1.0
x-cache: MISS, MISS
fastly-restarts: 1
x-xss-protection: 1
x-served-by: cache-fra-eddf8230158-FRA, cache-fra-eddf8230111-FRA
x-fw-type: VISIT
content-length: 169
referrer-policy: no-referrer-when-downgrade
server: Flywheel/5.1.0
x-timer: S1722636177.744590,VS0,VE126
x-fw-hash: kpoh3penj7
x-fw-version: 5.0.0
content-type: text/html
vary: Accept-Encoding, Authorization
x-fw-serve: TRUE
accept-ranges: bytes
x-cache-hits: 0, 0

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.secure.hbassociation.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: 934e69ff9500c72c2e447942af823be32d4be320180214c4affa943e836fa764
.secure.hbassociation.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 934e69ff9500c72c2e447942af823be32d4be320180214c4affa943e836fa764
.citadelus.com/	1970-01-21 00:40:12	Name: _gcl_au Value: 1.1.2008349174.1722636176
.citadelus.com/	1970-01-21 08:06:36	Name: _ga_Z6H3GV0Y2R Value: GS1.1.1722636176.1.0.1722636176.0.0.0
.citadelus.com/	1970-01-21 08:06:36	Name: _ga Value: GA1.1.1667858024.1722636176
.citadelus.com/	1970-01-21 08:06:36	Name: _ga_YC8E5PKH85 Value: GS1.1.1722636176.1.0.1722636176.0.0.0
.tiktok.com/	1970-01-21 07:52:12	Name: _ttp Value: 2k7YeNq6DMj7Dx2vpp4r5cOtKp7
.citadelus.com/	1970-01-21 00:40:12	Name: _fbp Value: fb.1.1722636176205.399207739463254111
.citadelus.com/	1970-01-21 07:52:12	Name: _tt_enable_cookie Value: 1
.citadelus.com/	1970-01-21 07:52:12	Name: _ttp Value: bNfjTtc2UlC-usx9Tm5zLWSOyXM

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wellnessproinsurance.citadelus.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
connect.facebook.net
fonts.gstatic.com
region1.google-analytics.com
secure.hbassociation.com
wellnessproinsurance.citadelus.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.wellnessproinsurance.com
142.250.185.130
151.101.194.159
2001:4860:4802:34::36
23.213.161.196
2a00:1450:4001:809::2003
2a00:1450:4001:81d::2004
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2008
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
40.112.243.115
50.115.19.181
11fcbd228e7d2b1ba69bf1863b629404fc8fc3ca082e24ac9995b7ba5c7bf1cd
184c03966bc16ca0cc977fd2546f853aa28881c95d9cb62f4c8e8a32af81b7ba
2f483dbdcb6e77a648b0db054f1280ff77387f137a7f18100a2e140d416695b6
34208e63c50cc27f5c13b0c29629cf0561fa788f564a07f82cf877dc28e46b82
3d37d53952256c52106d10fbac76180166588f989a2e65e21deebf708dc341d8
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
670f77f11cb4c747f5de1affa5b53687cf7a20d1eaf99b0ef5c9c60858aefa55
6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a
6d8f8fd6de0b42e3acc7b2f3005c599e9f54d21355c3d6850a5c13daca10d5ad
8ea8791754915a898a3100e63e32978a6d1763be6df8e73a39d3a90d691cdeef
8f097379773f35f0da2853152088730810a58ee25decd79182c501273a4ec030
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
a61be0cc45b932d8ed18df968fe0e8d2c1f3b18714996b1f8cec862b267c48ee
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b51be5a97ebe590a23d3801537cd7bc3719418e6053a02f551a8dbbd7d5e33bf
bee3c126b83a3399e8cf9b0b113cf726594512e9628e2a53864c56af0f309f52
c8a6cab13911ee76e3c1caa7c08cfe9607078ac49f8cd4d6d42c82917e4ade9b
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cd1259fa151c31e2def0779e0b9193075fd27e3e21c768ea2d8e0b8780840286
cf6b79723974435fb16cb8c6075e58ffa69234251c7431627fd92915e50edd33
d0409612117cc068db17ef8cf7f100dc0ebc352ffa8ee45f5d42f1bc43e9e3d1
d386db6a751dc8d69a29ce31c55fd5fe6dc24c0da9091b35307ef317abf6513b
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
d999d6a1162082bff55ea4679e93d20928d6fefe8ef327ff7a3e9fc8530d6b66
de553f64342a3d301e001632e90dad17839d3b82e429cb6ba6d23677b73b5dcc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e42a88444448ac3d60549cc7c1ff2c8a9cac721034c073d80a14a44e79730cca
e8edaa66978fc2422b68a50863bfc7f8bbc7c5689b299c5f16ad022a8e7b813c
ef64b25f70f20c125f9a42262d9609e6842434e1ce0cf0c502aced74746371fb
f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a
fad4a55b347efc8521ca8b632847d24475ef70dec06957ba3e2f2c68da965f92

wellnessproinsurance.citadelus.com Open in urlscan Pro 151.101.194.159 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

34 Requests

97 %HTTPS

62 %IPv6

12 Domains

13 Subdomains

11 IPs

2 Countries

2775 kBTransfer

4695 kBSize

10 Cookies

8 Outgoing links

Page URL History

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

wellnessproinsurance.citadelus.com Open in urlscan Pro
151.101.194.159 Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

97 %
HTTPS

62 %
IPv6

12
Domains

13
Subdomains

11
IPs

2
Countries

2775 kB
Transfer

4695 kB
Size

10
Cookies

34 HTTP transactions
3 data transactions